From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Apr 6 07:10:18 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DA3C16A422 for ; Thu, 6 Apr 2006 07:10:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21A0343D46 for ; Thu, 6 Apr 2006 07:10:18 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k367AHkb092233 for ; Thu, 6 Apr 2006 07:10:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k367AHtJ092232; Thu, 6 Apr 2006 07:10:17 GMT (envelope-from gnats) Resent-Date: Thu, 6 Apr 2006 07:10:17 GMT Resent-Message-Id: <200604060710.k367AHtJ092232@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Petr Rehor Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B025216A41F; Thu, 6 Apr 2006 07:07:28 +0000 (UTC) (envelope-from reho@rx.cz) Received: from charon.rx.cz (199.106.broadband4.iol.cz [85.71.106.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id C245043D45; Thu, 6 Apr 2006 07:07:26 +0000 (GMT) (envelope-from reho@rx.cz) Received: from charon.rx.cz (localhost [127.0.0.1]) by charon.rx.cz (8.13.4/8.13.4) with ESMTP id k3677Os4043132; Thu, 6 Apr 2006 09:07:25 +0200 (CEST) (envelope-from reho@199.106.broadband4.iol.cz) Received: (from root@localhost) by charon.rx.cz (8.13.4/8.13.4/Submit) id k3677OGG043131; Thu, 6 Apr 2006 09:07:24 +0200 (CEST) (envelope-from reho) Message-Id: <200604060707.k3677OGG043131@charon.rx.cz> Date: Thu, 6 Apr 2006 09:07:24 +0200 (CEST) From: Petr Rehor To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: jmz@FreeBSD.org Subject: ports/95397: [patch] archivers/zoo buffer overflow fix X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Petr Rehor List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2006 07:10:18 -0000 >Number: 95397 >Category: ports >Synopsis: [patch] archivers/zoo buffer overflow fix >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Apr 06 07:10:12 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Petr Rehor >Release: FreeBSD 6.0-RELEASE-c3 i386 >Organization: >Environment: System: FreeBSD charon.rx.cz 6.0-RELEASE-c3 FreeBSD 6.0-RELEASE-c3 #0: Tue Nov 8 20:44:39 UTC 2005 root@marvin.rx.cz:/usr/obj/usr/src/sys/GENERIC i386 >Description: archivers/zoo contains exploitable buffer overflows. This update brings patch from original advisory to FreeBSD port and bump PORTREVISION. Port maintainer is Cc'ed. References: - http://www.guay-leroux.com/projects/zoo-advisory.txt - http://www.freebsd.org/ports/portaudit/d9307a41-c4d7-11da-b2fb-000e0c2e438a.html >How-To-Repeat: >Fix: --- zoo.diff begins here --- diff -urN /usr/ports/archivers/zoo/Makefile Makefile --- /usr/ports/archivers/zoo/Makefile Tue Nov 15 22:57:44 2005 +++ Makefile Thu Apr 6 08:47:30 2006 @@ -7,7 +7,7 @@ PORTNAME= zoo PORTVERSION= 2.10.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= archivers MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/ DISTNAME= zoo-2.10pl1 diff -urN /usr/ports/archivers/zoo/files/patch-misc.c files/patch-misc.c --- /usr/ports/archivers/zoo/files/patch-misc.c Thu Jan 1 01:00:00 1970 +++ files/patch-misc.c Thu Apr 6 08:45:48 2006 @@ -0,0 +1,20 @@ +--- misc.c.orig Tue Jul 16 17:52:54 1991 ++++ misc.c Thu Apr 6 08:45:41 2006 +@@ -135,11 +135,16 @@ + char *fullpath (direntry) + struct direntry *direntry; + { +- static char result[PATHSIZE]; ++ static char result[PATHSIZE+PATHSIZE+12]; /* Room for enough space */ + combine (result, + direntry->dirlen != 0 ? direntry->dirname : "", + (direntry->namlen != 0) ? direntry->lfname : direntry->fname + ); ++ ++ if (strlen (result) >= PATHSIZE) { ++ prterror ('f', "Combined dirname and filename too long\n"); ++ } ++ + return (result); + } + --- zoo.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: