whois does not check the return values of malloc and realloc to ensure that they succeeded which can lead to unexpted results including segfaults.

So I merged the last gentoo-security.patch with Matt Kraai's idea from debian bug report - #135822 to form the gentoo-security-2.patch

4 files changed, 103 insertions, 8 deletions

diff --git a/net-misc/whois/Manifest b/net-misc/whois/Manifest
index f8d850aa14aa..fe7bf45bf03b 100644
--- a/net-misc/whois/Manifest
+++ b/net-misc/whois/Manifest
@@ -1,4 +1,4 @@
-MD5 1c43f5eddd256b74ccc50a771a0229c4 ChangeLog 3894
-MD5 ed107e917f0146867515ee22cbcf3c95 whois-4.6.6-r2.ebuild 1173
+MD5 7073018f09d550afae0496ea39e0a97d ChangeLog 4384
+MD5 f99cce96e0f6d5eca5217cf1d94b6406 whois-4.6.6-r2.ebuild 1173
 MD5 9d6a7c447cdafb5e2b97f86d5c6e9789 files/digest-whois-4.6.6-r2 62
 MD5 5b0f12c560d041d865109694432ffd93 files/whois-4.6.6-gentoo-security-2.patch 5366
diff --git a/net-misc/whois/files/digest-whois-4.6.6-r1 b/net-misc/whois/files/digest-whois-4.6.6-r2
index 36ed1f444de6..36ed1f444de6 100644
--- a/net-misc/whois/files/digest-whois-4.6.6-r1
+++ b/net-misc/whois/files/digest-whois-4.6.6-r2
diff --git a/net-misc/whois/files/whois-4.6.6-gentoo-security.patch b/net-misc/whois/files/whois-4.6.6-gentoo-security-2.patch
index fa1641fa3192..766f5699e85f 100644
--- a/net-misc/whois/files/whois-4.6.6-gentoo-security.patch
+++ b/net-misc/whois/files/whois-4.6.6-gentoo-security-2.patch
@@ -1,6 +1,6 @@
 diff -Nru whois-4.6.6.orig/whois.c whois-4.6.6/whois.c
 --- whois-4.6.6.orig/whois.c	2003-06-15 12:36:52.000000000 -0400
-+++ whois-4.6.6/whois.c	2003-08-11 02:15:30.000000000 -0400
++++ whois-4.6.6/whois.c	2003-08-11 15:56:57.000000000 -0400
 @@ -73,12 +73,12 @@
  	/* RIPE flags */
  	if (strchr(ripeflags, ch)) {
@@ -16,11 +16,31 @@ diff -Nru whois-4.6.6.orig/whois.c whois-4.6.6/whois.c
  	    if (ch == 't' || ch == 'v' || ch == 'q')
  		nopar = 1;
  	    continue;
-@@ -132,10 +132,10 @@
+@@ -86,7 +86,7 @@
+ 	/* program flags */
+ 	switch (ch) {
+ 	case 'h':
+-	    server = q = malloc(strlen(optarg) + 1);
++	    server = q = xmalloc(strlen(optarg) + 1);
+ 	    for (p = optarg; *p && *p != ':'; *q++ = tolower(*p++));
+ 	    if (*p == ':')
+ 		port = p + 1;
+@@ -122,7 +122,7 @@
+ 	usage();
+ 
+     /* On some systems realloc only works on non-NULL buffers */
+-    qstring = malloc(64);
++    qstring = xmalloc(64);
+     *qstring = '\0';
+ 
+     /* parse other parameters, if any */
+@@ -131,11 +131,11 @@
+ 
  	while (1) {
  	    qslen += strlen(*argv) + 1 + 1;
- 	    qstring = realloc(qstring, qslen);
+-	    qstring = realloc(qstring, qslen);
 -	    strcat(qstring, *argv++);
++	    qstring = xrealloc(qstring, qslen);
 +	    strncat(qstring, *argv++, qslen-1);
  	    if (argc == 1)
  		break;
@@ -40,7 +60,7 @@ diff -Nru whois-4.6.6.orig/whois.c whois-4.6.6/whois.c
 -	    + 10 + 2 + 1);
 +    buflen = (strlen(flags) + strlen(query) + strlen(client_tag) + 4 + 10 + 2 + 1);
 +
-+    buf = malloc(buflen);
