pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/curl Fix buffer overflow in the NTLM authenticatio...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/f8763a769f23
branches:  trunk
changeset: 489699:f8763a769f23
user:      salo <salo%pkgsrc.org@localhost>
date:      Fri Feb 25 00:47:30 2005 +0000

description:
Fix buffer overflow in the NTLM authentication code.  Patch from curl cvs.
Bump PKGREVISION.

diffstat:

 www/curl/Makefile         |   3 ++-
 www/curl/buildlink3.mk    |   4 ++--
 www/curl/distinfo         |   3 ++-
 www/curl/patches/patch-aa |  34 ++++++++++++++++++++++++++++++++++
 4 files changed, 40 insertions(+), 4 deletions(-)

diffs (79 lines):

diff -r 4d268f0e66b2 -r f8763a769f23 www/curl/Makefile
--- a/www/curl/Makefile Thu Feb 24 23:10:44 2005 +0000
+++ b/www/curl/Makefile Fri Feb 25 00:47:30 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2005/02/18 18:05:08 wiz Exp $
+# $NetBSD: Makefile,v 1.49 2005/02/25 00:47:30 salo Exp $
 
 DISTNAME=      curl-7.13.0
+PKGREVISION=   1
 CATEGORIES=    www
 MASTER_SITES=  http://curl.haxx.se/download/ \
                ftp://ftp.sunet.se/pub/www/utilities/curl/ \
diff -r 4d268f0e66b2 -r f8763a769f23 www/curl/buildlink3.mk
--- a/www/curl/buildlink3.mk    Thu Feb 24 23:10:44 2005 +0000
+++ b/www/curl/buildlink3.mk    Fri Feb 25 00:47:30 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2005/01/03 15:58:52 wiz Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2005/02/25 00:47:30 salo Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 CURL_BUILDLINK3_MK:=   ${CURL_BUILDLINK3_MK}+
@@ -11,7 +11,7 @@
 BUILDLINK_PACKAGES+=   curl
 
 .if !empty(CURL_BUILDLINK3_MK:M+)
-BUILDLINK_DEPENDS.curl+=       curl>=7.12.3
+BUILDLINK_DEPENDS.curl+=       curl>=7.13.0nb1
 BUILDLINK_PKGSRCDIR.curl?=     ../../www/curl
 .endif # CURL_BUILDLINK3_MK
 
diff -r 4d268f0e66b2 -r f8763a769f23 www/curl/distinfo
--- a/www/curl/distinfo Thu Feb 24 23:10:44 2005 +0000
+++ b/www/curl/distinfo Fri Feb 25 00:47:30 2005 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.32 2005/02/24 14:08:30 wiz Exp $
+$NetBSD: distinfo,v 1.33 2005/02/25 00:47:30 salo Exp $
 
 SHA1 (curl-7.13.0.tar.bz2) = 63530e49c7c55b0cb47372d87b4d2eff40d28e43
 RMD160 (curl-7.13.0.tar.bz2) = e543ebdae0f703d34f287ff7e9a8ee62ddf40d7b
 Size (curl-7.13.0.tar.bz2) = 1853790 bytes
+SHA1 (patch-aa) = 77f05820c243eb58c4091f89e6aaf44886d6d497
diff -r 4d268f0e66b2 -r f8763a769f23 www/curl/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/curl/patches/patch-aa Fri Feb 25 00:47:30 2005 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-aa,v 1.8 2005/02/25 00:47:30 salo Exp $
+
+--- lib/http_ntlm.c.orig       2004-12-08 00:09:41.000000000 +0100
++++ lib/http_ntlm.c    2005-02-25 01:09:30.000000000 +0100
+@@ -103,7 +103,6 @@
+     header++;
+ 
+   if(checkprefix("NTLM", header)) {
+-    unsigned char buffer[256];
+     header += strlen("NTLM");
+ 
+     while(*header && isspace((int)*header))
+@@ -123,8 +122,12 @@
+          (40)    Target Information  (optional) security buffer(*)
+          32 (48) start of data block
+       */
++      size_t size;
++      unsigned char *buffer = (unsigned char *)malloc(strlen(header));
++      if (buffer == NULL)
++        return CURLNTLM_BAD;
+ 
+-      size_t size = Curl_base64_decode(header, (char *)buffer);
++      size = Curl_base64_decode(header, (char *)buffer);
+ 
+       ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
+ 
+@@ -134,6 +137,7 @@
+ 
+       /* at index decimal 20, there's a 32bit NTLM flag field */
+ 
++      free(buffer);
+     }
+     else {
+       if(ntlm->state >= NTLMSTATE_TYPE1)



Home | Main Index | Thread Index | Old Index