vid 87cc48fd-5fdd-11d8-80e3-0020ed76ef5a (mnogoSearch)
David A. Koran
dak at solo.net
Wed Nov 10 16:22:07 GMT 2004
(ref:
http://www.freebsd.org/ports/portaudit/87cc48fd-5fdd-11d8-80e3-0020ed76ef5a.html)
mnGoSearch buffer overflow in UdmDocToTextBuf()
I belive the issue raised in this portaudit report has been fixed is
susequent versions (ref: http://www.mnogosearch.ru/history.html)
they've implemented bounds checking, but it wasn't listed in their
ChangeLog.
Please bump the port up to the current version, let me know if this
needs a port maintainer since 3.1 trees are no longer supported, and the
last major upgrade was 9+ months ago.
----[ code from mnogosearch-3.2.24 ]----
int UdmDocToTextBuf(UDM_DOCUMENT * Doc,char *textbuf,size_t len){
size_t i;
char *end;
textbuf[0]='\0';
udm_snprintf(textbuf, len, "<DOC");
end=textbuf+strlen(textbuf);
for(i=0;i<Doc->Sections.nvars;i++){
UDM_VAR *S=&Doc->Sections.Var[i];
if(!S->name || !S->val ||!S->val[0])continue;
if(!S->section &&
strcasecmp(S->name,"ID") &&
strcasecmp(S->name,"URL") &&
strcasecmp(S->name,"Status") &&
strcasecmp(S->name,"Content-Type") &&
strcasecmp(S->name,"Content-Length") &&
strcasecmp(S->name,"Content-Language") &&
strcasecmp(S->name,"Last-Modified") &&
strcasecmp(S->name,"Tag") &&
strcasecmp(S->name,"Category"))
continue;
udm_snprintf(end, len - (end - textbuf), "\t%s=\"%s\"",
S->name, S->val);
end = end + strlen(end);
}
if (len - (end - textbuf) > 1) strcpy(end, ">");
return UDM_OK;
}
More information about the freebsd-ports
mailing list