Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 29342 Details for
Bug 47926
app-office/openoffice* : Neon Client Code Format String Vulnerabilities
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to fix 1.0.x versions of OOo, replaces neon.patch
neon.patch-ooo-1.0.x (text/plain), 12.67 KB, created by
schaedpq
on 2004-04-15 07:59:53 UTC
(
hide
)
Description:
patch to fix 1.0.x versions of OOo, replaces neon.patch
Filename:
MIME Type:
Creator:
schaedpq
Created:
2004-04-15 07:59:53 UTC
Size:
12.67 KB
patch
obsolete
>*** misc/neon-0.14.0/src/config.h 2004-04-05 12:04:50.798954227 -0400 >--- misc/build/neon-0.14.0/src/config.h 2004-04-05 10:45:31.582523906 -0400 >*************** >*** 1 **** >! dummy >--- 1,111 ---- >! >! /* Define to be the neon version string */ >! #define NEON_VERSION "0.14.0" >! >! /* Define to be major number of neon version */ >! #define NEON_VERSION_MAJOR (0) >! >! /* Define to be minor number of neon version */ >! #define NEON_VERSION_MINOR (14) >! >! /* Define to empty if the keyword does not work. */ >! /* #undef const */ >! >! /* Define as __inline if that's what the C compiler calls it. */ >! #define inline >! >! /* Define if you need to in order for stat and other things to work. */ >! /* #undef _POSIX_SOURCE */ >! >! /* Define if you have the ANSI C header files. */ >! #define STDC_HEADERS 1 >! >! /* Unconditionally define _GNU_SOURCE */ >! #ifndef _GNU_SOURCE >! # define _GNU_SOURCE 1 >! #endif >! >! /* Define if you have the strcasecmp function. */ >! #ifdef UNX >! #define HAVE_STRCASECMP 1 >! #endif >! >! /* Define if you have the <arpa/inet.h> header file. */ >! #ifdef UNX >! #define HAVE_ARPA_INET_H >! #endif >! >! /* Define if you have the <limits.h> header file. */ >! #define HAVE_LIMITS_H 1 >! >! /* Define if you have the <regex.h> header file. */ >! #define HAVE_REGEX_H 1 >! >! /* Define if you have the <stdarg.h> header file. */ >! #define HAVE_STDARG_H 1 >! >! /* Define if you have the <stdlib.h> header file. */ >! #define HAVE_STDLIB_H 1 >! >! /* Define if you have the <string.h> header file. */ >! #define HAVE_STRING_H 1 >! >! /* Define if you have the <strings.h> header file. */ >! #ifdef UNX >! #define HAVE_STRINGS_H 1 >! #endif >! >! /* Define if you have the <sys/select.h> header file. */ >! #ifdef UNX >! #define HAVE_SYS_SELECT_H 1 >! #endif >! >! /* Define if you have the <sys/time.h> header file. */ >! #ifdef UNX >! #define HAVE_SYS_TIME_H 1 >! #endif >! >! /* Define if you have the <unistd.h> header file. */ >! #ifdef UNX >! #define HAVE_UNISTD_H 1 >! #endif >! >! /* Define when building neon as a library */ >! #define NEON_IS_LIBRARY 1 >! >! /* Support WebDAV locking through the library */ >! #define USE_DAV_LOCKS 1 >! >! /* Define to enable debugging */ >! /*#define DEBUGGING 1*/ >! >! /* Define to enable OpenSSL support */ >! /*#define ENABLE_SSL 1*/ >! >! /* Define if you have expat */ >! #define HAVE_OLD_EXPAT 1 >! #define HAVE_EXPAT 1 >! >! /* Define if you have libxml */ >! /* #define HAVE_LIBXML */ >! >! /* Define if you have snprintf */ >! #ifdef UNX >! #define HAVE_SNPRINTF 1 >! #endif >! >! #ifdef WIN32 >! >! /* #define HAVE_MEMCPY */ >! >! /* Win32 uses a underscore, so we use a macro to eliminate that. */ >! #define snprintf _snprintf >! #define vsnprintf _vsnprintf >! #define