[gentoo-commits] gentoo-x86 commit in net-misc/whois/files: whois-4.7.26-gentoo-security.patch - gentoo-commits

From:	"Mike Frysinger (vapier)" <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-misc/whois/files: whois-4.7.26-gentoo-security.patch
Date:	Mon, 05 May 2008 04:55:35
Message-Id:	`E1Jssjd-0000Hz-5N@stork.gentoo.org`

1

vapier      08/05/05 04:55:33

2

3

  Added:                whois-4.7.26-gentoo-security.patch

4

  Log:

5

  Version bump #219498 by Conrad Kostecki.

6

  (Portage version: 2.2_pre5)

7

8

Revision  Changes    Path

9

1.1                  net-misc/whois/files/whois-4.7.26-gentoo-security.patch

10

11

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/whois/files/whois-4.7.26-gentoo-security.patch?rev=1.1&view=markup

12

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/whois/files/whois-4.7.26-gentoo-security.patch?rev=1.1&content-type=text/plain

13

14

Index: whois-4.7.26-gentoo-security.patch

15

===================================================================

16

--- whois-4.7.26/whois.c

17

+++ whois-4.7.26/whois.c

18

@@ -87,7 +87,7 @@

19

 	/* RIPE flags */

20

 	if (strchr(ripeflags, ch)) {

21

 	    for (p = fstring; *p; p++);

22

-	    sprintf(p--, "-%c ", ch);

23

+	    snprintf(p--, sizeof(fstring), "-%c ", ch);

24

 	    continue;

25

}

26

 	if (strchr(ripeflagsp, ch)) {

27

@@ -141,10 +141,10 @@

28

 	while (1) {

29

 	    qslen += strlen(*argv) + 1 + 1;

30

 	    qstring = realloc(qstring, qslen);

31

-	    strcat(qstring, *argv++);

32

+	    strncat(qstring, *argv++, qslen-1);

33

 	    if (argc == 1)

34

 		break;

35

-	    strcat(qstring, " ");

36

+	    strncat(qstring, " ", qslen-1);

37

 	    argc--;

38

}

39

}

40

@@ -467,8 +467,10 @@

41

     char *buf, *p;

42

     int i, isripe = 0;

43

44

+    /* buflen was always 0 in original patch and buf was allocated twice /Aye */

45

     /* 64 bytes reserved for server-specific flags added later */

46

-    buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64);

47

+    int buflen = strlen(flags) + strlen(query) + strlen(client_tag) + 64;

48

+    buf = malloc(buflen);

49

     *buf = '\0';

50

     for (i = 0; ripe_servers[i]; i++)

51

 	if (streq(server, ripe_servers[i])) {

52

@@ -481,7 +483,7 @@

53

     if (*flags) {

54

 	if (!isripe && !streq(server, "whois.corenic.net"))

55

 	    puts(_("Warning: RIPE flags used with a traditional server."));

56

-	strcat(buf, flags);

57

+	strncat(buf, flags, buflen-1);

58

}

59

60

 #ifdef HAVE_LIBIDN

61

@@ -490,28 +492,28 @@

62

*/

63

     if (streq(server, "whois.denic.de") && domcmp(query, ".de")

64

 	    && !strchr(query, ' ') && !*flags)

65

-	sprintf(buf, "-T dn,ace -C US-ASCII %s", query);

66

+	snprintf(buf, buflen-1, "-T dn,ace -C US-ASCII %s", query);

67

     else

68

     /* here we have another registrar who could not make things simple

69

      * -C sets the language for both input and output

70

*/

71

     if (!isripe && streq(server, "whois.cat") && domcmp(query, ".cat")

72

 	    && !strchr(query, ' '))

73

-	sprintf(buf, "-C US-ASCII ace %s", query);

74

+	snprintf(buf, buflen-1, "-C US-ASCII ace %s", query);

75

     else

76

 #endif

77

     if (!isripe && (streq(server, "whois.nic.mil") ||

78

 	    streq(server, "whois.nic.ad.jp")) &&

79

 	    strncaseeq(query, "AS", 2) && isasciidigit(query[2]))

80

 	/* FIXME: /e is not applied to .JP ASN */

81

-	sprintf(buf, "AS %s", query + 2);	/* fix query for DDN */

82

+	snprintf(buf, buflen-1, "AS %s", query + 2);	/* fix query for DDN */

83

     else if (!isripe && (streq(server, "whois.nic.ad.jp") ||

84

 	    streq(server, "whois.jprs.jp"))) {

85

 	char *lang = getenv("LANG");	/* not a perfect check, but... */

86

 	if (!lang || !strneq(lang, "ja", 2))

87

-	    sprintf(buf, "%s/e", query);	/* ask for english text */

88

+	    snprintf(buf, buflen-1, "%s/e", query);	/* ask for english text */

89

 	else

90

-	    strcat(buf, query);

