SECURITY:

Fix buffer overflow. From: Ulf Harnhammar
2004-07-02 16:02:47 +00:00 · 2004-07-02 16:02:47 +00:00 · bb5d9dceab
commit bb5d9dceab
parent f86c2c2d02
2 changed files with 16 additions and 2 deletions
--- a/net/pavuk/Makefile
+++ b/net/pavuk/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.6 2003/01/30 22:39:07 espie Exp $
+# $OpenBSD: Makefile,v 1.7 2004/07/02 16:02:47 naddy Exp $

 COMMENT=	"tool to mirror contents of HTTP and FTP servers"

 DISTNAME=	pavuk-0.9pl28
-PKGNAME=	${DISTNAME}a
+PKGNAME=	${DISTNAME}p1
 CATEGORIES=	net
 EXTRACT_SUFX=	.tgz

--- a/net/pavuk/patches/patch-src_http_c
+++ b/net/pavuk/patches/patch-src_http_c
@ -0,0 +1,14 @@
+$OpenBSD: patch-src_http_c,v 1.1 2004/07/02 16:02:47 naddy Exp $
+--- src/http.c.orig	Mon Jul 30 00:06:40 2001
+++ src/http.c	Fri Jul  2 17:25:33 2004
+@@ -1111,8 +1111,8 @@ doc *docp;
+ 	if (!loc)
+ 		return -1;
+ 
+-	if (sscanf(loc, "http://%[.0-9A-Za-z_-]:%d", proxy, &port) < 1)
+-		if (sscanf(loc, "%[.0-9A-Za-z_-]:%d", proxy, &port) !=2)
+	if (sscanf(loc, "http://%255[.0-9A-Za-z_-]:%d", proxy, &port) < 1)
+		if (sscanf(loc, "%255[.0-9A-Za-z_-]:%d", proxy, &port) !=2)
+ 			return -1;
+ 
+ 	_free(docp->http_proxy);