cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a buffer overflow in the file information reader of VCF files.

Browse Source 
See http://www.kde.org/info/security/advisory-20040114-1.txt and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988 for more info.

Bump PORTREVISION as this is a strongly recommended patch.  This approach
is simpler than upgrading all KDE ports to 3.1.5, since we're going to
upgrade them to 3.2 in under a month anyway.

Submitted by:	Andy Fawcett <andy@athame.co.uk>
This commit is contained in:
Will Andrews 2004-01-15 05:24:57 +00:00
parent 0c8cf8b502
commit ed7d0c6125
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=98180
6 changed files with 75 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
deskutils/kdepim3/Makefile
View File

@ -7,6 +7,7 @@
PORTNAME= kdepim
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
CATEGORIES= deskutils kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION}/src

24
deskutils/kdepim3/files/patch-vcf-kfile_vcf.cpp Normal file
View File

@ -0,0 +1,24 @@
--- kfile-plugins/vcf/kfile_vcf.cpp 2003-07-16 21:12:41.000000000 +0200
+++ kfile-plugins/vcf/kfile_vcf.cpp 2003-12-16 15:38:20.000000000 +0100
@@ -90,17 +90,17 @@
while (!done) {
// read a line
- file.readLine(linebuf, 4096);
+ file.readLine(linebuf, sizeof(linebuf));
// have we got something useful?
if (memcmp(linebuf, id_name, 3) == 0) {
// we have a name
myptr = linebuf + 3;
- strncpy(buf_name, myptr, 999);
+ strlcpy(buf_name, myptr, sizeof( buf_name ));
} else if (memcmp(linebuf, id_email, 15) == 0) {
// we have a name
myptr = linebuf + 15;
- strncpy(buf_email, myptr, 999);
+ strlcpy(buf_email, myptr, sizeof( buf_email ));
}
// are we done yet?

1
deskutils/kdepim4/Makefile
View File

@ -7,6 +7,7 @@
PORTNAME= kdepim
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
CATEGORIES= deskutils kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION}/src

24
deskutils/kdepim4/files/patch-vcf-kfile_vcf.cpp Normal file
View File

@ -0,0 +1,24 @@
--- kfile-plugins/vcf/kfile_vcf.cpp 2003-07-16 21:12:41.000000000 +0200
+++ kfile-plugins/vcf/kfile_vcf.cpp 2003-12-16 15:38:20.000000000 +0100
@@ -90,17 +90,17 @@
while (!done) {
// read a line
- file.readLine(linebuf, 4096);
+ file.readLine(linebuf, sizeof(linebuf));
// have we got something useful?
if (memcmp(linebuf, id_name, 3) == 0) {
// we have a name
myptr = linebuf + 3;
- strncpy(buf_name, myptr, 999);
+ strlcpy(buf_name, myptr, sizeof( buf_name ));
} else if (memcmp(linebuf, id_email, 15) == 0) {
// we have a name
myptr = linebuf + 15;
- strncpy(buf_email, myptr, 999);
+ strlcpy(buf_email, myptr, sizeof( buf_email ));
}
// are we done yet?

1
deskutils/kdepim44/Makefile
View File

@ -7,6 +7,7 @@
PORTNAME= kdepim
PORTVERSION= ${KDE_VERSION}
PORTREVISION= 1
CATEGORIES= deskutils kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION}/src

24
deskutils/kdepim44/files/patch-vcf-kfile_vcf.cpp Normal file
View File

@ -0,0 +1,24 @@
--- kfile-plugins/vcf/kfile_vcf.cpp 2003-07-16 21:12:41.000000000 +0200
+++ kfile-plugins/vcf/kfile_vcf.cpp 2003-12-16 15:38:20.000000000 +0100
@@ -90,17 +90,17 @@
while (!done) {
// read a line
- file.readLine(linebuf, 4096);
+ file.readLine(linebuf, sizeof(linebuf));
// have we got something useful?
if (memcmp(linebuf, id_name, 3) == 0) {
// we have a name
myptr = linebuf + 3;
- strncpy(buf_name, myptr, 999);
+ strlcpy(buf_name, myptr, sizeof( buf_name ));
} else if (memcmp(linebuf, id_email, 15) == 0) {
// we have a name
myptr = linebuf + 15;
- strncpy(buf_email, myptr, 999);
+ strlcpy(buf_email, myptr, sizeof( buf_email ));
}
// are we done yet?