Attachment 151318 Details for Bug 219498 – files/whois-4.7.26-gentoo-security.patch

[patch] files/whois-4.7.26-gentoo-security.patch

whois-4.7.26-gentoo-security.patch (text/plain), 6.06 KB, created by Conrad Kostecki on 2008-04-29 10:18:06 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Conrad Kostecki

Created: 2008-04-29 10:18:06 UTC

Size: 6.06 KB

patch

obsolete

>--- whois.c.orig	2008-04-29 11:10:13.000000000 +0200
>+++ whois.c	2008-04-29 11:34:23.000000000 +0200
>@@ -87,7 +87,7 @@
> 	/* RIPE flags */
> 	if (strchr(ripeflags, ch)) {
> 	    for (p = fstring; *p; p++);
>-	    sprintf(p--, "-%c ", ch);
>+	    snprintf(p--, sizeof(fstring), "-%c ", ch);
> 	    continue;
> 	}
> 	if (strchr(ripeflagsp, ch)) {
>@@ -132,7 +132,7 @@
> 	usage();
> 
>     /* On some systems realloc only works on non-NULL buffers */
>-    qstring = malloc(64);
>+    qstring = xmalloc(64);
>     *qstring = '\0';
> 
>     /* parse other parameters, if any */
>@@ -141,11 +141,11 @@
> 
> 	while (1) {
> 	    qslen += strlen(*argv) + 1 + 1;
>-	    qstring = realloc(qstring, qslen);
>-	    strcat(qstring, *argv++);
>+	    qstring = xrealloc(qstring, qslen);
>+	    strncat(qstring, *argv++, qslen-1);
> 	    if (argc == 1)
> 		break;
>-	    strcat(qstring, " ");
>+	    strncat(qstring, " ", qslen-1);
> 	    argc--;
> 	}
>     }
>@@ -467,8 +467,10 @@
>     char *buf, *p;
>     int i, isripe = 0;
> 
>+    /* buflen was always 0 in original patch and buf was allocated twice /Aye */
>     /* 64 bytes reserved for server-specific flags added later */
>-    buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64);
>+    int buflen = strlen(flags) + strlen(query) + strlen(client_tag) + 64;
>+    buf = xmalloc(buflen);
>     *buf = '\0';
>     for (i = 0; ripe_servers[i]; i++)
> 	if (streq(server, ripe_servers[i])) {
>@@ -481,7 +483,7 @@
>     if (*flags) {
> 	if (!isripe && !streq(server, "whois.corenic.net"))
> 	    puts(_("Warning: RIPE flags used with a traditional server."));
>-	strcat(buf, flags);
>+	strncat(buf, flags, buflen-1);
>     }
> 
> #ifdef HAVE_LIBIDN
>@@ -490,28 +492,28 @@
>      */
>     if (streq(server, "whois.denic.de") && domcmp(query, ".de")
> 	    && !strchr(query, ' ') && !*flags)
>-	sprintf(buf, "-T dn,ace -C US-ASCII %s", query);
>+	snprintf(buf, buflen-1, "-T dn,ace -C US-ASCII %s", query);
>     else
>     /* here we have another registrar who could not make things simple
>      * -C sets the language for both input and output
>      */
>     if (!isripe && streq(server, "whois.cat") && domcmp(query, ".cat")
> 	    && !strchr(query, ' '))
>-	sprintf(buf, "-C US-ASCII ace %s", query);
>+	snprintf(buf, buflen-1, "-C US-ASCII ace %s", query);
>     else
> #endif
>     if (!isripe && (streq(server, "whois.nic.mil") ||
> 	    streq(server, "whois.nic.ad.jp")) &&
> 	    strncaseeq(query, "AS", 2) && isasciidigit(query[2]))
> 	/* FIXME: /e is not applied to .JP ASN */
>-	sprintf(buf, "AS %s", query + 2);	/* fix query for DDN */
>+	snprintf(buf, buflen-1, "AS %s", query + 2);	/* fix query for DDN */
>     else if (!isripe && (streq(server, "whois.nic.ad.jp") ||
> 	    streq(server, "whois.jprs.jp"))) {
> 	char *lang = getenv("LANG");	/* not a perfect check, but... */
> 	if (!lang || !strneq(lang, "ja", 2))
>-	    sprintf(buf, "%s/e", query);	/* ask for english text */
>+	    snprintf(buf, buflen-1, "%s/e", query);	/* ask for english text */
> 	else
>-	    strcat(buf, query);
