head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.34
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.32
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.30
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.28
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.26
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.24
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.22
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.20
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.18
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.16
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.14
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.12
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.2.0.10
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.2.0.8
	pkgsrc-2007Q1-base:1.2
	pkgsrc-2006Q4:1.2.0.6
	pkgsrc-2006Q4-base:1.2
	pkgsrc-2006Q3:1.2.0.4
	pkgsrc-2006Q3-base:1.2
	pkgsrc-2006Q2:1.2.0.2
	pkgsrc-2006Q2-base:1.2
	pkgsrc-2006Q1:1.1.0.10
	pkgsrc-2006Q1-base:1.1
	pkgsrc-2005Q4:1.1.0.8
	pkgsrc-2005Q4-base:1.1
	pkgsrc-2005Q3:1.1.0.6
	pkgsrc-2005Q3-base:1.1
	pkgsrc-2005Q2:1.1.0.4
	pkgsrc-2005Q2-base:1.1
	pkgsrc-2005Q1:1.1.0.2
	pkgsrc-2005Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2006.04.04.15.41.11;	author jmmv;	state dead;
branches;
next	1.1;

1.1
date	2005.01.25.19.08.55;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Remove evolution14.  It is unmaintained and a much newer version is provided
in the evolution package.  No complaints in pkgsrc-users@@.
@
text
@$NetBSD: patch-ak,v 1.1 2005/01/25 19:08:55 drochner Exp $

--- camel/camel-lock-helper.c.orig	2001-10-27 18:59:27.000000000 +0200
+++ camel/camel-lock-helper.c
@@@@ -360,8 +360,9 @@@@ int main(int argc, char **argv)
 			switch(msg.id) {
 			case CAMEL_LOCK_HELPER_LOCK:
 				res = CAMEL_LOCK_HELPER_STATUS_NOMEM;
-				path = malloc(msg.data+1);
-				if (path != NULL) {
+				if (msg.data > 0xffff) {
+					res = CAMEL_LOCK_HELPER_STATUS_PROTOCOL;
+				} else if ((path = malloc(msg.data+1)) != NULL) {
 					res = CAMEL_LOCK_HELPER_STATUS_PROTOCOL;
 					len = read_n(STDIN_FILENO, path, msg.data);
 					if (len == msg.data) {
@


1.1
log
@as with 2.0.3:
> apply a patch from evution CVS:
> 2005-01-20  Not Zed  <NotZed@@Ximian.com>
> * camel-lock-helper.c (main): since malloc(MAXINT+1) returns a
>   valid pointer, validate the length of the path before using it.
>   set maximum path to 65000 characters.  Spotted by Max Vozeler
>     <max@@hinterhof.net>
>
> This fixes the security vulnerability refered to as CAN-2005-0102.
> bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD$
@