Security fix: addresses remote buffer overflow referenced here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0928 from MAINTAINER
2003-05-10 02:46:54 +00:00 · 2003-05-10 02:46:54 +00:00 · 33c163d5dc
commit 33c163d5dc
parent e672e84db5
2 changed files with 19 additions and 2 deletions
--- a/devel/libgtop/Makefile
+++ b/devel/libgtop/Makefile
@ -1,11 +1,12 @@
-# $OpenBSD: Makefile,v 1.16 2002/12/03 22:45:33 pvalchev Exp $
+# $OpenBSD: Makefile,v 1.17 2003/05/10 02:46:54 marcm Exp $

 COMMENT=		"portable library for obtaining system information"

 DISTNAME=		libgtop-1.0.13
+PKGNAME=		${DISTNAME}p1
 CATEGORIES=		devel

-HOMEPAGE=		http://www.home-of-linux.org/gnome/libgtop/
+HOMEPAGE=		http://www.gnome.org/softwaremap/projects/libgtop/
 MAINTAINER=		Jim Geovedi <jim@corebsd.or.id>

 MASTER_SITES=		${MASTER_SITE_GNOME:=sources/libgtop/1.0/}
--- a/devel/libgtop/patches/patch-src_daemon_gnuserv_c
+++ b/devel/libgtop/patches/patch-src_daemon_gnuserv_c
@ -0,0 +1,16 @@
+$OpenBSD: patch-src_daemon_gnuserv_c,v 1.1 2003/05/10 02:46:54 marcm Exp $
+--- src/daemon/gnuserv.c.orig	Fri May  9 17:06:45 2003
+++ src/daemon/gnuserv.c	Fri May  9 17:09:13 2003
+@@ -200,6 +200,12 @@ permitted (u_long host_addr, int fd)
+ 
+ 	auth_data_len = atoi (buf);
+ 
+	if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
+		syslog_message(LOG_WARNING,
+			       "Invalid data length supplied by client");
+		return FALSE;
+	}
+
+ 	if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
+ 	    return FALSE;
+