1 |
vapier 08/05/05 04:55:33 |
2 |
|
3 |
Added: whois-4.7.26-gentoo-security.patch |
4 |
Log: |
5 |
Version bump #219498 by Conrad Kostecki. |
6 |
(Portage version: 2.2_pre5) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 net-misc/whois/files/whois-4.7.26-gentoo-security.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/whois/files/whois-4.7.26-gentoo-security.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/whois/files/whois-4.7.26-gentoo-security.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: whois-4.7.26-gentoo-security.patch |
15 |
=================================================================== |
16 |
--- whois-4.7.26/whois.c |
17 |
+++ whois-4.7.26/whois.c |
18 |
@@ -87,7 +87,7 @@ |
19 |
/* RIPE flags */ |
20 |
if (strchr(ripeflags, ch)) { |
21 |
for (p = fstring; *p; p++); |
22 |
- sprintf(p--, "-%c ", ch); |
23 |
+ snprintf(p--, sizeof(fstring), "-%c ", ch); |
24 |
continue; |
25 |
} |
26 |
if (strchr(ripeflagsp, ch)) { |
27 |
@@ -141,10 +141,10 @@ |
28 |
while (1) { |
29 |
qslen += strlen(*argv) + 1 + 1; |
30 |
qstring = realloc(qstring, qslen); |
31 |
- strcat(qstring, *argv++); |
32 |
+ strncat(qstring, *argv++, qslen-1); |
33 |
if (argc == 1) |
34 |
break; |
35 |
- strcat(qstring, " "); |
36 |
+ strncat(qstring, " ", qslen-1); |
37 |
argc--; |
38 |
} |
39 |
} |
40 |
@@ -467,8 +467,10 @@ |
41 |
char *buf, *p; |
42 |
int i, isripe = 0; |
43 |
|
44 |
+ /* buflen was always 0 in original patch and buf was allocated twice /Aye */ |
45 |
/* 64 bytes reserved for server-specific flags added later */ |
46 |
- buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64); |
47 |
+ int buflen = strlen(flags) + strlen(query) + strlen(client_tag) + 64; |
48 |
+ buf = malloc(buflen); |
49 |
*buf = '\0'; |
50 |
for (i = 0; ripe_servers[i]; i++) |
51 |
if (streq(server, ripe_servers[i])) { |
52 |
@@ -481,7 +483,7 @@ |
53 |
if (*flags) { |
54 |
if (!isripe && !streq(server, "whois.corenic.net")) |
55 |
puts(_("Warning: RIPE flags used with a traditional server.")); |
56 |
- strcat(buf, flags); |
57 |
+ strncat(buf, flags, buflen-1); |
58 |
} |
59 |
|
60 |
#ifdef HAVE_LIBIDN |
61 |
@@ -490,28 +492,28 @@ |
62 |
*/ |
63 |
if (streq(server, "whois.denic.de") && domcmp(query, ".de") |
64 |
&& !strchr(query, ' ') && !*flags) |
65 |
- sprintf(buf, "-T dn,ace -C US-ASCII %s", query); |
66 |
+ snprintf(buf, buflen-1, "-T dn,ace -C US-ASCII %s", query); |
67 |
else |
68 |
/* here we have another registrar who could not make things simple |
69 |
* -C sets the language for both input and output |
70 |
*/ |
71 |
if (!isripe && streq(server, "whois.cat") && domcmp(query, ".cat") |
72 |
&& !strchr(query, ' ')) |
73 |
- sprintf(buf, "-C US-ASCII ace %s", query); |
74 |
+ snprintf(buf, buflen-1, "-C US-ASCII ace %s", query); |
75 |
else |
76 |
#endif |
77 |
if (!isripe && (streq(server, "whois.nic.mil") || |
78 |
streq(server, "whois.nic.ad.jp")) && |
79 |
strncaseeq(query, "AS", 2) && isasciidigit(query[2])) |
80 |
/* FIXME: /e is not applied to .JP ASN */ |
81 |
- sprintf(buf, "AS %s", query + 2); /* fix query for DDN */ |
82 |
+ snprintf(buf, buflen-1, "AS %s", query + 2); /* fix query for DDN */ |
83 |
else if (!isripe && (streq(server, "whois.nic.ad.jp") || |
84 |
streq(server, "whois.jprs.jp"))) { |
85 |
char *lang = getenv("LANG"); /* not a perfect check, but... */ |
86 |
if (!lang || !strneq(lang, "ja", 2)) |
87 |
- sprintf(buf, "%s/e", query); /* ask for english text */ |
88 |
+ snprintf(buf, buflen-1, "%s/e", query); /* ask for english text */ |
89 |
else |
90 |
- strcat(buf, query); |
91 |
+ strncat(buf, query, buflen-1); |
92 |
} else if (!isripe && streq(server, "whois.arin.net") && |
93 |
(p = strrchr(query, '/'))) { |
94 |
strncat(buf, query, p - query); /* strip CIDR */ |
95 |
|
96 |
|
97 |
|
98 |
-- |
99 |
gentoo-commits@l.g.o mailing list |