sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 09:49:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Apply fix for CVE-2015-1315 from Marc Deslauriers

Browse source 
<marc.deslauriers@canonical.com>.

MFH:		2015Q1
Approved by:	so
This commit is contained in:
Xin LI 2015-02-17 21:58:40 +00:00
parent aade72ebb2
commit 092361d6ae
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=379192
2 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
archivers/unzip/Makefile
View file

@ -3,7 +3,7 @@
PORTNAME= unzip PORTNAME= unzip
PORTVERSION= 6.0 PORTVERSION= 6.0
PORTREVISION= 4 PORTREVISION= 5
CATEGORIES= archivers CATEGORIES= archivers
MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \ MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce

16
archivers/unzip/files/extra-iconv-patch-unix_unix.c
View file

@ -76,11 +76,23 @@
+ +
+ slen = strlen(string); + slen = strlen(string);
+ s = string; + s = string;
+ dlen = buflen = 2*slen; +
+ d = buf = malloc(buflen + 1); + /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
+ * as this function also gets called with G.outbuf in fileio.c
+ */
+ buflen = FILNAMSIZ;
+ if (OUTBUFSIZ + 1 < FILNAMSIZ)
+ {
+ buflen = OUTBUFSIZ + 1;
+ }
+
+ d = buf = malloc(buflen);
+ if(!d) + if(!d)
+ goto cleanup; + goto cleanup;
+
+ bzero(buf,buflen); + bzero(buf,buflen);
+ dlen = buflen - 1;
+
+ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1) + if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
+ goto cleanup; + goto cleanup;
+ strncpy(string, buf, buflen); + strncpy(string, buf, buflen);