head 1.1; access; symbols pkgsrc-2026Q1:1.1.0.176 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.174 pkgsrc-2025Q4-base:1.1 pkgsrc-2025Q3:1.1.0.172 pkgsrc-2025Q3-base:1.1 pkgsrc-2025Q2:1.1.0.170 pkgsrc-2025Q2-base:1.1 pkgsrc-2025Q1:1.1.0.168 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.166 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.164 pkgsrc-2024Q3-base:1.1 pkgsrc-2024Q2:1.1.0.162 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.160 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.158 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.156 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.154 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.152 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.150 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.148 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.146 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.144 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.142 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.140 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.138 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.136 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.134 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.132 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.128 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.108 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.130 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.126 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.124 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.122 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.120 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.118 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.116 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.114 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.112 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.110 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.106 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.104 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.102 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.100 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.98 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.96 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.94 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.92 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.90 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.88 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.86 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.84 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.82 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.80 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.78 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.76 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.74 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.72 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.70 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.68 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.66 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.64 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.62 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.60 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.58 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.56 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.54 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.52 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.50 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.48 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.46 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.44 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.42 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.40 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.38 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.36 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.34 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.32 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.30 pkgsrc-2008Q1:1.1.0.28 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.26 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.24 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.22 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.20 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.18 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.16 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.14 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.12 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.10 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.8 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.6 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.4 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.2; locks; strict; comment @# @; 1.1 date 2005.03.01.14.53.41; author wiz; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.03.01.14.53.41; author snj; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.03.01.20.32.38; author snj; state Exp; branches; next ; desc @@ 1.1 log @Apply fix for CAN-2005-0160 and CAN-2005-0161. Bump PKGREVISION. @ text @$NetBSD$ --- uac_crt.c.orig 1998-07-01 10:29:00.000000000 +0200 +++ uac_crt.c @@@@ -33,12 +33,15 @@@@ /* gets file name from header */ -CHAR *ace_fname(CHAR * s, thead * head, INT nopath) +CHAR *ace_fname(CHAR * s, thead * head, INT nopath, unsigned int size) { - INT i; + unsigned int i; char *cp; - strncpy(s, (*(tfhead *) head).FNAME, i = (*(tfhead *) head).FNAME_SIZE); + i = (*(tfhead *) head).FNAME_SIZE; + if (i > (size - 1)) + i = size - 1; + strncpy(s, (*(tfhead *) head).FNAME, i); s[i] = 0; if (nopath) @@@@ -56,22 +59,72 @@@@ CHAR *ace_fname(CHAR * s, thead * head, } #endif + cp = s; + while (*cp == '/') cp++; + if (cp != s) + memmove(s, cp, strlen(cp) + 1); + return s; } +int is_directory_traversal(char *str) +{ + unsigned int mode, countdots; + /* mode 0 = fresh, 1 = just dots, 2 = not just dots */ + char ch; + + mode = countdots = 0; + + while (ch = *str++) + { + if ((ch == '/') && (mode == 1) && (countdots > 1)) + return 1; + + if (ch == '/') + { + mode = countdots = 0; + continue; + } + + if (ch == '.') + { + if (mode == 0) + mode = 1; + + countdots++; + } + else + mode = 2; + } + + if ((mode == 1) && (countdots > 1)) + return 1; + + return 0; +} + void check_ext_dir(CHAR * f) // checks/creates path of file { CHAR *cp, d[PATH_MAX]; - INT i; + unsigned int i; d[0] = 0; + if (is_directory_traversal(f)) + { + f_err = ERR_WRITE; + printf("\n Directory traversal attempt: %s\n", f); + return; + } + for (;;) { if ((cp = (CHAR *) strchr(&f[strlen(d) + 1], DIRSEP))!=NULL) { i = cp - f; + if (i > (PATH_MAX - 1)) + i = PATH_MAX - 1; strncpy(d, f, i); d[i] = 0; } @ 1.1.2.1 log @file patch-ae was added on branch pkgsrc-2004Q4 on 2005-03-01 14:53:41 +0000 @ text @d1 97 @ 1.1.2.2 log @Pullup ticket 323 - requested by Thomas Klausner security fix for unace Revisions pulled up: - pkgsrc/archivers/unace/Makefile 1.14 - pkgsrc/archivers/unace/distinfo 1.6 - pkgsrc/archivers/unace/patches/patch-ad 1.2 - pkgsrc/archivers/unace/patches/patch-ae 1.1 - pkgsrc/archivers/unace/patches/patch-af 1.1 Module Name: pkgsrc Committed By: wiz Date: Tue Mar 1 14:53:41 UTC 2005 Modified Files: pkgsrc/archivers/unace: Makefile distinfo pkgsrc/archivers/unace/patches: patch-ad Added Files: pkgsrc/archivers/unace/patches: patch-ae patch-af Log Message: Apply fix for CAN-2005-0160 and CAN-2005-0161. Bump PKGREVISION. @ text @a0 97 $NetBSD: patch-ae,v 1.1.2.1 2005/03/01 20:32:38 snj Exp $ --- uac_crt.c.orig 1998-07-01 10:29:00.000000000 +0200 +++ uac_crt.c @@@@ -33,12 +33,15 @@@@ /* gets file name from header */ -CHAR *ace_fname(CHAR * s, thead * head, INT nopath) +CHAR *ace_fname(CHAR * s, thead * head, INT nopath, unsigned int size) { - INT i; + unsigned int i; char *cp; - strncpy(s, (*(tfhead *) head).FNAME, i = (*(tfhead *) head).FNAME_SIZE); + i = (*(tfhead *) head).FNAME_SIZE; + if (i > (size - 1)) + i = size - 1; + strncpy(s, (*(tfhead *) head).FNAME, i); s[i] = 0; if (nopath) @@@@ -56,22 +59,72 @@@@ CHAR *ace_fname(CHAR * s, thead * head, } #endif + cp = s; + while (*cp == '/') cp++; + if (cp != s) + memmove(s, cp, strlen(cp) + 1); + return s; } +int is_directory_traversal(char *str) +{ + unsigned int mode, countdots; + /* mode 0 = fresh, 1 = just dots, 2 = not just dots */ + char ch; + + mode = countdots = 0; + + while (ch = *str++) + { + if ((ch == '/') && (mode == 1) && (countdots > 1)) + return 1; + + if (ch == '/') + { + mode = countdots = 0; + continue; + } + + if (ch == '.') + { + if (mode == 0) + mode = 1; + + countdots++; + } + else + mode = 2; + } + + if ((mode == 1) && (countdots > 1)) + return 1; + + return 0; +} + void check_ext_dir(CHAR * f) // checks/creates path of file { CHAR *cp, d[PATH_MAX]; - INT i; + unsigned int i; d[0] = 0; + if (is_directory_traversal(f)) + { + f_err = ERR_WRITE; + printf("\n Directory traversal attempt: %s\n", f); + return; + } + for (;;) { if ((cp = (CHAR *) strchr(&f[strlen(d) + 1], DIRSEP))!=NULL) { i = cp - f; + if (i > (PATH_MAX - 1)) + i = PATH_MAX - 1; strncpy(d, f, i); d[i] = 0; } @