strcasecmp strcmpi >! #define strncasecmp strnicmp >! #define ssize_t int >! >! #include <io.h> >! #define read _read >! >! #endif >*** misc/neon-0.14.0/src/hip_xml.c 2001-04-25 18:07:42.000000000 -0400 >--- misc/build/neon-0.14.0/src/hip_xml.c 2004-04-05 11:53:42.840672156 -0400 >*************** >*** 812,818 **** > > void hip_xml_set_error(hip_xml_parser *p, const char *msg) > { >! snprintf(p->error, HIP_ERR_SIZE, msg); > } > > #ifdef HAVE_LIBXML >--- 812,818 ---- > > void hip_xml_set_error(hip_xml_parser *p, const char *msg) > { >! snprintf(p->error, HIP_ERR_SIZE, "%s", msg); > } > > #ifdef HAVE_LIBXML >*** misc/neon-0.14.0/src/http_private.h 2001-04-01 20:56:04.000000000 -0400 >--- misc/build/neon-0.14.0/src/http_private.h 2004-04-05 10:45:31.583523751 -0400 >*************** >*** 105,110 **** >--- 105,111 ---- > unsigned int in_connect:1; /* doing a proxy CONNECT */ > unsigned int request_secure_upgrade:1; > unsigned int accept_secure_upgrade:1; >+ unsigned int ftp:1; > > http_use_proxy proxy_decider; > void *proxy_decider_udata; >*************** >*** 129,134 **** >--- 130,137 ---- > > /* Error string */ > char error[BUFSIZ]; >+ >+ char *userinfo; > }; > > struct http_req_s { >*** misc/neon-0.14.0/src/http_request.c 2001-04-29 08:25:44.000000000 -0400 >--- misc/build/neon-0.14.0/src/http_request.c 2004-04-05 10:45:31.586523284 -0400 >*************** >*** 206,211 **** >--- 206,218 ---- > return HTTP_VERSION_PRE11(sess); > } > >+ void http_session_ftp(http_session *sess, const char *userinfo) >+ { >+ sess->ftp = 1; >+ HTTP_FREE(sess->userinfo); >+ sess->userinfo = ne_strdup(userinfo); >+ } >+ > int http_session_server(http_session *sess, const char *hostname, int port) > { > if (sess->connected && !sess->have_proxy) { >*************** >*** 359,364 **** >--- 366,372 ---- > HTTP_FREE(sess->server.hostport); > HTTP_FREE(sess->proxy.hostport); > HTTP_FREE(sess->user_agent); >+ HTTP_FREE(sess->userinfo); > > if (sess->connected) { > close_connection(sess); >*************** >*** 429,435 **** > > const char *http_get_scheme(http_session *sess) > { >! if (sess->use_secure) { > return "https"; > } else { > return "http"; >--- 437,445 ---- > > const char *http_get_scheme(http_session *sess) > { >! if (sess->ftp) { >! return "ftp"; >! } else if (sess->use_secure) { > return "https"; > } else { > return "http"; >*************** >*** 487,494 **** > sbuffer real_uri = sbuffer_create(); > req->abs_path = ne_strdup(uri); > if (req->use_proxy && strcmp(uri, "*") != 0) >! sbuffer_concat(real_uri, http_get_scheme(req->session), "://", >! req->session->server.hostport, NULL); > sbuffer_zappend(real_uri, uri); > req->uri = sbuffer_finish(real_uri); > } >--- 497,509 ---- > sbuffer real_uri = sbuffer_create(); > req->abs_path = ne_strdup(uri); > if (req->use_proxy && strcmp(uri, "*") != 0) >! if (req->session->userinfo && *req->session->userinfo) >! sbuffer_concat(real_uri, http_get_scheme(req->session), "://", >! req->session->userinfo, "@", >! req->session->server.hostport, NULL); >! else >! sbuffer_concat(real_uri, http_get_scheme(req->session), "://", >! req->session->server.hostport, NULL); > sbuffer_zappend(real_uri, uri); > req->uri = sbuffer_finish(real_uri); > } >*** misc/neon-0.14.0/src/http_request.h 2001-04-22 06:18:34.000000000 -0400 >--- misc/build/neon-0.14.0/src/http_request.h 