Date: Sun, 30 Jan 2005 13:42:26 +0100 (CET) From: Stefan Walter <sw@gegenunendlich.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: security@FreeBSD.org Subject: ports/76852: [PATCH] textproc/unrtf: fix vulnerability Message-ID: <20050130124226.70BD33B79@kyuzo.dunkelkammer.void> Resent-Message-ID: <200501301250.j0UCoQuG068507@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 76852 >Category: ports >Synopsis: [PATCH] textproc/unrtf: fix vulnerability >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jan 30 12:50:26 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Stefan Walter >Release: FreeBSD 5.3-STABLE i386 >Organization: Infinity Approximation Task Force >Environment: System: FreeBSD kyuzo.dunkelkammer.void 5.3-STABLE FreeBSD 5.3-STABLE #0: Sat Dec 18 22:12:32 CET 2004 >Description: - Attempt to fix the exploitable security issue described at http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by replacing strcat() with strncat(). Please note that I wasn't able to reproduce the exploit described at http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system. Feedback of someone who can reproduce the exploit with an unpatched unrtf would be appreciated. - Bump PORTREVISION. - Remove old master site that doesn't seem to have the distfile any more. Security Team cc'd. Added file(s): - files/patch-convert.c Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: >Fix: --- unrtf-0.19.3_1.patch begins here --- diff -ruN --exclude=CVS /usr/ports/textproc/unrtf.old/Makefile /usr/ports/textproc/unrtf/Makefile --- /usr/ports/textproc/unrtf.old/Makefile Sun Jan 30 11:37:30 2005 +++ /usr/ports/textproc/unrtf/Makefile Sun Jan 30 12:16:02 2005 @@ -6,17 +6,13 @@ PORTNAME= unrtf PORTVERSION= 0.19.3 +PORTREVISION= 1 CATEGORIES= textproc -MASTER_SITES= http://unrtf.50megs.com/ \ - ${MASTER_SITE_GNU} +MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= ${PORTNAME} MAINTAINER= ports@FreeBSD.org COMMENT= A converter from RTF to several formats, including HTML and LaTeX - -FORBIDDEN= http://vuxml.FreeBSD.org/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html -DEPRECATED= ${FORBIDDEN} -EXPIRATION_DATE=2005-02-16 USE_REINPLACE= yes ALL_TARGET= unrtf diff -ruN --exclude=CVS /usr/ports/textproc/unrtf.old/files/patch-convert.c /usr/ports/textproc/unrtf/files/patch-convert.c --- /usr/ports/textproc/unrtf.old/files/patch-convert.c Thu Jan 1 01:00:00 1970 +++ /usr/ports/textproc/unrtf/files/patch-convert.c Sun Jan 30 13:35:57 2005 @@ -0,0 +1,11 @@ +--- convert.c.orig Sun Jan 30 13:34:16 2005 ++++ convert.c Sun Jan 30 13:35:36 2005 +@@ -341,7 +341,7 @@ + while(w2) { + tmp = word_string (w2); + if (tmp && tmp[0] != '\\') +- strcat(name,tmp); ++ strncat(name,tmp,sizeof(name)-strlen(name)-1); + + w2=w2->next; + } --- unrtf-0.19.3_1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050130124226.70BD33B79>