freebsd-ports/comms/hylafax/files/patch-ag
Alexander Langer 3f08af39e0 Update to version 4.1.b2, the latest stable release (dispite the "beta" flag),
which officially fixes the setuid security exploit by the vendors.

Additionally, from the PR:

*       adds in distribution patches to allow it to interoperate
        with libtiff-3.5.5 (the current version in the ports tree),
        and replace an original FreeBSD patch.

*       includes security patches (replacements of 'strcpy' and
        'sprintf', primarily), mostly based on patches originally
        submitted by Alex Langer [1] for 4.0pl2 and not yet commited,
        although some new work was done too.

[1] I don't think, that these were my patches but those submitted by
John Holland <john@zoner.org> in PR 19180.

*       Fixes some issues with the configure/setup scripts introduced
        since the previous version.

*       Additionally, original FreeBSD patches from 4.0pl2 were
        merged in where they were not addressed by anything else.
        (except the I18N patch, sorry).

I removed the FORBIDDEN line since there are at least no obvious security
concerns left.

PR:		19237
Submitted by:	Andy Sparrow <andy@geek4food.org>
2000-06-27 11:59:36 +00:00

70 lines
1.8 KiB
Plaintext

diff -ruN port/syslog.c.orig port/syslog.c
--- port/syslog.c.orig Mon Oct 12 13:47:50 1998
+++ port/syslog.c Mon Jun 12 21:52:41 2000
@@ -88,7 +88,7 @@
register int cnt;
register char *p;
time_t now, time();
- int fd, saved_errno;
+ int fd, saved_errno, n;
char tbuf[2048], fmt_cpy[1024], *stdp, *ctime();
/* check for invalid bits or no priority set */
@@ -104,21 +104,21 @@
/* build the message */
(void)time(&now);
- (void)sprintf(tbuf, "<%d>%.15s ", pri, ctime(&now) + 4);
- for (p = tbuf; *p; ++p);
+ (void)snprintf(tbuf, sizeof(tbuf), "<%d>%.15s ", pri, ctime(&now) + 4);
+ for (p = tbuf; *p; ++p, n++);
if (LogStat & LOG_PERROR)
stdp = p;
if (LogTag) {
- (void)strcpy(p, LogTag);
+ (void)strlcpy(p, LogTag, sizeof(tbuf) - n);
for (; *p; ++p);
}
if (LogStat & LOG_PID) {
- (void)sprintf(p, "[%d]", getpid());
+ (void)snprintf(p, sizeof(tbuf) - n, "[%d]", getpid());
for (; *p; ++p);
}
if (LogTag) {
- *p++ = ':';
- *p++ = ' ';
+ *p++ = ':'; n++;
+ *p++ = ' '; n++;
}
/* substitute error message for %m */
@@ -137,7 +137,7 @@
*t1 = '\0';
}
- (void)vsprintf(p, fmt_cpy, ap);
+ (void)vsnprintf(p, sizeof(tbuf) - n, fmt_cpy, ap);
cnt = strlen(tbuf);
@@ -170,7 +170,7 @@
* is the one from the syslogd failure.
*/
if ((fd = open(_PATH_CONSOLE, O_WRONLY, 0)) >= 0) {
- (void)strcat(tbuf, "\r\n");
+ (void)strlcat(tbuf, "\r\n", sizeof(tbuf));
cnt += 2;
p = index(tbuf, '>') + 1;
(void)write(fd, p, cnt - (p - tbuf));
diff -ruN port/vsyslog.c.orig port/vsyslog.c
--- port/vsyslog.c.orig Mon Oct 12 13:47:50 1998
+++ port/vsyslog.c Mon Jun 12 21:52:41 2000
@@ -49,6 +49,6 @@
*cp++ = c;
*cp = '\0';
}
- (void) vsprintf(tbuf, fmt_cpy, ap);
+ (void) vnsprintf(tbuf, sizeof(tbuf), fmt_cpy, ap);
(void) syslog(pri, "%s", tbuf);
}