2004-04-05 10:45:31.588522973 -0400 >*************** >*** 68,73 **** >--- 68,75 ---- > /* Finish an HTTP session */ > int http_session_destroy(http_session *sess); > >+ void http_session_ftp(http_session *sess, const char *userinfo); >+ > /* Set the server or proxy server to be used for the session. > * Returns: > * HTTP_LOOKUP if the DNS lookup for hostname failed. >*** misc/neon-0.14.0/src/makefile.mk 2004-04-05 12:04:50.747962139 -0400 >--- misc/build/neon-0.14.0/src/makefile.mk 2004-04-05 10:45:31.590522662 -0400 >*************** >*** 1 **** >! dummy >--- 1,109 ---- >! #************************************************************************* >! # >! # $RCSfile: neon-0.14.0.patch,v $ >! # >! # $Revision: 1.2 $ >! # >! # last change: $Author: kso $ $Date: 2002/01/25 14:21:18 $ >! # >! # The Contents of this file are made available subject to the terms of >! # either of the following licenses >! # >! # - GNU Lesser General Public License Version 2.1 >! # - Sun Industry Standards Source License Version 1.1 >! # >! # Sun Microsystems Inc., October, 2000 >! # >! # GNU Lesser General Public License Version 2.1 >! # ============================================= >! # Copyright 2000 by Sun Microsystems, Inc. >! # 901 San Antonio Road, Palo Alto, CA 94303, USA >! # >! # This library is free software; you can redistribute it and/or >! # modify it under the terms of the GNU Lesser General Public >! # License version 2.1, as published by the Free Software Foundation. >! # >! # This library is distributed in the hope that it will be useful, >! # but WITHOUT ANY WARRANTY; without even the implied warranty of >! # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >! # Lesser General Public License for more details. >! # >! # You should have received a copy of the GNU Lesser General Public >! # License along with this library; if not, write to the Free Software >! # Foundation, Inc., 59 Temple Place, Suite 330, Boston, >! # MA 02111-1307 USA >! # >! # >! # Sun Industry Standards Source License Version 1.1 >! # ================================================= >! # The contents of this file are subject to the Sun Industry Standards >! # Source License Version 1.1 (the "License"); You may not use this file >! # except in compliance with the License. You may obtain a copy of the >! # License at http://www.openoffice.org/license.html. >! # >! # Software provided under this License is provided on an "AS IS" basis, >! # WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, >! # WITHOUT LIMITATION, WARRANTIES THAT THE SOFTWARE IS FREE OF DEFECTS, >! # MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE, OR NON-INFRINGING. >! # See the License for the specific provisions governing your rights and >! # obligations concerning the Software. >! # >! # The Initial Developer of the Original Code is: Sun Microsystems, Inc. >! # >! # Copyright: 2000 by Sun Microsystems, Inc. >! # >! # All Rights Reserved. >! # >! # Contributor(s): _______________________________________ >! # >! # >! # >! #************************************************************************* >! >! PRJ=..$/..$/..$/..