diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2012-07-08 17:42:00 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2012-07-08 17:42:00 +0000 |
| commit | 78608712d92112d01a7041722dce0b38d36e7f57 (patch) | |
| tree | 7681677ab54ecaa877976fec4f0c381757e6d142 /net-ftp/netkit-tftp/files | |
| parent | alpha/ia64/m68k/s390/sh/sparc stable wrt #420919 (diff) | |
| download | historical-78608712d92112d01a7041722dce0b38d36e7f57.tar.gz historical-78608712d92112d01a7041722dce0b38d36e7f57.tar.bz2 historical-78608712d92112d01a7041722dce0b38d36e7f57.zip | |
Add a patch to fix the overflow reported in bug #425184. Probably still worth of last riting though.
Package-Manager: portage-2.2.0_alpha116/cvs/Linux x86_64
Diffstat (limited to 'net-ftp/netkit-tftp/files')
| -rw-r--r-- | net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch b/net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch new file mode 100644 index 000000000000..64925a244ed9 --- /dev/null +++ b/net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch @@ -0,0 +1,55 @@ +Index: netkit-tftp-0.17/tftp/tftp.c +=================================================================== +--- netkit-tftp-0.17.orig/tftp/tftp.c ++++ netkit-tftp-0.17/tftp/tftp.c +@@ -56,6 +56,7 @@ char tftp_rcsid[] = + #include <setjmp.h> + #include <unistd.h> + #include <string.h> ++#include <stddef.h> + + #include "tftpsubs.h" + +@@ -78,7 +79,7 @@ static sigjmp_buf timeoutbuf; + + + static int makerequest(int request, char *name, +- struct tftphdr *tp, char *mode); ++ char *hdr, char *mode); + static void nak(int errnor); + static void tpacket(const char *s, struct tftphdr *tp, int n); + static void startclock(void); +@@ -126,7 +127,7 @@ sendfile(int fd, char *name, char *mode) + mysignal(SIGALRM, timer); + do { + if (firsttrip) { +- size = makerequest(WRQ, name, dp, mode) - 4; ++ size = makerequest(WRQ, name, (char*)dp, mode) - 4; + } + else { + /* size = read(fd, dp->th_data, SEGSIZE); */ +@@ -238,7 +239,7 @@ recvfile(int fd, char *name, char *mode) + mysignal(SIGALRM, timer); + do { + if (firsttrip) { +- size = makerequest(RRQ, name, ap, mode); ++ size = makerequest(RRQ, name, ackbuf, mode); + firsttrip = 0; + } else { + ap->th_opcode = htons((u_short)ACK); +@@ -320,12 +321,13 @@ abort: + } + + int +-makerequest(int request, char *name, struct tftphdr *tp, char *mode) ++makerequest(int request, char *name, char *hdr, char *mode) + { + register char *cp; ++ struct tftphdr *tp = (struct tftphdr*)hdr; + + tp->th_opcode = htons((u_short)request); +- cp = tp->th_stuff; ++ cp = hdr + offsetof(struct tftphdr, th_stuff); + strcpy(cp, name); + cp += strlen(name); + *cp++ = '\0'; |