head 1.2; access; symbols pkgsrc-2026Q1:1.2.0.78 pkgsrc-2026Q1-base:1.2 pkgsrc-2025Q4:1.2.0.76 pkgsrc-2025Q4-base:1.2 pkgsrc-2025Q3:1.2.0.74 pkgsrc-2025Q3-base:1.2 pkgsrc-2025Q2:1.2.0.72 pkgsrc-2025Q2-base:1.2 pkgsrc-2025Q1:1.2.0.70 pkgsrc-2025Q1-base:1.2 pkgsrc-2024Q4:1.2.0.68 pkgsrc-2024Q4-base:1.2 pkgsrc-2024Q3:1.2.0.66 pkgsrc-2024Q3-base:1.2 pkgsrc-2024Q2:1.2.0.64 pkgsrc-2024Q2-base:1.2 pkgsrc-2024Q1:1.2.0.62 pkgsrc-2024Q1-base:1.2 pkgsrc-2023Q4:1.2.0.60 pkgsrc-2023Q4-base:1.2 pkgsrc-2023Q3:1.2.0.58 pkgsrc-2023Q3-base:1.2 pkgsrc-2023Q2:1.2.0.56 pkgsrc-2023Q2-base:1.2 pkgsrc-2023Q1:1.2.0.54 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.2.0.52 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.50 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.48 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.2.0.46 pkgsrc-2022Q1-base:1.2 pkgsrc-2021Q4:1.2.0.44 pkgsrc-2021Q4-base:1.2 pkgsrc-2021Q3:1.2.0.42 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.2.0.40 pkgsrc-2021Q2-base:1.2 pkgsrc-2021Q1:1.2.0.38 pkgsrc-2021Q1-base:1.2 pkgsrc-2020Q4:1.2.0.36 pkgsrc-2020Q4-base:1.2 pkgsrc-2020Q3:1.2.0.34 pkgsrc-2020Q3-base:1.2 pkgsrc-2020Q2:1.2.0.30 pkgsrc-2020Q2-base:1.2 pkgsrc-2020Q1:1.2.0.10 pkgsrc-2020Q1-base:1.2 pkgsrc-2019Q4:1.2.0.32 pkgsrc-2019Q4-base:1.2 pkgsrc-2019Q3:1.2.0.28 pkgsrc-2019Q3-base:1.2 pkgsrc-2019Q2:1.2.0.26 pkgsrc-2019Q2-base:1.2 pkgsrc-2019Q1:1.2.0.24 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.2.0.22 pkgsrc-2018Q4-base:1.2 pkgsrc-2018Q3:1.2.0.20 pkgsrc-2018Q3-base:1.2 pkgsrc-2018Q2:1.2.0.18 pkgsrc-2018Q2-base:1.2 pkgsrc-2018Q1:1.2.0.16 pkgsrc-2018Q1-base:1.2 pkgsrc-2017Q4:1.2.0.14 pkgsrc-2017Q4-base:1.2 pkgsrc-2017Q3:1.2.0.12 pkgsrc-2017Q3-base:1.2 pkgsrc-2017Q2:1.2.0.8 pkgsrc-2017Q2-base:1.2 pkgsrc-2017Q1:1.2.0.6 pkgsrc-2017Q1-base:1.2 pkgsrc-2016Q4:1.2.0.4 pkgsrc-2016Q4-base:1.2 pkgsrc-2016Q3:1.2.0.2 pkgsrc-2016Q3-base:1.2 pkgsrc-2016Q2:1.1.0.34 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.32 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.30 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.28 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.26 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.24 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.22 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.20 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.18 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.16 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.14 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.12 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.10 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.8 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.6 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.4 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.2 pkgsrc-2012Q2-base:1.1; locks; strict; comment @# @; 1.2 date 2016.07.25.05.10.03; author christos; state Exp; branches; next 1.1; commitid XWF4abK3dOr43Ffz; 1.1 date 2012.06.29.14.59.24; author christos; state Exp; branches 1.1.34.1; next ; 1.1.34.1 date 