summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNed Ludd <solar@gentoo.org>2004-06-30 00:06:18 +0000
committerNed Ludd <solar@gentoo.org>2004-06-30 00:06:18 +0000
commit0c0a5451b957fb4a2b6137dc4e8dec592190aa9d (patch)
treea9ef79dbe988e5f6529167e019aa1585c6005030 /net-misc/pavuk/files
parentRollback till the new gs is fixed on ppc (diff)
downloadhistorical-0c0a5451b957fb4a2b6137dc4e8dec592190aa9d.tar.gz
historical-0c0a5451b957fb4a2b6137dc4e8dec592190aa9d.tar.bz2
historical-0c0a5451b957fb4a2b6137dc4e8dec592190aa9d.zip
Security update. When pavuk connects to a web server and the server sends back the HTTP status code 305 (Use Proxy), pavuk copies data from the HTTP Location header in an unsafe manner. This leads to a stack-based buffer overflow with control over EIP.
Diffstat (limited to 'net-misc/pavuk/files')
-rw-r--r--net-misc/pavuk/files/digest-pavuk-0.9.28-r21
-rw-r--r--net-misc/pavuk/files/pavuk-0.9.28-http.patch13
2 files changed, 14 insertions, 0 deletions
diff --git a/net-misc/pavuk/files/digest-pavuk-0.9.28-r2 b/net-misc/pavuk/files/digest-pavuk-0.9.28-r2
new file mode 100644
index 000000000000..cdc14b2bba09
--- /dev/null
+++ b/net-misc/pavuk/files/digest-pavuk-0.9.28-r2
@@ -0,0 +1 @@
+MD5 d0f7b77bd11322add1f7d52d62afbf78 pavuk-0.9pl28.tgz 968336
diff --git a/net-misc/pavuk/files/pavuk-0.9.28-http.patch b/net-misc/pavuk/files/pavuk-0.9.28-http.patch
new file mode 100644
index 000000000000..88acf6f5e49f
--- /dev/null
+++ b/net-misc/pavuk/files/pavuk-0.9.28-http.patch
@@ -0,0 +1,13 @@
+--- http.c.old 2001-07-30 00:06:40.000000000 +0200
++++ http.c 2004-06-14 01:33:27.000000000 +0200
+@@ -1111,8 +1111,8 @@
+ if (!loc)
+ return -1;
+
+- if (sscanf(loc, "http://%[.0-9A-Za-z_-]:%d", proxy, &port) < 1)
+- if (sscanf(loc, "%[.0-9A-Za-z_-]:%d", proxy, &port) !=2)
++ if (sscanf(loc, "http://%255[.0-9A-Za-z_-]:%d", proxy, &port) < 1)
++ if (sscanf(loc, "%255[.0-9A-Za-z_-]:%d", proxy, &port) !=2)
+ return -1;
+
+ _free(docp->http_proxy);