another security fix, this time in the digest auth code. Note: This package appears to be at high risk for security problems and may/should be removed from the tree in the future

2 files changed, 31 insertions, 0 deletions

diff --git a/net-misc/pavuk/files/digest-pavuk-0.9.28-r3 b/net-misc/pavuk/files/digest-pavuk-0.9.28-r3
new file mode 100644
index 000000000000..cdc14b2bba09
--- /dev/null
+++ b/net-misc/pavuk/files/digest-pavuk-0.9.28-r3
@@ -0,0 +1 @@
+MD5 d0f7b77bd11322add1f7d52d62afbf78 pavuk-0.9pl28.tgz 968336
diff --git a/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch b/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch
new file mode 100644
index 000000000000..9b12207d0a6a
--- /dev/null
+++ b/net-misc/pavuk/files/pavuk-0.9.28-digest_auth.c.patch
@@ -0,0 +1,30 @@
+--- digest_auth_orig.c	2000-12-03 08:25:44.000000000 -0600
++++ digest_auth.c	2004-07-24 13:45:50.000000000 -0500
+@@ -87,6 +87,7 @@
+ 	return retv;
+ }
+ 
++/* PRE: Assumes 'buf' can store 2K */
+ char *http_get_digest_auth_str(auth_digest, method, user, pass, urlp, buf)
+ http_digest_info *auth_digest;
+ char *method;
+@@ -99,14 +100,15 @@
+ 	char *a1,*a2,*a3;
+ 	char *d = url_encode_str(urlp->p.http.document, URL_PATH_UNSAFE);
+ 
+-	sprintf(pom, "%s:%s:%s", user, auth_digest->realm, pass);
++	snprintf(pom, sizeof(pom), "%s:%s:%s", user, auth_digest->realm, pass);
+ 	a1 = _md5(pom);
+-	sprintf(pom, "%s:%s", method, d);
++	snprintf(pom, sizeof(pom), "%s:%s", method, d);
+ 	a2 = _md5(pom);
+-	sprintf(pom, "%s:%s:%s", a1, auth_digest->nonce, a2);
++	snprintf(pom, sizeof(pom), "%s:%s:%s", a1, auth_digest->nonce, a2);
+ 	a3 = _md5(pom);
+ 
+-	sprintf(buf,
++	snprintf(buf,
++		2048,
+ 		"Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\"" , 
+ 		user, auth_digest->realm, auth_digest->nonce, d, a3);
+