Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 37555 Details for
Bug 60587
net-dialup/freeradius: 1.0.1 fixes DoS vulnerabilites
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to freeradius 1.0.0
freeradius-1.0.0-exec-args.patch (text/plain), 1.12 KB, created by
Chet McNeill
on 2004-08-16 13:40:24 UTC
(
hide
)
Description:
Patch to freeradius 1.0.0
Filename:
MIME Type:
Creator:
Chet McNeill
Created:
2004-08-16 13:40:24 UTC
Size:
1.12 KB
patch
obsolete
>--- freeradius-1.0.0/src/main/exec.c 2004-02-26 12:04:22.000000000 -0700 >+++ exec-chm.c 2004-08-13 13:36:12.000000000 -0600 >@@ -114,13 +114,31 @@ > * buffer first, and then do the translation on every > * subsequent string. > */ >- p = strtok(buf, " \t"); >- if (p) do { >- argv[++argc] = p; >- p = strtok(NULL, " \t"); >- } while(p != NULL); > >- argv[++argc] = p; >+ p = buf; >+ /* step through entire string, noting separate args by spaces or >+ * single/double quotes */ >+ while (*p) { >+ if (*p != ' ' && *p != '\t') { >+ /* Quotes: Search for matching quote; if found mark token */ >+ if (*p == '\'' || *p == '\"') { >+ char qt = *p; >+ argv[++argc] = p+1; >+ while (*++p != qt && *p); >+ if (*p) { >+ *(p++) = '\x00'; /* Make closing quote string terminator */ >+ } >+ } else { >+ /* Start of unquoted arg -- mark it */ >+ argv[++argc] = p; >+ while (*p && (*p != '\t' && *p != ' ')) p++; >+ } >+ } else { >+ *p = 0x00; /* terminate each string on first whitespace */ >+ while (*++p && (*p == '\t' || *p == ' ')); >+ } >+ } >+ > if (argc == 0) { > radlog(L_ERR, "Exec-Program: empty command line."); > return -1;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 60587
:
37554
| 37555 |
39967