sys-apps/man/files/man-1.5m-security.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

diff -urP man-1.5l/src/gripes.c man-1.5l/src/gripes.c
--- man-1.5l/src/gripes.c Wed Jul 17 20:17:23 2002
+++ man-1.5l/src/gripes.c Fri Jun  6 14:51:21 2003
@@ -28,1 +28,2 @@
+#include <string.h>
 #include <nl_types.h>
@@ -68,1 +68,3 @@
     char *s;
+    unsigned int i = 0;
+    unsigned short fmt_n = 0;
@@ -78,1 +78,14 @@
+    /* routine to filter format string abuse.  will */
+    /* only allow %d, %s, and %o through.  no more  */
+    /* than two formats needed for any response.    */
+    for (i = 0; s[i] != 0x0; i++){
+        if (s[i] == '%' && s[i+1]){
+            if (strchr("dso", s[i+1])) /* %d,%s,%o. */
+                fmt_n++;
+            else
+                fmt_n=3; /* anything else = <limit. */
+        }
+        if (fmt_n > 2) /* failed, default reply. */
+            s = msg[n];
+    }
     return s;