head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.54
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.52
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.50
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.48
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.46
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.44
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.42
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.40
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.38
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.36
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.34
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.32
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.2.0.30
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.2.0.28
	pkgsrc-2007Q1-base:1.2
	pkgsrc-2006Q4:1.2.0.26
	pkgsrc-2006Q4-base:1.2
	pkgsrc-2006Q3:1.2.0.24
	pkgsrc-2006Q3-base:1.2
	pkgsrc-2006Q2:1.2.0.22
	pkgsrc-2006Q2-base:1.2
	pkgsrc-2006Q1:1.2.0.20
	pkgsrc-2006Q1-base:1.2
	pkgsrc-2005Q4:1.2.0.18
	pkgsrc-2005Q4-base:1.2
	pkgsrc-2005Q3:1.2.0.16
	pkgsrc-2005Q3-base:1.2
	pkgsrc-2005Q2:1.2.0.14
	pkgsrc-2005Q2-base:1.2
	pkgsrc-2005Q1:1.2.0.12
	pkgsrc-2005Q1-base:1.2
	pkgsrc-2004Q4:1.2.0.10
	pkgsrc-2004Q4-base:1.2
	pkgsrc-2004Q3:1.2.0.8
	pkgsrc-2004Q3-base:1.2
	pkgsrc-2004Q2:1.2.0.6
	pkgsrc-2004Q2-base:1.2
	pkgsrc-2004Q1:1.2.0.4
	pkgsrc-2004Q1-base:1.2
	pkgsrc-2003Q4:1.2.0.2
	pkgsrc-2003Q4-base:1.2;
locks; strict;
comment	@# @;


1.2
date	2002.12.27.08.41.25;	author uebayasi;	state dead;
branches;
next	1.1;

1.1
date	2002.12.02.03.40.21;	author itojun;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update Canna to 3.6p1.

Changes from 3.5b2 are:
	* Add -inet option not to allow TCP connections by default.
	* Fix a buffer overflow.  (This fix was already incorpolated
	  in Pkgsrc version.)
	* Improve dicionary.
	* Improve conversion engine.
	* Other bug fixes.

Patch is made by Yoshifumi Hiramatsu.  Tested by Toru Takamizu.
@
text
@$NetBSD: patch-ai,v 1.1 2002/12/02 03:40:21 itojun Exp $

security fix between 3.6 -> 3.6p1

--- server/convert.c.orig	Mon Dec  2 20:01:34 1996
+++ server/convert.c	Sat Nov  9 10:39:32 2002
@@@@ -53,6 +53,8 @@@@
 #define ACK2 2
 #define ACK3 3
 #define CHECK_ACK_BUF_SIZE	(ACK_BUFSIZE + (SIZEOFLONG * 2) )
+#define IR_INT_MAX 32767
+#define IR_INT_INVAL(x) ((unsigned int)x > IR_INT_MAX)
 
 extern int  errno;
 
@@@@ -1778,6 +1780,8 @@@@
 	return( needsize ) ;
 
     req->namelen = (int)L4TOL(buf + SIZE4);
+    if( IR_INT_INVAL(req->namelen) )
+	return( -1 );
    ir_debug( Dmsg(10,"req->namelen =%d\n", req->namelen ); )
 
     if( (needsize = SIZE8 + req->namelen - size) > 0 )
@@@@ -1785,6 +1789,8 @@@@
 
     if( req->namelen > 0 ){
 	req->name = buf + SIZE8 ;
+	if( req->name[req->namelen - 1] != 0 )
+	    return( -1 );
     }
    ir_debug( Dmsg(10,"req->namelen =%d\n", req->namelen ); )
    ir_debug( Dmsg(10,"req->name =%s\n", req->name ); )
@


1.1
log
@apply point patch to solve remote buffer overrun vuln.
(should upgrade to 3.6p1)
http://canna.sourceforge.jp/sec/Canna-2002-01.txt
@
text
@d1 1
a1 1
$NetBSD$
@