rpms/prozilla/FC-4 prozilla-1.3.7.4-buf.patch, NONE, 1.1 prozilla.spec, 1.11, 1.12

Fri Jan 20 10:08:02 UTC 2006

Author: jwrdegoede

Update of /cvs/extras/rpms/prozilla/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5081

Modified Files:
	prozilla.spec 
Added Files:
	prozilla-1.3.7.4-buf.patch 
Log Message:
* Fri Jan 20 2006 Hans de Goede <j.w.r.degoede at hhs.nl>
- Fix CAN-2005-2961 / bugzilla 169791


prozilla-1.3.7.4-buf.patch:

--- NEW FILE prozilla-1.3.7.4-buf.patch ---
--- prozilla-1.3.7.4/src/ftpsearch.c.buf	2006-01-05 11:43:08.000000000 +0100
+++ prozilla-1.3.7.4/src/ftpsearch.c	2006-01-05 11:59:49.000000000 +0100
@@ -81,9 +81,10 @@
     return (strstr(buf, "</A"));
 }
 
-char *get_string_ahref(char *buf, char *out)
+static char *get_string_ahref(char *buf, char *out, size_t out_size)
 {
     char *p1, *p2, *p3;
+    size_t to_copy;
 
     p1 = find_ahref(buf);
     assert(p1 != NULL);
@@ -93,11 +94,14 @@
 
     p3 = find_closed_a(p2);
     assert(p3 != NULL);
-
-    strncpy(out, p2 + 1, p3 - p2 - 1);
-    out[p3 - p2 - 1] = 0;
+    
+    to_copy = p3 - p2 - 1;
+    if (to_copy >= out_size)
+        to_copy = out_size - 1;
+    strncpy(out, p2 + 1, to_copy);
+    out[to_copy] = 0;
+    
     return p3;
-
 }
 
 
@@ -242,9 +246,8 @@
 
     p1 = kmalloc((j - i - 5) + 100);
     strncpy(p1, i + 5, j - i - 5);
-
-    debug_prz("\nstring len= %ld", strlen(p1));
     p1[j - i - 5 + 1] = 0;
+    debug_prz("\nstring len= %ld", strlen(p1));
 
     p2 = p1;
 
@@ -275,9 +278,9 @@
     for (k = 0; k < *num_servers; k++)
     {
 	memset(&(ftp_mirrors[k]), 0, sizeof(ftp_mirror));
-	p2 = get_string_ahref(p2, buf);
+	p2 = get_string_ahref(p2, buf, sizeof(buf)/sizeof(char));
 	ftp_mirrors[k].server_name = kstrdup(buf);
-	p2 = get_string_ahref(p2, buf);
+	p2 = get_string_ahref(p2, buf, sizeof(buf)/sizeof(char));
 
 	/*Strip any leading slash in the path name if preent */
 	if (*buf == '/')
@@ -285,7 +288,7 @@
 	else
 	    ftp_mirrors[k].path = kstrdup(buf);
 
-	p2 = get_string_ahref(p2, buf);
+	p2 = get_string_ahref(p2, buf, sizeof(buf)/sizeof(char));
 	ftp_mirrors[k].file_name = kstrdup(buf);
     }
 


Index: prozilla.spec
===================================================================
RCS file: /cvs/extras/rpms/prozilla/FC-4/prozilla.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- prozilla.spec	9 Sep 2005 11:26:08 -0000	1.11
+++ prozilla.spec	20 Jan 2006 10:08:02 -0000	1.12
@@ -1,11 +1,12 @@
 Summary:	Advanced Linux download manager
 Name:		prozilla
 Version:	1.3.7.4
-Release:	1%{?dist}
+Release:	2%{?dist}
 
 License:	GPL
 Group:		Applications/Internet
 Source0:	http://prozilla.genesys.ro/downloads/prozilla/tarballs/%{name}-%{version}.tar.gz
+Patch0:		prozilla-1.3.7.4-buf.patch
 URL:		http://prozilla.genesys.ro/
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires:	ncurses-devel
@@ -27,6 +28,7 @@
 
 %prep
 %setup -q
+%patch0 -p1 -z .buf
 %configure
 
 %build
@@ -49,6 +51,9 @@
 %{_mandir}/man1/proz*
 
 %changelog
+* Fri Jan 20 2006 Hans de Goede <j.w.r.degoede at hhs.nl>
+- Fix CAN-2005-2961 / bugzilla 169791
+
 * Fri Sep 09 2005 Ralf Corsepius <rc040203 at freenet.de>
 - %%{_bindir}/proz.
 