$/.. >! >! PRJNAME=external >! TARGET=neon >! LIBTARGET=NO >! >! # --- Settings ----------------------------------------------------- >! >! .INCLUDE : svpre.mk >! .INCLUDE : settings.mk >! .INCLUDE : sv.mk >! >! # --- Files -------------------------------------------------------- >! >! CFLAGS+=-I$(SOLARINCDIR)$/external$/expat >! >! CDEFS+=-DHAVE_CONFIG_H >! >! SLOFILES= \ >! $(SLO)$/base64.obj \ >! $(SLO)$/dates.obj \ >! $(SLO)$/dav_207.obj \ >! $(SLO)$/dav_basic.obj \ >! $(SLO)$/dav_locks.obj \ >! $(SLO)$/dav_props.obj \ >! $(SLO)$/hip_xml.obj \ >! $(SLO)$/http_auth.obj \ >! $(SLO)$/http_basic.obj \ >! $(SLO)$/http_cookies.obj \ >! $(SLO)$/http_redirect.obj \ >! $(SLO)$/http_request.obj \ >! $(SLO)$/http_utils.obj \ >! $(SLO)$/md5.obj \ >! $(SLO)$/ne_alloc.obj \ >! $(SLO)$/neon_i18n.obj \ >! $(SLO)$/socket.obj \ >! $(SLO)$/string_utils.obj \ >! $(SLO)$/uri.obj >! >! >! LIB1TARGET=$(SLB)$/$(TARGET).lib >! LIB1ARCHIV=$(LB)$/lib$(TARGET).a >! LIB1OBJFILES=$(SLOFILES) >! >! # --- Targets ------------------------------------------------------ >! >! .INCLUDE : target.mk >*** misc/neon-0.14.0/src/md5.c 2001-04-29 08:23:07.000000000 -0400 >--- misc/build/neon-0.14.0/src/md5.c 2004-04-05 10:45:31.591522506 -0400 >*************** >*** 280,288 **** > struct md5_ctx *ctx; > { > md5_uint32 correct_words[16]; >! const md5_uint32 *words = buffer; >! size_t nwords = len / sizeof (md5_uint32); >! const md5_uint32 *endp = words + nwords; > md5_uint32 A = ctx->A; > md5_uint32 B = ctx->B; > md5_uint32 C = ctx->C; >--- 280,287 ---- > struct md5_ctx *ctx; > { > md5_uint32 correct_words[16]; >! const unsigned char *words = buffer; >! const unsigned char *endp = words + len; > md5_uint32 A = ctx->A; > md5_uint32 B = ctx->B; > md5_uint32 C = ctx->C; >*************** >*** 315,322 **** > #define OP(a, b, c, d, s, T) \ > do \ > { \ >! a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ >! ++words; \ > CYCLIC (a, s); \ > a += b; \ > } \ >--- 314,323 ---- > #define OP(a, b, c, d, s, T) \ > do \ > { \ >! md5_uint32 WORD_ = (md5_uint32)words[0] | ((md5_uint32)words[1] << 8) \ >! | ((md5_uint32)words[2] << 16) | ((md5_uint32)words[3] << 24); \ >! a += FF (b, c, d) + (*cwp++ = WORD_) + T; \ >! words += 4; \ > CYCLIC (a, s); \ > a += b; \ > } \ >*************** >*** 433,439 **** > > /* Writes the ASCII representation of the MD5 digest into the > * given buffer, which must be at least 33 characters long. */ >! void ne_md5_to_ascii(const unsigned char md5_buf[16], char *buffer) > { > int count; > for (count = 0; count<16; count++) { >--- 434,440 ---- > > /* Writes the ASCII representation of the MD5 digest into the > * given buffer, which must be at least 33 characters long. */ >! void ne_md5_to_ascii(const unsigned char md5_buf[16], char *buffer) > { > int count; > for (count = 0; count<16; count++) { >*************** >*** 445,451 **** > > /* Reads the ASCII representation of an MD5 digest. The buffer must > * be at least 32 characters long. */ >! void ne_ascii_to_md5(const char *buffer, unsigned char md5_buf[16]) > { > int count; > for (count = 0; count<16; count++) { >--- 446,452 ---- > > /* Reads the ASCII representation of an MD5 digest. The buffer must > * be at least 32 characters long. */ >! void ne_ascii_to_md5(const char *buffer, unsigned char md5_buf[16]) > { > int count; > for (count = 0; count<16; count++) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=29342">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 47926
: 29342 |
29343
