FreeBSD Bugzilla – Attachment 42145 Details for
Bug 65754
[patch] devel/tla - format string vulnerabillitys in included neon
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
tla1.2-1.2-1.diff
tla1.2-1.2-1.diff (text/plain), 4.17 KB, created by
Frank Ruell
on 2004-04-19 10:30:20 UTC
(
hide
)
Description:
tla1.2-1.2-1.diff
Filename:
MIME Type:
Creator:
Frank Ruell
Created:
2004-04-19 10:30:20 UTC
Size:
4.17 KB
patch
obsolete
>diff -ruN tla.orig/Makefile tla/Makefile >--- tla.orig/Makefile Mon Mar 1 23:20:03 2004 >+++ tla/Makefile Sat Apr 17 20:50:46 2004 >@@ -7,6 +7,7 @@ > > PORTNAME= tla > PORTVERSION= 1.2 >+PORTREVISION= 1 > CATEGORIES= devel > MASTER_SITES= ${MASTER_SITE_GNU} \ > http://regexps.srparish.net/src/${PORTNAME}/ \ >@@ -26,7 +27,7 @@ > ORIGWRKSRC= ${WRKDIR}/${DISTNAME}/src > WRKSRC= ${ORIGWRKSRC}/=build > >-pre-configure: >+pre-patch: > ${MKDIR} ${WRKSRC} > > do-configure: >diff -ruN tla.orig/files/patch-libneon-ne_207.c tla/files/patch-libneon-ne_207.c >--- tla.orig/files/patch-libneon-ne_207.c Thu Jan 1 01:00:00 1970 >+++ tla/files/patch-libneon-ne_207.c Sat Apr 17 20:56:18 2004 >@@ -0,0 +1,17 @@ >+--- ../tla/libneon.orig/ne_207.c Sat Dec 6 20:35:28 2003 >++++ ../tla/libneon/ne_207.c Sat Apr 17 20:25:46 2004 >+@@ -320,12 +320,12 @@ >+ if (ne_get_status(req)->code == 207) { >+ if (!ne_xml_valid(p)) { >+ /* The parse was invalid */ >+- ne_set_error(sess, ne_xml_get_error(p)); >++ ne_set_error(sess, "%s", ne_xml_get_error(p)); >+ ret = NE_ERROR; >+ } else if (ctx.is_error) { >+ /* If we've actually got any error information >+ * from the 207, then set that as the error */ >+- ne_set_error(sess, ctx.buf->data); >++ ne_set_error(sess, "%s", ctx.buf->data); >+ ret = NE_ERROR; >+ } >+ } else if (ne_get_status(req)->klass != 2) { >diff -ruN tla.orig/files/patch-libneon-ne_auth.c tla/files/patch-libneon-ne_auth.c >--- tla.orig/files/patch-libneon-ne_auth.c Thu Jan 1 01:00:00 1970 >+++ tla/files/patch-libneon-ne_auth.c Sat Apr 17 20:50:46 2004 >@@ -0,0 +1,11 @@ >+--- ../tla/libneon.orig/ne_auth.c Sat Dec 6 20:35:28 2003 >++++ ../tla/libneon/ne_auth.c Sat Apr 17 20:11:55 2004 >+@@ -950,7 +950,7 @@ >+ if (areq->auth_info_hdr != NULL && >+ verify_response(areq, sess, areq->auth_info_hdr)) { >+ NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n"); >+- ne_set_error(sess->sess, _(sess->spec->fail_msg)); >++ ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg)); >+ ret = NE_ERROR; >+ } else if (status->code == sess->spec->status_code && >+ areq->auth_hdr != NULL) { >diff -ruN tla.orig/files/patch-libneon-ne_locks.c tla/files/patch-libneon-ne_locks.c >--- tla.orig/files/patch-libneon-ne_locks.c Thu Jan 1 01:00:00 1970 >+++ tla/files/patch-libneon-ne_locks.c Sat Apr 17 20:50:46 2004 >@@ -0,0 +1,20 @@ >+--- ../tla/libneon.orig/ne_locks.c Sat Dec 6 20:35:28 2003 >++++ ../tla/libneon/ne_locks.c Sat Apr 17 20:11:55 2004 >+@@ -734,7 +734,7 @@ >+ } >+ else if (parse_failed) { >+ ret = NE_ERROR; >+- ne_set_error(sess, ne_xml_get_error(parser)); >++ ne_set_error(sess, "%s", ne_xml_get_error(parser)); >+ } >+ else if (ne_get_status(req)->code == 207) { >+ ret = NE_ERROR; >+@@ -802,7 +802,7 @@ >+ if (ret == NE_OK && ne_get_status(req)->klass == 2) { >+ if (parse_failed) { >+ ret = NE_ERROR; >+- ne_set_error(sess, ne_xml_get_error(parser)); >++ ne_set_error(sess, "%s", ne_xml_get_error(parser)); >+ } >+ else if (ne_get_status(req)->code == 207) { >+ ret = NE_ERROR; >diff -ruN tla.orig/files/patch-libneon-ne_props.c tla/files/patch-libneon-ne_props.c >--- tla.orig/files/patch-libneon-ne_props.c Thu Jan 1 01:00:00 1970 >+++ tla/files/patch-libneon-ne_props.c Sat Apr 17 20:50:46 2004 >@@ -0,0 +1,11 @@ >+--- ../tla/libneon.orig/ne_props.c Sat Dec 6 20:35:28 2003 >++++ ../tla/libneon/ne_props.c Sat Apr 17 20:11:55 2004 >+@@ -142,7 +142,7 @@ >+ if (ret == NE_OK && ne_get_status(req)->klass != 2) { >+ ret = NE_ERROR; >+ } else if (!ne_xml_valid(handler->parser)) { >+- ne_set_error(handler->sess, ne_xml_get_error(handler->parser)); >++ ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser)); >+ ret = NE_ERROR; >+ } >+ >diff -ruN tla.orig/files/patch-libneon-ne_xml.c tla/files/patch-libneon-ne_xml.c >--- tla.orig/files/patch-libneon-ne_xml.c Thu Jan 1 01:00:00 1970 >+++ tla/files/patch-libneon-ne_xml.c Sat Apr 17 20:50:46 2004 >@@ -0,0 +1,11 @@ >+--- ../tla/libneon.orig/ne_xml.c Sat Dec 6 20:35:29 2003 >++++ ../tla/libneon/ne_xml.c Sat Apr 17 20:11:55 2004 >+@@ -538,7 +538,7 @@ >+ >+ void ne_xml_set_error(ne_xml_parser *p, const char *msg) >+ { >+- ne_snprintf(p->error, ERR_SIZE, msg); >++ ne_snprintf(p->error, ERR_SIZE, "%s", msg); >+ } >+ >+ #ifdef HAVE_LIBXML
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=42145">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 65754
: 42145