fix trivial buffer overflows, spellcheck

1999-11-08 19:56:53 +00:00 · 1999-11-08 19:56:53 +00:00 · 263eb4e23f
commit 263eb4e23f
parent da47713e6f
4 changed files with 77 additions and 0 deletions
--- a/misc/dialog/patches/patch-ab
+++ b/misc/dialog/patches/patch-ab
@ -0,0 +1,23 @@
+--- guage.c.orig	Mon Nov  8 14:08:43 1999
+++ guage.c	Mon Nov  8 14:36:22 1999
+@@ -86,16 +86,16 @@
+ 
+ 	if (feof (stdin))
+ 	    break;
+-	gets (buf);
+	fgets (buf, sizeof(buf), stdin);
+ 	if (buf[0] == 'X') {
+ 	    /* Next line is percentage */
+-	    gets (buf);
+	    fgets (buf, sizeof(buf), stdin);
+ 	    percent = atoi (buf);
+ 
+ 	    /* Rest is message text */
+ 	    prompt_buf[0] = '\0';
+-	    while (strncmp (gets (buf), "XXX", 3))
+-		strcat (prompt_buf, buf);
+	    while (strncmp (fgets (buf, sizeof(buf), stdin), "XXX", 3))
+		strlcat (prompt_buf, buf, sizeof(prompt_buf));
+ 	    prompt = prompt_buf;
+ 	} else
+ 	    percent = atoi (buf);
--- a/misc/dialog/patches/patch-ac
+++ b/misc/dialog/patches/patch-ac
@ -0,0 +1,20 @@
+--- dialog.c.orig	Mon Nov  8 14:48:14 1999
+++ dialog.c	Mon Nov  8 14:48:42 1999
+@@ -56,7 +56,7 @@
+     {"--radiolist", 9, 0, 3, j_radiolist},
+     {"--inputbox", 5, 6, 1, j_inputbox},
+ #ifdef HAVE_GUAGE
+-    {"--guage", 6, 6, 1, j_guage},
+    {"--gauge", 6, 6, 1, j_guage},
+ #endif
+     {NULL, 0, 0, 0, NULL}
+ };
+@@ -197,7 +197,7 @@
+ \n  --checklist <text> <height> <width> <list height> <tag1> <item1> <status1>...\
+ \n  --radiolist <text> <height> <width> <list height> <tag1> <item1> <status1>...\n",name);
+ #ifdef HAVE_GUAGE
+-fprintf(stderr,"  --guage     <text> <height> <width> <percent>\n");
+fprintf(stderr,"  --gauge     <text> <height> <width> <percent>\n");
+ #endif
+     exit (-1);
+ }
--- a/misc/dialog/patches/patch-ad
+++ b/misc/dialog/patches/patch-ad
@ -0,0 +1,29 @@
+--- dialog.man.orig	Mon Nov  8 14:49:01 1999
+++ dialog.man	Mon Nov  8 14:49:52 1999
+@@ -41,7 +41,7 @@
+ .BR yes/no " box," " menu" " box," " input" " box,"
+ .BR message " box," " text" " box," " info" " box,"
+ '\" NOHAVEGUAGE
+-.BR guage " box,"
+.BR gauge " box,"
+ '\" NOHAVEGUAGE
+ .BR checklist " box, and" " radiolist" " box."
+ .SH OPTIONS
+@@ -189,14 +189,14 @@
+ .IR status " to " on "."
+ 
+ '\" NOHAVEGUAGE
+-.IP "\fB\-\-guage \fItext height width percent\fR"
+-.RB "A " guage " box displays a meter along the bottom of the box.
+.IP "\fB\-\-gauge \fItext height width percent\fR"
+.RB "A " gauge " box displays a meter along the bottom of the box.
+ The meter indicates the percentage.  New percentages are read from
+ standard input, one integer per line.  The meter is updated
+ to reflect each new percentage.  If stdin is XXX, then the first
+ line following is taken as an integer percentage, then subsequent
+ lines up to another XXX are used for a new prompt.
+-The guage exits when EOF is reached on stdin.
+The gauge exits when EOF is reached on stdin.
+ 
+ '\" NOHAVEGUAGE
+ '\" NOHAVERC
--- a/misc/dialog/pkg/SECURITY
+++ b/misc/dialog/pkg/SECURITY
@ -0,0 +1,5 @@
+fixed some trivial buffer overflows in guage.c
+
+other boundary checking errors abound, not just in string manipulation -
+e.g. draw_* routines, etc. nothing security-critical, just not robust.
+