++    buf = xmalloc(buflen);
 +
      *buf = '\0';
      for (i = 0; ripe_servers[i]; i++)
@@ -84,3 +104,78 @@ diff -Nru whois-4.6.6.orig/whois.c whois-4.6.6/whois.c
  		fd = openconn(nh, np);
  		do_query(fd, nq);
  		continue;
+@@ -511,7 +514,7 @@
+     FILE *fi;
+     int state = 0;
+ 
+-    temp = malloc(strlen(query) + 1 + 2 + 1);
++    temp = xmalloc(strlen(query) + 1 + 2 + 1);
+     *temp = '=';
+     strcpy(temp + 1, query);
+     strcat(temp, "\r\n");
+@@ -531,7 +534,7 @@
+ 
+ 	    for (p = buf; *p != ':'; p++);	/* skip until colon */
+ 	    for (p++; *p == ' '; p++);		/* skip colon and spaces */
+-	    ret = malloc(strlen(p) + 1);
++	    ret = xmalloc(strlen(p) + 1);
+ 	    for (q = ret; *p != '\n' && *p != '\r' && *p != ' '; *q++ = *p++)
+ 		; /*copy data*/
+ 	    *q = '\0';
+@@ -553,7 +556,7 @@
+     FILE *fi;
+     int state = 0;
+ 
+-    temp = malloc(strlen(query) + 5 + 2 + 1);
++    temp = xmalloc(strlen(query) + 5 + 2 + 1);
+     strcpy(temp, "FULL ");
+     strcat(temp, query);
+     strcat(temp, "\r\n");
+@@ -574,7 +577,7 @@
+ 	    for (p = buf; *p != ':'; p++);	/* skip until colon */
+ 	    for (p++; *p != ':'; p++);		/* skip until 2nd colon */
+ 	    for (p++; *p == ' '; p++);		/* skip colon and spaces */
+-	    ret = malloc(strlen(p) + 1);
++	    ret = xmalloc(strlen(p) + 1);
+ 	    for (q = ret; *p != '\n' && *p != '\r'; *q++ = *p++); /*copy data*/
+ 	    *q = '\0';
+ 	    state = 2;
+@@ -729,6 +732,26 @@
+ }
+ 
+ 
++/* Memory allocation routines */
++void *xmalloc(size_t size)
++{
++    void *ptr;
++
++    if ((ptr = malloc(size)) == NULL)
++	err_sys("malloc");
++
++    return ptr;
++}
++
++void *xrealloc(void *ptr, size_t size)
++{
++    if ((ptr = realloc(ptr, size)) == NULL)
++	err_sys("realloc");
++
++    return ptr;
++}
++
++
+ /* Error routines */
+ void err_sys(const char *fmt, ...)
+ {
+diff -Nru whois-4.6.6.orig/whois.h whois-4.6.6/whois.h
+--- whois-4.6.6.orig/whois.h	2003-03-16 09:08:10.000000000 -0500
++++ whois-4.6.6/whois.h	2003-08-11 15:53:43.000000000 -0400
+@@ -23,6 +23,8 @@
+ int domfind(const char *, const char *[]);
+ char *normalize_domain(const char *);
+ 
++void *xmalloc(size_t);
++void *xrealloc(void *, size_t);
+ void err_quit(const char *,...);
+ void err_sys(const char *,...);
+ 
diff --git a/net-misc/whois/whois-4.6.6-r1.ebuild b/net-misc/whois/whois-4.6.6-r2.ebuild
index 491808f7a950..6fa963eb4d0e 100644
--- a/net-misc/whois/whois-4.6.6-r1.ebuild
+++ b/net-misc/whois/whois-4.6.6-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2003 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/whois/whois-4.6.6-r1.ebuild,v 1.1 2003/08/11 06:38:51 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/whois/whois-4.6.6-r2.ebuild,v 1.1 2003/08/11 20:15:46 solar Exp $
 
 IUSE="nls"
 MY_P=${P/-/_}
@@ -27,7 +27,7 @@ src_unpack() {
 		sed -i "s:cd po.*::" Makefile 
 	)
 
-	epatch ${FILESDIR}/${P}-gentoo-security.patch
+	epatch ${FILESDIR}/${P}-gentoo-security-2.patch
 }
 
 src_compile() {