91

+	    strncat(buf, query, buflen-1);

92

     } else if (!isripe && streq(server, "whois.arin.net") &&

93

 	    (p = strrchr(query, '/'))) {

94

 	strncat(buf, query, p - query);		/* strip CIDR */

--

99

gentoo-commits@l.g.o mailing list

1	vapier 08/05/05 04:55:33
2
3	Added: whois-4.7.26-gentoo-security.patch
4	Log:
5	Version bump #219498 by Conrad Kostecki.
6	(Portage version: 2.2_pre5)
7
8	Revision Changes Path
9	1.1 net-misc/whois/files/whois-4.7.26-gentoo-security.patch
10
11	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/whois/files/whois-4.7.26-gentoo-security.patch?rev=1.1&view=markup
12	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/whois/files/whois-4.7.26-gentoo-security.patch?rev=1.1&content-type=text/plain
13
14	Index: whois-4.7.26-gentoo-security.patch
15	===================================================================
16	--- whois-4.7.26/whois.c
17	+++ whois-4.7.26/whois.c
18	@@ -87,7 +87,7 @@
19	/* RIPE flags */
20	if (strchr(ripeflags, ch)) {
21	for (p = fstring; *p; p++);
22	- sprintf(p--, "-%c ", ch);
23	+ snprintf(p--, sizeof(fstring), "-%c ", ch);
24	continue;
25	}
26	if (strchr(ripeflagsp, ch)) {
27	@@ -141,10 +141,10 @@
28	while (1) {
29	qslen += strlen(*argv) + 1 + 1;
30	qstring = realloc(qstring, qslen);
31	- strcat(qstring, *argv++);
32	+ strncat(qstring, *argv++, qslen-1);
33	if (argc == 1)
34	break;
35	- strcat(qstring, " ");
36	+ strncat(qstring, " ", qslen-1);
37	argc--;
38	}
39	}
40	@@ -467,8 +467,10 @@
41	char buf, p;
42	int i, isripe = 0;
43
44	+ /* buflen was always 0 in original patch and buf was allocated twice /Aye */
45	/* 64 bytes reserved for server-specific flags added later */
46	- buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64);
47	+ int buflen = strlen(flags) + strlen(query) + strlen(client_tag) + 64;
48	+ buf = malloc(buflen);
49	*buf = '\0';
50	for (i = 0; ripe_servers[i]; i++)
51	if (streq(server, ripe_servers[i])) {
52	@@ -481,7 +483,7 @@
53	if (*flags) {
54	if (!isripe && !streq(server, "whois.corenic.net"))
55	puts(_("Warning: RIPE flags used with a traditional server."));
56	- strcat(buf, flags);
57	+ strncat(buf, flags, buflen-1);
58	}
59
60	#ifdef HAVE_LIBIDN
61	@@ -490,28 +492,28 @@
62	*/
63	if (streq(server, "whois.denic.de") && domcmp(query, ".de")
64	&& !strchr(query, ' ') && !*flags)
65	- sprintf(buf, "-T dn,ace -C US-ASCII %s", query);
66	+ snprintf(buf, buflen-1, "-T dn,ace -C US-ASCII %s", query);
67	else
68	/* here we have another registrar who could not make things simple
69	* -C sets the language for both input and output
70	*/
71	if (!isripe && streq(server, "whois.cat") && domcmp(query, ".cat")
72	&& !strchr(query, ' '))
73	- sprintf(buf, "-C US-ASCII ace %s", query);
74	+ snprintf(buf, buflen-1, "-C US-ASCII ace %s", query);
75	else
76	#endif
77	if (!isripe && (streq(server, "whois.nic.mil") \|\|
78	streq(server, "whois.nic.ad.jp")) &&
79	strncaseeq(query, "AS", 2) && isasciidigit(query[2]))
80	/* FIXME: /e is not applied to .JP ASN */
81	- sprintf(buf, "AS %s", query + 2); /* fix query for DDN */
82	+ snprintf(buf, buflen-1, "AS %s", query + 2); /* fix query for DDN */
83	else if (!isripe && (streq(server, "whois.nic.ad.jp") \|\|
84	streq(server, "whois.jprs.jp"))) {
85	char lang = getenv("LANG"); / not a perfect check, but... */
86	if (!lang \|\| !strneq(lang, "ja", 2))
87	- sprintf(buf, "%s/e", query); /* ask for english text */
88	+ snprintf(buf, buflen-1, "%s/e", query); /* ask for english text */
89	else
90	- strcat(buf, query);
91	+ strncat(buf, query, buflen-1);
92	} else if (!isripe && streq(server, "whois.arin.net") &&
93	(p = strrchr(query, '/'))) {
94	strncat(buf, query, p - query); /* strip CIDR */
95
96
97
98	--
99	gentoo-commits@l.g.o mailing list

Gentoo Archives: gentoo-commits