76852 – [PATCH] textproc/unrtf: fix vulnerability

Bug 76852 - [PATCH] textproc/unrtf: fix vulnerability

Summary: [PATCH] textproc/unrtf: fix vulnerability

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-01-30 12:50 UTC by Stefan Walter
Modified:	2005-02-11 13:39 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
unrtf-0.19.3_1.patch (1.31 KB, patch) 2005-01-30 12:50 UTC, Stefan Walter	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Walter 2005-01-30 12:50:26 UTC

- Attempt to fix the exploitable security issue described at
  http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by
  replacing strcat() with strncat(). Please note that I wasn't able to
  reproduce the exploit described at
  http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system.
  Feedback of someone who can reproduce the exploit with an unpatched unrtf
  would be appreciated.
- Bump PORTREVISION.
- Remove old master site that doesn't seem to have the distfile any more.

Security Team cc'd.

Added file(s):
- files/patch-convert.c

Generated with FreeBSD Port Tools 0.63

Comment 1 Alexey Dokuchaev freebsd_committer

2005-02-11 13:38:53 UTC

State Changed
From-To: open->closed

Fix committed, thanks!