forked from Lainports/freebsd-ports
3f08af39e0
which officially fixes the setuid security exploit by the vendors.
Additionally, from the PR:
* adds in distribution patches to allow it to interoperate
with libtiff-3.5.5 (the current version in the ports tree),
and replace an original FreeBSD patch.
* includes security patches (replacements of 'strcpy' and
'sprintf', primarily), mostly based on patches originally
submitted by Alex Langer [1] for 4.0pl2 and not yet commited,
although some new work was done too.
[1] I don't think, that these were my patches but those submitted by
John Holland <john@zoner.org> in PR 19180.
* Fixes some issues with the configure/setup scripts introduced
since the previous version.
* Additionally, original FreeBSD patches from 4.0pl2 were
merged in where they were not addressed by anything else.
(except the I18N patch, sorry).
I removed the FORBIDDEN line since there are at least no obvious security
concerns left.
PR: 19237
Submitted by: Andy Sparrow <andy@geek4food.org>
69 lines
1.8 KiB
Text
69 lines
1.8 KiB
Text
diff -ruN port/syslog.c.orig port/syslog.c
|
|
--- port/syslog.c.orig Mon Oct 12 13:47:50 1998
|
|
+++ port/syslog.c Mon Jun 12 21:52:41 2000
|
|
@@ -88,7 +88,7 @@
|
|
register int cnt;
|
|
register char *p;
|
|
time_t now, time();
|
|
- int fd, saved_errno;
|
|
+ int fd, saved_errno, n;
|
|
char tbuf[2048], fmt_cpy[1024], *stdp, *ctime();
|
|
|
|
/* check for invalid bits or no priority set */
|
|
@@ -104,21 +104,21 @@
|
|
|
|
/* build the message */
|
|
(void)time(&now);
|
|
- (void)sprintf(tbuf, "<%d>%.15s ", pri, ctime(&now) + 4);
|
|
- for (p = tbuf; *p; ++p);
|
|
+ (void)snprintf(tbuf, sizeof(tbuf), "<%d>%.15s ", pri, ctime(&now) + 4);
|
|
+ for (p = tbuf; *p; ++p, n++);
|
|
if (LogStat & LOG_PERROR)
|
|
stdp = p;
|
|
if (LogTag) {
|
|
- (void)strcpy(p, LogTag);
|
|
+ (void)strlcpy(p, LogTag, sizeof(tbuf) - n);
|
|
for (; *p; ++p);
|
|
}
|
|
if (LogStat & LOG_PID) {
|
|
- (void)sprintf(p, "[%d]", getpid());
|
|
+ (void)snprintf(p, sizeof(tbuf) - n, "[%d]", getpid());
|
|
for (; *p; ++p);
|
|
}
|
|
if (LogTag) {
|
|
- *p++ = ':';
|
|
- *p++ = ' ';
|
|
+ *p++ = ':'; n++;
|
|
+ *p++ = ' '; n++;
|
|
}
|
|
|
|
/* substitute error message for %m */
|
|
@@ -137,7 +137,7 @@
|
|
*t1 = '\0';
|
|
}
|
|
|
|
- (void)vsprintf(p, fmt_cpy, ap);
|
|
+ (void)vsnprintf(p, sizeof(tbuf) - n, fmt_cpy, ap);
|
|
|
|
cnt = strlen(tbuf);
|
|
|
|
@@ -170,7 +170,7 @@
|
|
* is the one from the syslogd failure.
|
|
*/
|
|
if ((fd = open(_PATH_CONSOLE, O_WRONLY, 0)) >= 0) {
|
|
- (void)strcat(tbuf, "\r\n");
|
|
+ (void)strlcat(tbuf, "\r\n", sizeof(tbuf));
|
|
cnt += 2;
|
|
p = index(tbuf, '>') + 1;
|
|
(void)write(fd, p, cnt - (p - tbuf));
|
|
diff -ruN port/vsyslog.c.orig port/vsyslog.c
|
|
--- port/vsyslog.c.orig Mon Oct 12 13:47:50 1998
|
|
+++ port/vsyslog.c Mon Jun 12 21:52:41 2000
|
|
@@ -49,6 +49,6 @@
|
|
*cp++ = c;
|
|
*cp = '\0';
|
|
}
|
|
- (void) vsprintf(tbuf, fmt_cpy, ap);
|
|
+ (void) vnsprintf(tbuf, sizeof(tbuf), fmt_cpy, ap);
|
|
(void) syslog(pri, "%s", tbuf);
|
|
}
|