diff options
| author |   Ned Ludd <solar@gentoo.org> | 2003-08-11 20:15:52 +0000 |
|---|---|---|
| committer | Ned Ludd <solar@gentoo.org> | 2003-08-11 20:15:52 +0000 |
| commit | 320806be1114152fcabcd16da3ff5fe5766178a5 (patch) | |
| tree | 366b70e858700970f7a059a4e55518dc378185a9 /net-misc/whois/files | |
| parent | whois does not check the return values of malloc and realloc to ensure that t... (diff) | |
| download | gentoo-2-320806be1114152fcabcd16da3ff5fe5766178a5.tar.gz gentoo-2-320806be1114152fcabcd16da3ff5fe5766178a5.tar.bz2 gentoo-2-320806be1114152fcabcd16da3ff5fe5766178a5.zip | |
whois does not check the return values of malloc and realloc to ensure that they succeeded which can lead to unexpted results including segfaults.
So I merged the last gentoo-security.patch with Matt Kraai's idea from debian bug report - #135822 to form the gentoo-security-2.patch
Diffstat (limited to 'net-misc/whois/files')
| -rw-r--r-- | net-misc/whois/files/digest-whois-4.6.6-r2 (renamed from net-misc/whois/files/digest-whois-4.6.6-r1) | 0 | ||||
| -rw-r--r-- | net-misc/whois/files/whois-4.6.6-gentoo-security-2.patch (renamed from net-misc/whois/files/whois-4.6.6-gentoo-security.patch) | 103 |
2 files changed, 99 insertions, 4 deletions
diff --git a/net-misc/whois/files/digest-whois-4.6.6-r1 b/net-misc/whois/files/digest-whois-4.6.6-r2 index 36ed1f444de6..36ed1f444de6 100644 --- a/net-misc/whois/files/digest-whois-4.6.6-r1 +++ b/net-misc/whois/files/digest-whois-4.6.6-r2 diff --git a/net-misc/whois/files/whois-4.6.6-gentoo-security.patch b/net-misc/whois/files/whois-4.6.6-gentoo-security-2.patch index fa1641fa3192..766f5699e85f 100644 --- a/net-misc/whois/files/whois-4.6.6-gentoo-security.patch +++ b/net-misc/whois/files/whois-4.6.6-gentoo-security-2.patch @@ -1,6 +1,6 @@ diff -Nru whois-4.6.6.orig/whois.c whois-4.6.6/whois.c --- whois-4.6.6.orig/whois.c 2003-06-15 12:36:52.000000000 -0400 -+++ whois-4.6.6/whois.c 2003-08-11 02:15:30.000000000 -0400 ++++ whois-4.6.6/whois.c 2003-08-11 15:56:57.000000000 -0400 @@ -73,12 +73,12 @@ /* RIPE flags */ if (strchr(ripeflags, ch)) { @@ -16,11 +16,31 @@ diff -Nru whois-4.6.6.orig/whois.c whois-4.6.6/whois.c if (ch == 't' || ch == 'v' || ch == 'q') nopar = 1; continue; -@@ -132,10 +132,10 @@ +@@ -86,7 +86,7 @@ + /* program flags */ + switch (ch) { + case 'h': +- server = q = malloc(strlen(optarg) + 1); ++ server = q = xmalloc(strlen(optarg) + 1); + for (p = optarg; *p && *p != ':'; *q++ = tolower(*p++)); + if (*p == ':') + port = p + 1; +@@ -122,7 +122,7 @@ + usage(); + + /* On some systems realloc only works on non-NULL buffers */ +- qstring = malloc(64); ++ qstring = xmalloc(64); + *qstring = '\0'; + + /* parse other parameters, if any */ +@@ -131,11 +131,11 @@ + while (1) { qslen += strlen(*argv) + 1 + 1; - qstring = realloc(qstring, qslen); +- qstring = realloc(qstring, qslen); - strcat(qstring, *argv++); ++ qstring = xrealloc(qstring, qslen); + strncat(qstring, *argv++, qslen-1); if (argc == 1) break; @@ -40,7 +60,7 @@ diff -Nru whois-4.6.6.orig/whois.c whois-4.6.6/whois.c - + 10 + 2 + 1); + buflen = (strlen(flags) + strlen(query) + strlen(client_tag) + 4 + 10 + 2 + 1); + -+ buf = malloc(buflen); ++ buf = xmalloc(buflen); + *buf = '\0'; for (i = 0; ripe_servers[i]; i++) @@ -84,3 +104,78 @@ diff -Nru whois-4.6.6.orig/whois.c whois-4.6.6/whois.c fd = openconn(nh, np); do_query(fd, nq); continue; +@@ -511,7 +514,7 @@ + FILE *fi; + int state = 0; + +- temp = malloc(strlen(query) + 1 + 2 + 1); ++ temp = xmalloc(strlen(query) + 1 + 2 + 1); + *temp = '='; + strcpy(temp + 1, query); + strcat(temp, "\r\n"); +@@ -531,7 +534,7 @@ + + for (p = buf; *p != ':'; p++); /* skip until colon */ + for (p++; *p == ' '; p++); /* skip colon and spaces */ +- ret = malloc(strlen(p) + 1); ++ ret = xmalloc(strlen(p) + 1); + for (q = ret; *p != '\n' && *p != '\r' && *p != ' '; *q++ = *p++) + ; /*copy data*/ + *q = '\0'; +@@ -553,7 +556,7 @@ + FILE *fi; + int state = 0; + +- temp = malloc(strlen(query) + 5 + 2 + 1); ++ temp = xmalloc(strlen(query) + 5 + 2 + 1); + strcpy(temp, "FULL "); + strcat(temp, query); + strcat(temp, "\r\n"); +@@ -574,7 +577,7 @@ + for (p = buf; *p != ':'; p++); /* skip until colon */ + for (p++; *p != ':'; p++); /* skip until 2nd colon */ + for (p++; *p == ' '; p++); /* skip colon and spaces */ +- ret = malloc(strlen(p) + 1); ++ ret = xmalloc(strlen(p) + 1); + for (q = ret; *p != '\n' && *p != '\r'; *q++ = *p++); /*copy data*/ + *q = '\0'; + state = 2; +@@ -729,6 +732,26 @@ + } + + ++/* Memory allocation routines */ ++void *xmalloc(size_t size) ++{ ++ void *ptr; ++ ++ if ((ptr = malloc(size)) == NULL) ++ err_sys("malloc"); ++ ++ return ptr; ++} ++ ++void *xrealloc(void *ptr, size_t size) ++{ ++ if ((ptr = realloc(ptr, size)) == NULL) ++ err_sys("realloc"); ++ ++ return ptr; ++} ++ ++ + /* Error routines */ + void err_sys(const char *fmt, ...) + { +diff -Nru whois-4.6.6.orig/whois.h whois-4.6.6/whois.h +--- whois-4.6.6.orig/whois.h 2003-03-16 09:08:10.000000000 -0500 ++++ whois-4.6.6/whois.h 2003-08-11 15:53:43.000000000 -0400 +@@ -23,6 +23,8 @@ + int domfind(const char *, const char *[]); + char *normalize_domain(const char *); + ++void *xmalloc(size_t); ++void *xrealloc(void *, size_t); + void err_quit(const char *,...); + void err_sys(const char *,...); + |