3f08af39e0
which officially fixes the setuid security exploit by the vendors.
Additionally, from the PR:
* adds in distribution patches to allow it to interoperate
with libtiff-3.5.5 (the current version in the ports tree),
and replace an original FreeBSD patch.
* includes security patches (replacements of 'strcpy' and
'sprintf', primarily), mostly based on patches originally
submitted by Alex Langer [1] for 4.0pl2 and not yet commited,
although some new work was done too.
[1] I don't think, that these were my patches but those submitted by
John Holland <john@zoner.org> in PR 19180.
* Fixes some issues with the configure/setup scripts introduced
since the previous version.
* Additionally, original FreeBSD patches from 4.0pl2 were
merged in where they were not addressed by anything else.
(except the I18N patch, sorry).
I removed the FORBIDDEN line since there are at least no obvious security
concerns left.
PR: 19237
Submitted by: Andy Sparrow <andy@geek4food.org>
136 lines
4.3 KiB
Plaintext
136 lines
4.3 KiB
Plaintext
diff -ruN hfaxd/HylaFAXServer.c++.orig hfaxd/HylaFAXServer.c++
|
|
--- hfaxd/HylaFAXServer.c++.orig Sun Jun 13 00:41:13 1999
|
|
+++ hfaxd/HylaFAXServer.c++ Mon Jun 12 21:52:40 2000
|
|
@@ -161,9 +161,9 @@
|
|
{
|
|
char fmt[128];
|
|
if (module != NULL)
|
|
- sprintf(fmt, "%s: Warning, %s.", module, fmt0);
|
|
+ snprintf(fmt, sizeof(fmt), "%s: Warning, %s.", module, fmt0);
|
|
else
|
|
- sprintf(fmt, "Warning, %s.", fmt0);
|
|
+ snprintf(fmt, sizeof(fmt), "Warning, %s.", fmt0);
|
|
vlogError(fmt, ap);
|
|
}
|
|
|
|
@@ -172,9 +172,9 @@
|
|
{
|
|
char fmt[128];
|
|
if (module != NULL)
|
|
- sprintf(fmt, "%s: Warning, %s.", module, fmt0);
|
|
+ snprintf(fmt, sizeof(fmt), "%s: Warning, %s.", module, fmt0);
|
|
else
|
|
- sprintf(fmt, "Warning, %s.", fmt0);
|
|
+ snprintf(fmt, sizeof(fmt), "Warning, %s.", fmt0);
|
|
vlogWarning(fmt, ap);
|
|
}
|
|
|
|
@@ -530,7 +530,7 @@
|
|
filename, line);
|
|
seqnum = 1;
|
|
}
|
|
- sprintf(line, "%u", NEXTSEQNUM(seqnum+count));
|
|
+ snprintf(line, sizeof(line), "%u", NEXTSEQNUM(seqnum+count));
|
|
lseek(fd, 0, SEEK_SET);
|
|
if (Sys::write(fd, line, strlen(line)) != strlen(line) ||
|
|
ftruncate(fd,strlen(line))) {
|
|
diff -ruN hfaxd/Jobs.c++.orig hfaxd/Jobs.c++
|
|
--- hfaxd/Jobs.c++.orig Sun Jun 13 00:41:14 1999
|
|
+++ hfaxd/Jobs.c++ Mon Jun 12 21:52:40 2000
|
|
@@ -1646,7 +1646,8 @@
|
|
fprintf(fd, fspec, (const char*) job.company);
|
|
break;
|
|
case 'D':
|
|
- sprintf(tmpbuf, "%2u:%-2u", job.totdials, job.maxdials);
|
|
+ snprintf(tmpbuf, sizeof(tmpbuf), "%2u:%-2u", job.totdials,
|
|
+ job.maxdials);
|
|
fprintf(fd, fspec, tmpbuf);
|
|
break;
|
|
case 'E':
|
|
@@ -1683,7 +1684,8 @@
|
|
fprintf(fd, fspec, "N "[job.useccover]);
|
|
break;
|
|
case 'P':
|
|
- sprintf(tmpbuf, "%2u:%-2u", job.npages, job.totpages);
