- Attempt to fix the exploitable security issue described at

http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by replacing strcat() with strncat(). Please note that I wasn't able to reproduce the exploit described at http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system. Feedback from someone who can reproduce the exploit with an unpatched unrtf would be appreciated - Bump PORTREVISION - Remove old master site that doesn't seem to have the distfile any more VuXML: f2d5e56e-67eb-11d9-a9e7-0001020eed82 PR: ports/76852 Submitted by: Stefan Walter <sw(at)gegenunendlich.de>
svn path=/head/; revision=128519
2025-07-18 09:49:18 -04:00 · 2005-02-11 13:33:02 +00:00 · 2005-02-11 13:33:02 +00:00 · a134d2757d · 2021-03-31 03:12:20 +00:00
commit a134d2757d
parent 41c9a60c03
2 changed files with 13 additions and 6 deletions
--- a/textproc/unrtf/Makefile
+++ b/textproc/unrtf/Makefile
@ -6,18 +6,14 @@

 PORTNAME=	unrtf
 PORTVERSION=	0.19.3
+PORTREVISION=	1
 CATEGORIES=	textproc
-MASTER_SITES=	http://unrtf.50megs.com/ \
-		${MASTER_SITE_GNU}
+MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	${PORTNAME}

 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	A converter from RTF to several formats, including HTML and LaTeX

-FORBIDDEN=	http://vuxml.FreeBSD.org/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html
-DEPRECATED=	${FORBIDDEN}
-EXPIRATION_DATE=2005-02-16
-
 USE_REINPLACE=	yes
 ALL_TARGET=	unrtf

--- a/textproc/unrtf/files/patch-convert.c
+++ b/textproc/unrtf/files/patch-convert.c
@ -0,0 +1,11 @@
+--- convert.c.orig	Sun Jan 30 13:34:16 2005
+++ convert.c	Sun Jan 30 13:35:36 2005
+@@ -341,7 +341,7 @@
+ 				while(w2) {
+ 					tmp = word_string (w2);
+ 					if (tmp && tmp[0] != '\\')
+-						strcat(name,tmp);
+						strncat(name,tmp,sizeof(name)-strlen(name)-1);
+ 
+ 					w2=w2->next;
+ 				}