git: 483d9e29e056 - main - korean/hcode: Fix buffer overflow in mail.c
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 01 May 2024 19:54:56 UTC
The branch main has been updated by riggs: URL: https://cgit.FreeBSD.org/ports/commit/?id=483d9e29e0569128d7f88e08c295c1f3dbeabf01 commit 483d9e29e0569128d7f88e08c295c1f3dbeabf01 Author: Thomas Zander <riggs@FreeBSD.org> AuthorDate: 2024-05-01 19:52:46 +0000 Commit: Thomas Zander <riggs@FreeBSD.org> CommitDate: 2024-05-01 19:54:54 +0000 korean/hcode: Fix buffer overflow in mail.c Reported by: Wolfgang Frisch <wfrisch@suse.de> MFH: 2024Q2 Security: CVE-2024-34020 --- korean/hcode/Makefile | 2 +- korean/hcode/files/patch-mail.c | 34 ++++++++++++++++++++++------------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/korean/hcode/Makefile b/korean/hcode/Makefile index c881a07a90ee..d268b08c41c6 100644 --- a/korean/hcode/Makefile +++ b/korean/hcode/Makefile @@ -1,6 +1,6 @@ PORTNAME= hcode PORTVERSION= 2.1.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= korean MASTER_SITES= http://ftp.kaist.ac.kr/hangul/incoming/ \ ftp://ftp.kaist.ac.kr/hangul/incoming/ \ diff --git a/korean/hcode/files/patch-mail.c b/korean/hcode/files/patch-mail.c index 9c9f5136dff3..57bc6ab2837e 100644 --- a/korean/hcode/files/patch-mail.c +++ b/korean/hcode/files/patch-mail.c @@ -1,15 +1,16 @@ ---- mail.c.orig 1998-03-11 05:02:22.000000000 -0500 -+++ mail.c 2013-06-12 20:06:21.000000000 -0400 -@@ -1,4 +1,8 @@ +--- mail.c.orig 1998-03-11 10:02:22 UTC ++++ mail.c +@@ -1,5 +1,9 @@ +#include <ctype.h> #include <stdio.h> +#include <string.h> -+ -+static int ks2iso(unsigned char *, FILE *); ++static int ks2iso(unsigned char *, FILE *); ++ /* ------------------------------------------------------ Search for Starting Mark and print out (ENGLISH) prologue -@@ -66,9 +70,8 @@ + mark : Starting Code +@@ -66,9 +70,8 @@ FILE *fpin, *fpout; #define SI '\017' #define SO '\016' @@ -21,7 +22,7 @@ { int mode=ASCII; int i=0; -@@ -172,8 +175,8 @@ +@@ -172,8 +175,8 @@ void (*prwc)(); if (fgets((char *) ibuf,HDR_BUF_LEN,fpin) == NULL) /* no message body */ return(1); /* header only (6/8/96) */ @@ -32,7 +33,7 @@ header_switch(iptr,fpout); continue; } -@@ -186,7 +189,7 @@ +@@ -186,7 +189,7 @@ void (*prwc)(); while ( charset[++i] != NULL ) { sprintf(encode_prefix,"=?%s?B?",charset[i]); @@ -41,7 +42,7 @@ strlen(encode_prefix)) ) { isbqheader= bqheader_decode(&iptr,encode_prefix,Bencode, -@@ -195,7 +198,7 @@ +@@ -195,7 +198,7 @@ void (*prwc)(); } sprintf(encode_prefix,"=?%s?Q?",charset[i]); @@ -50,7 +51,16 @@ strlen(encode_prefix)) ) { isbqheader= bqheader_decode(&iptr,encode_prefix,Qencode, -@@ -250,15 +253,15 @@ +@@ -238,7 +241,7 @@ int outCode; + unsigned char ibuf[HDR_BUF_LEN],obuf[HDR_BUF_LEN],tbuf[HDR_BUF_LEN]; + unsigned char *iptr, *tptr; + +- if ( cp >= HDR_BUF_LEN ) { ++ if ( cp >= (HDR_BUF_LEN-8) ) { + pr2m(Printwc,fpout,outCode); + return; + } +@@ -250,15 +253,15 @@ int outCode; return; } ibuf[cp++] = '\n'; @@ -69,7 +79,7 @@ string_to_base64(obuf, tbuf); fprintf(fpout,"=?EUC-KR?B?%s?=",obuf); } -@@ -342,12 +345,12 @@ +@@ -342,12 +345,12 @@ void (*prwc)(); only checks if there's any whitespace or '?'. */ @@ -85,7 +95,7 @@ iptr+=2; if ( encoding == Bencode) base64_to_string(obuf, tbuf); -@@ -495,7 +498,7 @@ +@@ -495,7 +498,7 @@ void header_switch(iptr,fpout) /* void header_switch(iptr0,fpout,name_len) */ void header_switch(iptr,fpout) /* unsigned char **iptr0; */