rpms/prozilla/FC-4 prozilla-1.3.7.4-buf.patch, NONE, 1.1 prozilla.spec, 1.11, 1.12
Hans de Goede (jwrdegoede)
fedora-extras-commits at redhat.com
Fri Jan 20 10:08:02 UTC 2006
Author: jwrdegoede
Update of /cvs/extras/rpms/prozilla/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5081
Modified Files:
prozilla.spec
Added Files:
prozilla-1.3.7.4-buf.patch
Log Message:
* Fri Jan 20 2006 Hans de Goede <j.w.r.degoede at hhs.nl>
- Fix CAN-2005-2961 / bugzilla 169791
prozilla-1.3.7.4-buf.patch:
--- NEW FILE prozilla-1.3.7.4-buf.patch ---
--- prozilla-1.3.7.4/src/ftpsearch.c.buf 2006-01-05 11:43:08.000000000 +0100
+++ prozilla-1.3.7.4/src/ftpsearch.c 2006-01-05 11:59:49.000000000 +0100
@@ -81,9 +81,10 @@
return (strstr(buf, "</A"));
}
-char *get_string_ahref(char *buf, char *out)
+static char *get_string_ahref(char *buf, char *out, size_t out_size)
{
char *p1, *p2, *p3;
+ size_t to_copy;
p1 = find_ahref(buf);
assert(p1 != NULL);
@@ -93,11 +94,14 @@
p3 = find_closed_a(p2);
assert(p3 != NULL);
-
- strncpy(out, p2 + 1, p3 - p2 - 1);
- out[p3 - p2 - 1] = 0;
+
+ to_copy = p3 - p2 - 1;
+ if (to_copy >= out_size)
+ to_copy = out_size - 1;
+ strncpy(out, p2 + 1, to_copy);
+ out[to_copy] = 0;
+
return p3;
-
}
@@ -242,9 +246,8 @@
p1 = kmalloc((j - i - 5) + 100);
strncpy(p1, i + 5, j - i - 5);
-
- debug_prz("\nstring len= %ld", strlen(p1));
p1[j - i - 5 + 1] = 0;
+ debug_prz("\nstring len= %ld", strlen(p1));
p2 = p1;
@@ -275,9 +278,9 @@
for (k = 0; k < *num_servers; k++)
{
memset(&(ftp_mirrors[k]), 0, sizeof(ftp_mirror));
- p2 = get_string_ahref(p2, buf);
+ p2 = get_string_ahref(p2, buf, sizeof(buf)/sizeof(char));
ftp_mirrors[k].server_name = kstrdup(buf);
- p2 = get_string_ahref(p2, buf);
+ p2 = get_string_ahref(p2, buf, sizeof(buf)/sizeof(char));
/*Strip any leading slash in the path name if preent */
if (*buf == '/')
@@ -285,7 +288,7 @@
else
ftp_mirrors[k].path = kstrdup(buf);
- p2 = get_string_ahref(p2, buf);
+ p2 = get_string_ahref(p2, buf, sizeof(buf)/sizeof(char));
ftp_mirrors[k].file_name = kstrdup(buf);
}
Index: prozilla.spec
===================================================================
RCS file: /cvs/extras/rpms/prozilla/FC-4/prozilla.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- prozilla.spec 9 Sep 2005 11:26:08 -0000 1.11
+++ prozilla.spec 20 Jan 2006 10:08:02 -0000 1.12
@@ -1,11 +1,12 @@
Summary: Advanced Linux download manager
Name: prozilla
Version: 1.3.7.4
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPL
Group: Applications/Internet
Source0: http://prozilla.genesys.ro/downloads/prozilla/tarballs/%{name}-%{version}.tar.gz
+Patch0: prozilla-1.3.7.4-buf.patch
URL: http://prozilla.genesys.ro/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: ncurses-devel
@@ -27,6 +28,7 @@
%prep
%setup -q
+%patch0 -p1 -z .buf
%configure
%build
@@ -49,6 +51,9 @@
%{_mandir}/man1/proz*
%changelog
+* Fri Jan 20 2006 Hans de Goede <j.w.r.degoede at hhs.nl>
+- Fix CAN-2005-2961 / bugzilla 169791
+
* Fri Sep 09 2005 Ralf Corsepius <rc040203 at freenet.de>
- %%{_bindir}/proz.
More information about the fedora-extras-commits
mailing list