>+	    strncat(buf, query, buflen-1);
>     } else if (!isripe && streq(server, "whois.arin.net") &&
> 	    (p = strrchr(query, '/'))) {
> 	strncat(buf, query, p - query);		/* strip CIDR */
>@@ -582,7 +584,7 @@
> 
> 	    if (sscanf(buf, REFERTO_FORMAT, nh, np, nq) == 3) {
> 		/* XXX we are ignoring the new query string */
>-		referral_server = malloc(300);
>+		referral_server = xmalloc(300);
> 		sprintf(referral_server, "%s:%s", nh, np);
> 	    }
> 	}
>@@ -631,7 +633,7 @@
>     int hide = hide_discl;
>     int state = 0;
> 
>-    temp = malloc(strlen(query) + 1 + 2 + 1);
>+    temp = xmalloc(strlen(query) + 1 + 2 + 1);
>     *temp = '=';
>     strcpy(temp + 1, query);
>     strcat(temp, "\r\n");
>@@ -649,7 +651,7 @@
> 
> 	    for (p = buf; *p != ':'; p++);	/* skip until colon */
> 	    for (p++; *p == ' '; p++);		/* skip colon and spaces */
>-	    ret = malloc(strlen(p) + 1);
>+	    ret = xmalloc(strlen(p) + 1);
> 	    for (q = ret; *p != '\n' && *p != '\r' && *p != ' '; *q++ = *p++)
> 		; /*copy data*/
> 	    *q = '\0';
>@@ -674,7 +676,7 @@
>     int hide = hide_discl;
>     int state = 0;
> 
>-    temp = malloc(strlen(query) + 5 + 2 + 1);
>+    temp = xmalloc(strlen(query) + 5 + 2 + 1);
>     strcpy(temp, "FULL ");
>     strcat(temp, query);
>     strcat(temp, "\r\n");
>@@ -695,7 +697,7 @@
> 	    for (p = buf; *p != ':'; p++);	/* skip until colon */
> 	    for (p++; *p != ':'; p++);		/* skip until 2nd colon */
> 	    for (p++; *p == ' '; p++);		/* skip colon and spaces */
>-	    ret = malloc(strlen(p) + 1);
>+	    ret = xmalloc(strlen(p) + 1);
> 	    for (q = ret; *p != '\n' && *p != '\r'; *q++ = *p++); /*copy data*/
> 	    *q = '\0';
> 	    state = 2;
>@@ -733,7 +735,7 @@
> 
> 	    for (p = buf; *p != ':'; p++);	/* skip until colon */
> 	    for (p++; *p == ' '; p++);		/* skip colon and spaces */
>-	    ret = malloc(strlen(p) + 1);
>+	    ret = xmalloc(strlen(p) + 1);
> 	    for (q = ret; *p != '\n' && *p != '\r' && *p != ' '; *q++ = *p++)
> 		; /*copy data*/
> 	    *q = '\0';
>@@ -936,7 +938,7 @@
> 
> char *convert_6to4(const char *s)
> {
>-    char *new = malloc(sizeof("255.255.255.255"));
>+    char *new = xmalloc(sizeof("255.255.255.255"));
>     unsigned int a, b;
> 
>     if (sscanf(s, "2002:%x:%x:", &a, &b) != 2)
>@@ -948,7 +950,7 @@
> 
> char *convert_teredo(const char *s)
> {
>-    char *new = malloc(sizeof("255.255.255.255"));
>+    char *new = xmalloc(sizeof("255.255.255.255"));
>     unsigned int a, b;
> 
>     if (sscanf(s, "2001:%*[^:]:%*[^:]:%*[^:]:%*[^:]:%*[^:]:%x:%x", &a, &b) != 2)
>@@ -1030,3 +1032,18 @@
>     exit(0);
> }
> 
>+/* Memory allocation routines */
>+void *xmalloc(size_t size)
>+{
>+       void *ptr;
>+       if ((ptr = malloc(size)) == NULL)
>+               err_sys("malloc");
>+       return ptr;
>+}
>+
>+void *xrealloc(void *ptr, size_t size)
>+{
>+       if ((ptr = realloc(ptr, size)) == NULL)
>+               err_sys("realloc");
>+       return ptr;
>+}
>
>--- whois.h.orig        2008-04-29 11:27:20.000000000 +0200
>+++ whois.h     2008-04-29 11:28:32.000000000 +0200
>@@ -36,6 +36,8 @@
> void split_server_port(const char *const input, const char **server,
>                       const char **port);
>
>+void *xmalloc(size_t);
>+void *xrealloc(void *, size_t);
>
> /* flags for RIPE-like servers */
> const char *ripeflags="abBcdFGKlLmMrRSx";
>

Actions: View | Diff

Attachments on bug 219498: 151316 | 151317 | 151318 | 151320