diff options
author | 2004-06-30 00:06:18 +0000 | |
---|---|---|
committer | 2004-06-30 00:06:18 +0000 | |
commit | 0c0a5451b957fb4a2b6137dc4e8dec592190aa9d (patch) | |
tree | a9ef79dbe988e5f6529167e019aa1585c6005030 /net-misc/pavuk/files | |
parent | Rollback till the new gs is fixed on ppc (diff) | |
download | historical-0c0a5451b957fb4a2b6137dc4e8dec592190aa9d.tar.gz historical-0c0a5451b957fb4a2b6137dc4e8dec592190aa9d.tar.bz2 historical-0c0a5451b957fb4a2b6137dc4e8dec592190aa9d.zip |
Security update. When pavuk connects to a web server and the server sends back the HTTP status code 305 (Use Proxy), pavuk copies data from the HTTP Location header in an unsafe manner. This leads to a stack-based buffer overflow with control over EIP.
Diffstat (limited to 'net-misc/pavuk/files')
-rw-r--r-- | net-misc/pavuk/files/digest-pavuk-0.9.28-r2 | 1 | ||||
-rw-r--r-- | net-misc/pavuk/files/pavuk-0.9.28-http.patch | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/net-misc/pavuk/files/digest-pavuk-0.9.28-r2 b/net-misc/pavuk/files/digest-pavuk-0.9.28-r2 new file mode 100644 index 000000000000..cdc14b2bba09 --- /dev/null +++ b/net-misc/pavuk/files/digest-pavuk-0.9.28-r2 @@ -0,0 +1 @@ +MD5 d0f7b77bd11322add1f7d52d62afbf78 pavuk-0.9pl28.tgz 968336 diff --git a/net-misc/pavuk/files/pavuk-0.9.28-http.patch b/net-misc/pavuk/files/pavuk-0.9.28-http.patch new file mode 100644 index 000000000000..88acf6f5e49f --- /dev/null +++ b/net-misc/pavuk/files/pavuk-0.9.28-http.patch @@ -0,0 +1,13 @@ +--- http.c.old 2001-07-30 00:06:40.000000000 +0200 ++++ http.c 2004-06-14 01:33:27.000000000 +0200 +@@ -1111,8 +1111,8 @@ + if (!loc) + return -1; + +- if (sscanf(loc, "http://%[.0-9A-Za-z_-]:%d", proxy, &port) < 1) +- if (sscanf(loc, "%[.0-9A-Za-z_-]:%d", proxy, &port) !=2) ++ if (sscanf(loc, "http://%255[.0-9A-Za-z_-]:%d", proxy, &port) < 1) ++ if (sscanf(loc, "%255[.0-9A-Za-z_-]:%d", proxy, &port) !=2) + return -1; + + _free(docp->http_proxy); |