mirror of
https://git.freebsd.org/ports.git
synced 2025-06-17 10:40:46 -04:00
80 lines
2.4 KiB
C
80 lines
2.4 KiB
C
--- src/header.c.orig 2000-10-05 17:36:03 UTC
|
|
+++ src/header.c
|
|
@@ -320,8 +320,8 @@ generic_to_unix_stamp(t)
|
|
dostm.tm_min = t >> 5 & 0x3f;
|
|
dostm.tm_hour = t >> 11 & 0x1f;
|
|
dostm.tm_mday = t >> 16 & 0x1f;
|
|
- dostm.tm_mon = (t >> 16 + 5 & 0x0f) - 1; /* 0..11 */
|
|
- dostm.tm_year = (t >> 16 + 9 & 0x7f) + 80;
|
|
+ dostm.tm_mon = (t >> (16 + 5) & 0x0f) - 1; /* 0..11 */
|
|
+ dostm.tm_year = (t >> (16 + 9) & 0x7f) + 80;
|
|
#if 0
|
|
dostm.tm_isdst = 0; /* correct? */
|
|
#endif
|
|
@@ -538,6 +538,10 @@ get_header(fp, hdr)
|
|
/*
|
|
* filename
|
|
*/
|
|
+ if (header_size >= 256) {
|
|
+ fprintf(stderr, "Possible buffer overflow hack attack, type #1\n");
|
|
+ exit(109);
|
|
+ }
|
|
for (i = 0; i < header_size - 3; i++)
|
|
hdr->name[i] = (char) get_byte();
|
|
hdr->name[header_size - 3] = '\0';
|
|
@@ -547,6 +551,10 @@ get_header(fp, hdr)
|
|
/*
|
|
* directory
|
|
*/
|
|
+ if (header_size >= FILENAME_LENGTH) {
|
|
+ fprintf(stderr, "Possible buffer overflow hack attack, type #2\n");
|
|
+ exit(110);
|
|
+ }
|
|
for (i = 0; i < header_size - 3; i++)
|
|
dirname[i] = (char) get_byte();
|
|
dirname[header_size - 3] = '\0';
|
|
@@ -648,8 +656,16 @@ get_header(fp, hdr)
|
|
}
|
|
|
|
if (dir_length) {
|
|
+ if ((dir_length + name_length) >= sizeof(dirname)) {
|
|
+ fprintf(stderr, "Insufficient buffer size\n");
|
|
+ exit(112);
|
|
+ }
|
|
strcat(dirname, hdr->name);
|
|
- strcpy(hdr->name, dirname);
|
|
+ if ((dir_length + name_length) >= sizeof(hdr->name)) {
|
|
+ fprintf(stderr, "Insufficient buffer size\n");
|
|
+ exit(112);
|
|
+ }
|
|
+ strncpy(hdr->name, dirname, sizeof(hdr->name));
|
|
name_length += dir_length;
|
|
}
|
|
|
|
@@ -754,7 +770,7 @@ write_header(nafp, hdr)
|
|
|
|
convdelim(hdr->name, DELIM2);
|
|
if (hdr->header_level != HEADER_LEVEL2) {
|
|
- if (p = (char *) rindex(hdr->name, DELIM2))
|
|
+ if ((p = (char *) rindex(hdr->name, DELIM2)))
|
|
name_length = strlen(++p);
|
|
else
|
|
name_length = strlen(hdr->name);
|
|
@@ -812,7 +828,7 @@ write_header(nafp, hdr)
|
|
put_word(hdr->unix_gid);
|
|
put_word(hdr->unix_uid);
|
|
|
|
- if (p = (char *) rindex(hdr->name, DELIM2)) {
|
|
+ if ((p = (char *) rindex(hdr->name, DELIM2))) {
|
|
int i;
|
|
|
|
name_length = p - hdr->name + 1;
|
|
@@ -838,7 +854,7 @@ write_header(nafp, hdr)
|
|
data[I_HEADER_CHECKSUM] = calc_sum(data + I_METHOD, header_size);
|
|
} else { /* header level 2 */
|
|
int i;
|
|
- if (p = (char *) rindex(hdr->name, DELIM2))
|
|
+ if ((p = (char *) rindex(hdr->name, DELIM2)))
|
|
name_length = strlen(++p);
|
|
else {
|
|
p = hdr->name;
|