|
|
+ snprintf(tmpbuf, sizeof(tmpbuf), "%2u:%-2u", job.npages,
|
|
+ job.totpages);
|
|
fprintf(fd, fspec, tmpbuf);
|
|
break;
|
|
case 'Q':
|
|
@@ -1696,11 +1698,12 @@
|
|
fprintf(fd, fspec, (const char*) job.sender);
|
|
break;
|
|
case 'T':
|
|
- sprintf(tmpbuf, "%2u:%-2u", job.tottries, job.maxtries);
|
|
+ snprintf(tmpbuf, sizeof(tmpbuf), "%2u:%-2u", job.tottries,
|
|
+ job.maxtries);
|
|
fprintf(fd, fspec, tmpbuf);
|
|
break;
|
|
case 'U':
|
|
- sprintf(tmpbuf, "%.1f", job.chopthreshold);
|
|
+ snprintf(tmpbuf, sizeof(tmpbuf), "%.1f", job.chopthreshold);
|
|
fprintf(fd, fspec, tmpbuf);
|
|
break;
|
|
case 'V':
|
|
diff -ruN hfaxd/OldProtocol.c++.orig hfaxd/OldProtocol.c++
|
|
--- hfaxd/OldProtocol.c++.orig Sun Jun 13 00:41:15 1999
|
|
+++ hfaxd/OldProtocol.c++ Mon Jun 12 21:52:40 2000
|
|
@@ -352,8 +352,8 @@
|
|
OldProtocolServer::vsendClient(const char* tag, const char* fmt, va_list ap)
|
|
{
|
|
char buf[2048];
|
|
- sprintf(buf, "%s:", tag);
|
|
- vsprintf(strchr(buf,'\0'), fmt, ap);
|
|
+ snprintf(buf, sizeof(buf), "%s:", tag);
|
|
+ vsnprintf(strchr(buf,'\0'), sizeof(buf) - (strchr(buf,'\0') - buf), fmt, ap);
|
|
fprintf(stdout, "%s\n", buf);
|
|
if (TRACE(PROTOCOL))
|
|
logDebug("%s", buf);
|
|
@@ -472,19 +472,19 @@
|
|
buf[0] = '\0';
|
|
if (pwd->pw_gecos) {
|
|
if (pwd->pw_gecos[0] == '&') {
|
|
- strcpy(buf, pwd->pw_name);
|
|
- strcat(buf, pwd->pw_gecos+1);
|
|
+ strlcpy(buf, pwd->pw_name, sizeof(buf));
|
|
+ strlcat(buf, pwd->pw_gecos+1, sizeof(buf));
|
|
if (islower(buf[0]))
|
|
buf[0] = toupper(buf[0]);
|
|
} else
|
|
- strcpy(buf, pwd->pw_gecos);
|
|
+ strlcpy(buf, pwd->pw_gecos, sizeof(buf));
|
|
if ((cp = strchr(buf,',')) != 0)
|
|
*cp = '\0';
|
|
/* see FaxClient::setupUserIdentity; strip SysV junk */
|
|
if ((cp = strchr(buf,'(')) != 0)
|
|
*cp = '\0';
|
|
} else
|
|
- strcpy(buf, pwd->pw_name);
|
|
+ strlcpy(buf, pwd->pw_name, sizeof(buf));
|
|
if (TRACE(PROTOCOL)) {
|
|
if (*buf)
|
|
logDebug("%s user: \"%s\"", pwd->pw_name, buf);
|
|
diff -ruN hfaxd/Status.c++.orig hfaxd/Status.c++
|
|
--- hfaxd/Status.c++.orig Sun Jun 13 00:41:16 1999
|
|
+++ hfaxd/Status.c++ Mon Jun 12 21:52:40 2000
|
|
@@ -260,16 +260,16 @@
|
|
break;
|
|
case 'r':
|
|
if (config.maxRecvPages == (u_int) -1)
|
|
- strcpy(tmpbuf, "INF");
|
|
+ strlcpy(tmpbuf, "INF", sizeof(tmpbuf));
|
|
else
|
|
- sprintf(tmpbuf, "%u", config.maxRecvPages);
|
|
+ snprintf(tmpbuf, sizeof(tmpbuf), "%u", config.maxRecvPages);
|
|
fprintf(fd, fspec, config.maxRecvPages);
|
|
break;
|
|
case 's':
|
|
fprintf(fd, fspec, (const char*) config.status);
|
|
break;
|
|
case 't':
|
|
- sprintf(tmpbuf, "%05x:%05x",
|
|
+ snprintf(tmpbuf, sizeof(tmpbuf), "%05x:%05x",
|
|
config.tracingLevel&0xfffff,
|
|
config.logTracingLevel&0xfffff);
|
|
fprintf(fd, fspec, tmpbuf);
|