Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/whois/files
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2008-05-05 04:55:32 +0000
committerMike Frysinger <vapier@gentoo.org>2008-05-05 04:55:32 +0000
commitd76ce5b2b2540e629328cc246974504afaa42db4 (patch)
tree812b13182ca7ac4705ad562e9a9e8956eccb7dcc /net-misc/whois/files
parentold (diff)
downloadhistorical-d76ce5b2b2540e629328cc246974504afaa42db4.tar.gz
historical-d76ce5b2b2540e629328cc246974504afaa42db4.tar.bz2
historical-d76ce5b2b2540e629328cc246974504afaa42db4.zip
Version bump #219498 by Conrad Kostecki.
Package-Manager: portage-2.2_pre5
Diffstat (limited to 'net-misc/whois/files')
-rw-r--r--net-misc/whois/files/whois-4.7.26-gentoo-security.patch79
1 files changed, 79 insertions, 0 deletions
diff --git a/net-misc/whois/files/whois-4.7.26-gentoo-security.patch b/net-misc/whois/files/whois-4.7.26-gentoo-security.patch
new file mode 100644
index 000000000000..9757604bde13
--- /dev/null
+++ b/net-misc/whois/files/whois-4.7.26-gentoo-security.patch
@@ -0,0 +1,79 @@
+--- whois-4.7.26/whois.c
++++ whois-4.7.26/whois.c
+@@ -87,7 +87,7 @@
+ /* RIPE flags */
+ if (strchr(ripeflags, ch)) {
+ for (p = fstring; *p; p++);
+- sprintf(p--, "-%c ", ch);
++ snprintf(p--, sizeof(fstring), "-%c ", ch);
+ continue;
+ }
+ if (strchr(ripeflagsp, ch)) {
+@@ -141,10 +141,10 @@
+ while (1) {
+ qslen += strlen(*argv) + 1 + 1;
+ qstring = realloc(qstring, qslen);
+- strcat(qstring, *argv++);
++ strncat(qstring, *argv++, qslen-1);
+ if (argc == 1)
+ break;
+- strcat(qstring, " ");
++ strncat(qstring, " ", qslen-1);
+ argc--;
+ }
+ }
+@@ -467,8 +467,10 @@
+ char *buf, *p;
+ int i, isripe = 0;
+
++ /* buflen was always 0 in original patch and buf was allocated twice /Aye */
+ /* 64 bytes reserved for server-specific flags added later */
+- buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64);
++ int buflen = strlen(flags) + strlen(query) + strlen(client_tag) + 64;
++ buf = malloc(buflen);
+ *buf = '\0';
+ for (i = 0; ripe_servers[i]; i++)
+ if (streq(server, ripe_servers[i])) {
+@@ -481,7 +483,7 @@
+ if (*flags) {
+ if (!isripe && !streq(server, "whois.corenic.net"))
+ puts(_("Warning: RIPE flags used with a traditional server."));
+- strcat(buf, flags);
++ strncat(buf, flags, buflen-1);
+ }
+
+ #ifdef HAVE_LIBIDN
+@@ -490,28 +492,28 @@
+ */
+ if (streq(server, "whois.denic.de") && domcmp(query, ".de")
+ && !strchr(query, ' ') && !*flags)
+- sprintf(buf, "-T dn,ace -C US-ASCII %s", query);
++ snprintf(buf, buflen-1, "-T dn,ace -C US-ASCII %s", query);
+ else
+ /* here we have another registrar who could not make things simple
+ * -C sets the language for both input and output
+ */
+ if (!isripe && streq(server, "whois.cat") && domcmp(query, ".cat")
+ && !strchr(query, ' '))
+- sprintf(buf, "-C US-ASCII ace %s", query);
++ snprintf(buf, buflen-1, "-C US-ASCII ace %s", query);
+ else
+ #endif
+ if (!isripe && (streq(server, "whois.nic.mil") ||
+ streq(server, "whois.nic.ad.jp")) &&
+ strncaseeq(query, "AS", 2) && isasciidigit(query[2]))
+ /* FIXME: /e is not applied to .JP ASN */
+- sprintf(buf, "AS %s", query + 2); /* fix query for DDN */
++ snprintf(buf, buflen-1, "AS %s", query + 2); /* fix query for DDN */
+ else if (!isripe && (streq(server, "whois.nic.ad.jp") ||
+ streq(server, "whois.jprs.jp"))) {
+ char *lang = getenv("LANG"); /* not a perfect check, but... */
+ if (!lang || !strneq(lang, "ja", 2))
+- sprintf(buf, "%s/e", query); /* ask for english text */
++ snprintf(buf, buflen-1, "%s/e", query); /* ask for english text */
+ else
+- strcat(buf, query);
++ strncat(buf, query, buflen-1);
+ } else if (!isripe && streq(server, "whois.arin.net") &&
+ (p = strrchr(query, '/'))) {
+ strncat(buf, query, p - query); /* strip CIDR */