diff options
Diffstat (limited to 'sys-apps/man/files/man-1.5m-security.patch')
| -rw-r--r-- | sys-apps/man/files/man-1.5m-security.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/sys-apps/man/files/man-1.5m-security.patch b/sys-apps/man/files/man-1.5m-security.patch new file mode 100644 index 000000000000..2f7e9e3db64b --- /dev/null +++ b/sys-apps/man/files/man-1.5m-security.patch @@ -0,0 +1,22 @@ +diff -urP man-1.5l/src/gripes.c man-1.5l/src/gripes.c +--- man-1.5l/src/gripes.c Wed Jul 17 20:17:23 2002 ++++ man-1.5l/src/gripes.c Fri Jun 6 14:51:21 2003 +@@ -28,0 +28,1 @@ ++#include <string.h> +@@ -68,0 +68,2 @@ ++ unsigned int i = 0; ++ unsigned short fmt_n = 0; +@@ -78,0 +78,13 @@ ++ /* routine to filter format string abuse. will */ ++ /* only allow %d, %s, and %o through. no more */ ++ /* than two formats needed for any response. */ ++ for (i = 0; s[i] != 0x0; i++){ ++ if (s[i] == '%' && s[i+1]){ ++ if (strchr("dso", s[i+1])) /* %d,%s,%o. */ ++ fmt_n++; ++ else ++ fmt_n=3; /* anything else = <limit. */ ++ } ++ if (fmt_n > 2) /* failed, default reply. */ ++ s = msg[n]; ++ } |