sysutils/file: patch from https://github.com/file/file/commit/3046c231e1a2fcdd5033bea0603c23f435a00bd7

To: pkgsrc-users%netbsd.org@localhost
Subject: sysutils/file: patch from https://github.com/file/file/commit/3046c231e1a2fcdd5033bea0603c23f435a00bd7
From: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>
Date: Fri, 22 May 2015 17:15:01 +0200

Hi,

"pkg_admin audit" says about sysutils/file:
    Package file-5.22 has a denial-of-service vulnerability, see https://github.com/file/file/commit/3046c231e1a2fcdd5033bea0603c23f435a00bd7


I picket this commit and created a patch from it using mkpatches.

Can somebody check it and commit?

Regards
Matthias Ferdinand

$NetBSD$

contains fix from 
https://github.com/file/file/commit/3046c231e1a2fcdd5033bea0603c23f435a00bd7

--- src/softmagic.c.orig	2015-01-01 17:07:34.000000000 +0000
+++ src/softmagic.c
@@ -1116,10 +1116,8 @@ mcopy(struct magic_set *ms, union VALUET
 				bytecnt = m->str_range;
 			}
 
-			if (bytecnt == 0)
-				bytecnt = 8192;
-			if (bytecnt > nbytes)
-				bytecnt = nbytes;
+                        if (bytecnt == 0 || bytecnt > nbytes - offset)
+ 				bytecnt = nbytes - offset;
 
 			buf = RCAST(const char *, s) + offset;
 			end = last = RCAST(const char *, s) + bytecnt;

Follow-Ups:
- Re: sysutils/file: patch from https://github.com/file/file/commit/3046c231e1a2fcdd5033bea0603c23f435a00bd7
  - From: Benny Siegert

Prev by Date: Re: /bin/pwd defaults (Re: devel/gobject-introspection build can't find 'glib/gmacros.h')
Next by Date: Re: Wrong directory ownership or permissions warning when install package
Previous by Thread: business solutions
Next by Thread: Re: sysutils/file: patch from https://github.com/file/file/commit/3046c231e1a2fcdd5033bea0603c23f435a00bd7
Indexes:

Home | Main Index | Thread Index | Old Index