head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.10 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.8 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.6 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.4 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.2 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.2.0.40 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.38 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.36 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.34 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.32 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.30 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.28 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.26 pkgsrc-2008Q1:1.2.0.24 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.22 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.20 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.18 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.16 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.14 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.12 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.10 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.8 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.6 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.4 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.2 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.1.0.6 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.4 pkgsrc-2004Q4-base:1.1 pkgsrc-2004Q3:1.1.0.2 pkgsrc-2004Q3-base:1.1; locks; strict; comment @# @; 1.3 date 2009.12.16.20.07.32; author joerg; state dead; branches; next 1.2; 1.2 date 2005.06.14.18.10.37; author jlam; state Exp; branches; next 1.1; 1.1 date 2004.09.16.15.09.01; author minskim; state Exp; branches; next ; desc @@ 1.3 log @Retire old xpm package. Replaced by x11/libXpm. @ text @$NetBSD: patch-ah,v 1.2 2005/06/14 18:10:37 jlam Exp $ --- lib/data.c.orig 1998-03-19 14:51:00.000000000 -0500 +++ lib/data.c @@@@ -32,6 +32,8 @@@@ * Developed by Arnaud Le Hors * \*****************************************************************************/ +/* October 2004, source code review by Thomas Biege */ + #ifndef CXPMPROG /* Official version number */ static char *RCS_Version = "$XpmVersion: 3.4k $"; @@@@ -261,7 +263,7 @@@@ xpmNextWord(data, buf, buflen) } Ungetc(data, c, file); } - return (n); + return (n); /* this returns bytes read + 1 */ } /* @@@@ -374,8 +376,9 @@@@ xpmGetCmt(data, cmt) { if (!data->type) *cmt = NULL; - else if (data->CommentLength) { - *cmt = (char *) XpmMalloc(data->CommentLength + 1); + else if (data->CommentLength != 0 && data->CommentLength < UINT_MAX - 1) { + if( (*cmt = (char *) XpmMalloc(data->CommentLength + 1)) == NULL) + return XpmNoMemory; strncpy(*cmt, data->Comment, data->CommentLength); (*cmt)[data->CommentLength] = '\0'; data->CommentLength = 0; @@@@ -403,7 +406,7 @@@@ int xpmParseHeader(data) xpmData *data; { - char buf[BUFSIZ]; + char buf[BUFSIZ+1] = {0}; int l, n = 0; if (data->type) { @ 1.2 log @Apply fixes derived from the HEAD branch of X.Org (6.8.99) to address problems noted in CAN-2004-0914: Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitary code via a certain XPM image file. Bump PKGREVISION to 4. Since this is a security-related fix, also bump the BUILDLINK_RECOMMENDED version for this package. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Incorporate security fixes of X.Org X11R6.8.1. Bump PKGREVISION. @ text @d3 1 a3 1 --- lib/data.c.orig Thu Mar 19 13:51:00 1998 d5 19 a23 1 @@@@ -374,7 +374,7 @@@@ xpmGetCmt(data, cmt) d28 4 a31 2 + else if (data->CommentLength != 0 && data->CommentLength < SIZE_MAX - 1) { *cmt = (char *) XpmMalloc(data->CommentLength + 1); d34 10 @