2016.07.28.12.56.35; author spz; state Exp; branches; next ; commitid 8H8ZbMwN5nTbx5gz; desc @@ 1.2 log @Fix buffer overflow on long lines @ text @$NetBSD: patch-ag,v 1.1 2012/06/29 14:59:24 christos Exp $ Keep reading for M Avoid buffer overflow (truncate). --- cvs_direct.c.orig 2005-05-25 23:39:40.000000000 -0400 +++ cvs_direct.c 2016-07-25 01:06:39.000000000 -0400 @@@@ -45,7 +45,7 @@@@ static void send_string(CvsServerCtx *, const char *, ...); static int read_response(CvsServerCtx *, const char *); static void ctx_to_fp(CvsServerCtx * ctx, FILE * fp); -static int read_line(CvsServerCtx * ctx, char * p); +static int read_line(CvsServerCtx * ctx, char * p, size_t); static CvsServerCtx * open_ctx_pserver(CvsServerCtx *, const char *); static CvsServerCtx * open_ctx_forked(CvsServerCtx *, const char *); @@@@ -131,7 +131,7 @@@@ send_string(ctx, "valid-requests\n"); /* check for the commands we will issue */ - read_line(ctx, buff); + read_line(ctx, buff, sizeof(buff)); if (strncmp(buff, "Valid-requests", 14) != 0) { debug(DEBUG_APPERROR, "cvs_direct: bad response to valid-requests command"); @@@@ -150,7 +150,7 @@@@ return NULL; } - read_line(ctx, buff); + read_line(ctx, buff, sizeof(buff)); if (strcmp(buff, "ok") != 0) { debug(DEBUG_APPERROR, "cvs_direct: bad ok trailer to valid-requests command"); @@@@ -661,7 +661,7 @@@@ return len; } -static int read_line(CvsServerCtx * ctx, char * p) +static int read_line(CvsServerCtx * ctx, char * p, size_t size) { int len = 0; while (1) @@@@ -672,7 +672,7 @@@@ *p = *ctx->head++; - if (*p == '\n') + if (*p == '\n' || len >= size - 1) { *p = 0; break; @@@@ -689,7 +689,7 @@@@ /* FIXME: more than 1 char at a time */ char resp[BUFSIZ]; - if (read_line(ctx, resp) < 0) + if (read_line(ctx, resp, sizeof(resp)) < 0) return 0; debug(DEBUG_TCP, "response '%s' read", resp); @@@@ -703,7 +703,7 @@@@ while (1) { - read_line(ctx, line); + read_line(ctx, line, sizeof(line)); debug(DEBUG_TCP, "ctx_to_fp: %s", line); if (memcmp(line, "M ", 2) == 0) { @@@@ -879,7 +879,7 @@@@ char lbuff[BUFSIZ]; int len; - len = read_line(ctx, lbuff); + len = read_line(ctx, lbuff, sizeof(lbuff)); debug(DEBUG_TCP, "cvs_direct: rlog: read %s", lbuff); if (memcmp(lbuff, "M ", 2) == 0) @@@@ -910,13 +910,15 @@@@ char lbuff[BUFSIZ]; strcpy(client_version, "Client: Concurrent Versions System (CVS) 99.99.99 (client/server) cvs-direct"); send_string(ctx, "version\n"); - read_line(ctx, lbuff); + read_line(ctx, lbuff, sizeof(lbuff)); if (memcmp(lbuff, "M ", 2) == 0) sprintf(server_version, "Server: %s", lbuff + 2); else debug(DEBUG_APPERROR, "cvs_direct: didn't read version: %s", lbuff); - read_line(ctx, lbuff); + do + read_line(ctx, lbuff, sizeof(lbuff)); + while(memcmp(lbuff, "M ", 2) == 0); if (strcmp(lbuff, "ok") != 0) debug(DEBUG_APPERROR, "cvs_direct: protocol error reading version"); @ 1.1 log @Make this work with our cvs which prints out an extra line in version because of the cvsacl patch. @ text @d1 1 a1 1 $NetBSD$ d3 85 a87 3 --- cvs_direct.c.orig 2012-06-28 17:52:13.000000000 -0400 +++ cvs_direct.c 2012-06-28 17:52:51.000000000 -0400 @@@@ -916,7 +916,9 @@@@ d93 1 a93 1 + read_line(ctx, lbuff); @ 1.1.34.1 log @Pullup ticket #5074 - requested by christos devel/cvsps: security patch Revisions pulled up: - devel/cvsps/Makefile 1.27 - devel/cvsps/distinfo 1.14 - devel/cvsps/patches/patch-ag 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: christos Date: Mon Jul 25 05:10:03 UTC 2016 Modified Files: pkgsrc/devel/cvsps: Makefile distinfo pkgsrc/devel/cvsps/patches: patch-ag Log Message: Fix buffer overflow on long lines To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/devel/cvsps/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/cvsps/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/devel/cvsps/patches/patch-ag @ text @d3 3 a5 85 Keep reading for M Avoid buffer overflow (truncate). --- cvs_direct.c.orig 2005-05-25 23:39:40.000000000 -0400 +++ cvs_direct.c 2016-07-25 01:06:39.000000000 -0400 @@@@ -45,7 +45,7 @@@@ static void send_string(CvsServerCtx *, const char *, ...); static int read_response(CvsServerCtx *, const char *); static void ctx_to_fp(CvsServerCtx * ctx, FILE * fp); -static int read_line(CvsServerCtx * ctx, char * p); +static int read_line(CvsServerCtx * ctx, char * p, size_t); static CvsServerCtx * open_ctx_pserver(CvsServerCtx *, const char *); static CvsServerCtx * open_ctx_forked(CvsServerCtx *, const char *); @@@@ -131,7 +131,7 @@@@ send_string(ctx, "valid-requests\n"); /* check for the commands we will issue */ - read_line(ctx, buff); + read_line(ctx, buff, sizeof(buff)); if (strncmp(buff, "Valid-requests", 14) != 0) { debug(DEBUG_APPERROR, "cvs_direct: bad response to valid-requests command"); @@@@ -150,7 +150,7 @@@@ return NULL; } - read_line(ctx, buff); + read_line(ctx, buff, sizeof(buff)); if (strcmp(buff, "ok") != 0) { debug(DEBUG_APPERROR, "cvs_direct: bad ok trailer to valid-requests command"); @@@@ -661,7 +661,7 @@@@ return len; } -static int read_line(CvsServerCtx * ctx, char * p) +static int read_line(CvsServerCtx * ctx, char * p, size_t size) { int len = 0; while (1) @@@@ -672,7 +672,7 @@@@ *p = *ctx->head++; - if (*p == '\n') + if (*p == '\n' || len >= size - 1) { *p = 0; break; @@@@ -689,7 +689,7 @@@@ /* FIXME: more than 1 char at a time */ char resp[BUFSIZ]; - if (read_line(ctx, resp) < 0) + if (read_line(ctx, resp, sizeof(resp)) < 0) return 0; debug(DEBUG_TCP, "response '%s' read", resp); @@@@ -703,7 +703,7 @@@@ while (1) { - read_line(ctx, line); + read_line(ctx, line, sizeof(line)); debug(DEBUG_TCP, "ctx_to_fp: %s", line); if (memcmp(line, "M ", 2) == 0) { @@@@ -879,7 +879,7 @@@@ char lbuff[BUFSIZ]; int len; - len = read_line(ctx, lbuff); + len = read_line(ctx, lbuff, sizeof(lbuff)); debug(DEBUG_TCP, "cvs_direct: rlog: read %s", lbuff); if (memcmp(lbuff, "M ", 2) == 0) @@@@ -910,13 +910,15 @@@@ char lbuff[BUFSIZ]; strcpy(client_version, "Client: Concurrent Versions System (CVS) 99.99.99 (client/server) cvs-direct"); send_string(ctx, "version\n"); - read_line(ctx, lbuff); + read_line(ctx, lbuff, sizeof(lbuff)); if (memcmp(lbuff, "M ", 2) == 0) sprintf(server_version, "Server: %s", lbuff + 2); d11 1 a11 1 + read_line(ctx, lbuff, sizeof(lbuff)); @