mirror of
https://git.freebsd.org/ports.git
synced 2025-07-18 01:39:16 -04:00
Apply fix for CVE-2015-1315 from Marc Deslauriers
<marc.deslauriers@canonical.com>. MFH: 2015Q1 Approved by: so
This commit is contained in:
parent
aade72ebb2
commit
092361d6ae
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=379192
2 changed files with 16 additions and 4 deletions
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
PORTNAME= unzip
|
PORTNAME= unzip
|
||||||
PORTVERSION= 6.0
|
PORTVERSION= 6.0
|
||||||
PORTREVISION= 4
|
PORTREVISION= 5
|
||||||
CATEGORIES= archivers
|
CATEGORIES= archivers
|
||||||
MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
|
MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
|
||||||
SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce
|
SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce
|
||||||
|
|
|
@ -76,15 +76,27 @@
|
||||||
+
|
+
|
||||||
+ slen = strlen(string);
|
+ slen = strlen(string);
|
||||||
+ s = string;
|
+ s = string;
|
||||||
+ dlen = buflen = 2*slen;
|
+
|
||||||
+ d = buf = malloc(buflen + 1);
|
+ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
|
||||||
|
+ * as this function also gets called with G.outbuf in fileio.c
|
||||||
|
+ */
|
||||||
|
+ buflen = FILNAMSIZ;
|
||||||
|
+ if (OUTBUFSIZ + 1 < FILNAMSIZ)
|
||||||
|
+ {
|
||||||
|
+ buflen = OUTBUFSIZ + 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ d = buf = malloc(buflen);
|
||||||
+ if(!d)
|
+ if(!d)
|
||||||
+ goto cleanup;
|
+ goto cleanup;
|
||||||
|
+
|
||||||
+ bzero(buf,buflen);
|
+ bzero(buf,buflen);
|
||||||
|
+ dlen = buflen - 1;
|
||||||
|
+
|
||||||
+ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
|
+ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
|
||||||
+ goto cleanup;
|
+ goto cleanup;
|
||||||
+ strncpy(string, buf, buflen);
|
+ strncpy(string, buf, buflen);
|
||||||
+
|
+
|
||||||
+ cleanup:
|
+ cleanup:
|
||||||
+ free(buf);
|
+ free(buf);
|
||||||
+ iconv_close(cd);
|
+ iconv_close(cd);
|
||||||
|
|
Loading…
Add table
Reference in a new issue