Security update to sharutils:

- Fix two buffer overflows. [1] - Fix format string handling problems with command line parsing shar -o. [2] Obtained from: Gentoo [1] [2] Patch by: Michael Schröder [2] VuXML: 26c9e8c6-1c99-11d9-814e-0001020eed82 [1] Approved by: erwin
svn path=/head/; revision=119197
2025-07-18 17:59:20 -04:00 · 2004-10-13 10:17:01 +00:00 · 2004-10-13 10:17:01 +00:00 · c79324b8fc · 2021-03-31 03:12:20 +00:00
commit c79324b8fc
parent ac05afc404
3 changed files with 158 additions and 1 deletions
--- a/archivers/sharutils/Makefile
+++ b/archivers/sharutils/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	sharutils
 PORTVERSION=	4.2.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	archivers
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	sharutils
--- a/archivers/sharutils/files/patch-buffer-check
+++ b/archivers/sharutils/files/patch-buffer-check
@ -0,0 +1,98 @@
+Index: src/shar.c
+===================================================================
+RCS file: /home/ke/cvsroot/sharutils/src/shar.c,v
+retrieving revision 1.22
+diff -u -r1.22 shar.c
+--- src/shar.c	2 Dec 2002 20:52:10 -0000	1.22
+++ src/shar.c	15 May 2004 09:13:16 -0000
+@@ -255,11 +255,11 @@
+ /* Position for first file in the shar file.  */
+ static off_t first_file_position;
+ 
+-/* Base for output filename.  FIXME: No fix limit in GNU... */
+-static char output_base_name[50];
+/* Base for output filename.  */
+static char *output_base_name;
+ 
+-/* Actual output filename.  FIXME: No fix limit in GNU... */
+-static char output_filename[50];
+/* Actual output filename.  */
+static char *output_filename;
+ 
+ static char *submitter_address = NULL;
+ 
+@@ -1727,7 +1727,12 @@
+ static void
+ open_output ()
+ {
+-  sprintf (output_filename, output_base_name, ++part_number);
+  size_t l;
+  l = strlen(output_base_name) + 128;
+  if (output_filename)
+    free(output_filename);
+  output_filename = xmalloc(l);
+  snprintf(output_filename, l, output_base_name, ++part_number);
+   output = fopen (output_filename, "w");
+   if (!output)
+     error (EXIT_FAILURE, errno, _("Opening `%s'"), output_filename);
+@@ -1907,6 +1912,42 @@
+     file_size_limit = lim;
+ }
+ 
+
+char *parse_output_base_name(char *arg)
+{
+  int c;
+  int hadarg = 0;
+  char *fmt, *p;
+
+  for (p = arg ; (c = *p++) != 0; )
+    {
+      if (c != '%')
+	continue;
+      c = *p++;
+      if (c == '%')
+	continue;
+      if (hadarg)
+	return 0;
+      while (c != 0 && strchr("#0+- 'I", c) != 0)
+	c = *p++;
+      while (c != 0 && c >= '0' && c <= '9')
+	c = *p++;
+      if (c == '.')
+	c = *p++;
+      while (c != 0 && c >= '0' && c <= '9')
+	c = *p++;
+      if (c == 0 || strchr("diouxX", c) == 0)
+	return 0;
+      hadarg = 1;
+    }
+  fmt = xmalloc(strlen(arg) + (hadarg ? 1 : 6));
+  strcpy(fmt, arg);
+  if (!hadarg)
+    strcat(fmt, ".%02d");
+  return fmt;
+}
+
+
+ /*---.
+ | ?  |
+ `---*/
+@@ -2047,9 +2088,14 @@
+ 	break;
+ 
+       case 'o':
+-	strcpy (output_base_name, optarg);
+-	if (!strchr (output_base_name, '%'))
+-	  strcat (output_base_name, ".%02d");
+	if (output_base_name)
+	  free (output_base_name);
+        output_base_name = parse_output_base_name(optarg);
+        if (!output_base_name)
+	  {
+	    fprintf (stderr, _("illegal output prefix\n"));
+	    exit (EXIT_FAILURE);
+	  }
+ 	part_number = 0;
+ 	open_output ();
+ 	break;
--- a/archivers/sharutils/files/patch-buffer-limits
+++ b/archivers/sharutils/files/patch-buffer-limits
@ -0,0 +1,59 @@
+--- src/shar.c.orig	1999-09-10 21:20:41.000000000 +0200
+++ src/shar.c	2004-09-29 15:09:40.790061000 +0200
+@@ -1571,7 +1571,7 @@
+ 	  sprintf (command, "%s '%s'", CHARACTER_COUNT_COMMAND, local_name);
+ 	  if (pfp = popen (command, "r"), pfp)
+ 	    {
+-	      char wc[BUFSIZ];
+		char wc[BUFSIZ], tempform[50];      
+ 	      const char *prefix = "";
+ 
+ 	      if (did_md5)
+@@ -1579,8 +1579,8 @@
+ 		  fputs ("  else\n", output);
+ 		  prefix = "  ";
+ 		}
+-
+-	      fscanf (pfp, "%s", wc);
+	sprintf (tempform, "%%%ds", BUFSIZ - 1);
+	fscanf (pfp, tempform, wc);
+ 	      fprintf (output, "\
+ %s  shar_count=\"`%s '%s'`\"\n\
+ %s  test %s -eq \"$shar_count\" ||\n\
+diff -Naur ./sharutils-4.2.1/src/unshar.c ./sharutils-4.2.1_new/src/unshar.c
+--- src/unshar.c.orig	1995-11-21 17:22:14.000000000 +0100
+++ src/unshar.c	2004-09-29 15:09:44.682469264 +0200
+@@ -346,8 +346,8 @@
+ {
+   size_t size_read;
+   FILE *file;
+-  char name_buffer[NAME_BUFFER_SIZE];
+-  char copy_buffer[NAME_BUFFER_SIZE];
+  char name_buffer[NAME_BUFFER_SIZE] = {'\0'};
+  char copy_buffer[NAME_BUFFER_SIZE] = {'\0'};
+   int optchar;
+ 
+   program_name = argv[0];
+@@ -409,14 +409,14 @@
+   if (optind < argc)
+     for (; optind < argc; optind++)
+       {
+-	if (argv[optind][0] == '/')
+-	  stpcpy (name_buffer, argv[optind]);
+-	else
+-	  {
+-	    char *cp = stpcpy (name_buffer, current_directory);
+-	    *cp++ = '/';
+-	    stpcpy (cp, argv[optind]);
+-	  }
+	if (argv[optind][0] == '/') {
+		strncpy (name_buffer, argv[optind], sizeof(name_buffer));
+		name_buffer[sizeof(name_buffer)-1] = '\0';
+	}
+	else {
+		snprintf(name_buffer, sizeof(name_buffer),"%s/%s", current_directory, argv[optind]);
+		name_buffer[sizeof(name_buffer)-1] = '\0';
+	}
+ 	if (file = fopen (name_buffer, "r"), !file)
+ 	  error (EXIT_FAILURE, errno, name_buffer);
+ 	unarchive_shar_file (name_buffer, file);