aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2005-04-22 18:17:22 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2005-04-22 18:17:22 +0000
commitb02227bd7cbd7e1bae28bc7ceb35c2fe911b8659 (patch)
tree46d501a89a555441ee638005739235c43270235d
parente137478c40733b56a78f049cf96b03aa187bf008 (diff)
downloadsrc-b02227bd7cbd7e1bae28bc7ceb35c2fe911b8659.tar.gz
src-b02227bd7cbd7e1bae28bc7ceb35c2fe911b8659.zip
MFC:
Correct multiple security related errors: a buffer overflow, NULL pointer dereferences, possible use of uninitialized variables, and memory leaks. Security: CAN-2005-0753 Security: FreeBSD-SA-05:05.cvs Approved by: so (cperciva)
Notes
Notes: svn path=/releng/4.11/; revision=145411
-rw-r--r--UPDATING3
-rw-r--r--contrib/cvs/src/login.c2
-rw-r--r--contrib/cvs/src/patch.c7
-rw-r--r--contrib/cvs/src/rcs.c9
-rw-r--r--sys/conf/newvers.sh2
5 files changed, 14 insertions, 9 deletions
diff --git a/UPDATING b/UPDATING
index fb35bfc936af..3948924e2738 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20050422: p4 FreeBSD-SA-05:05.cvs
+ Correct several vulnerabilities in CVS.
+
20050414: p3 FreeBSD-SA-05:04.ifconf
Zero a buffer in ifconf() in order to avoid accidental
disclosure of kernel memory to userland.
diff --git a/contrib/cvs/src/login.c b/contrib/cvs/src/login.c
index 2b8bbea2c612..86705eab973a 100644
--- a/contrib/cvs/src/login.c
+++ b/contrib/cvs/src/login.c
@@ -116,7 +116,7 @@ password_entry_parseline (cvsroot_canonical, warn, linenumber, linebuf)
if (isspace(*(linebuf + 1)))
/* special case since strtoul ignores leading white space */
- entry_version = 0;
+ q = linebuf + 1;
else
entry_version = strtoul (linebuf + 1, &q, 10);
diff --git a/contrib/cvs/src/patch.c b/contrib/cvs/src/patch.c
index cba6a8a02fa8..e2e67b893d55 100644
--- a/contrib/cvs/src/patch.c
+++ b/contrib/cvs/src/patch.c
@@ -385,6 +385,7 @@ patch_fileproc (callerdat, finfo)
struct utimbuf t;
char *vers_tag, *vers_head;
char *rcs = NULL;
+ char *rcs_orig = NULL;
RCSNode *rcsfile;
FILE *fp1, *fp2, *fp3;
int ret = 0;
@@ -415,7 +416,7 @@ patch_fileproc (callerdat, finfo)
if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC))
isattic = 1;
- rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
+ rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
(void) sprintf (rcs, "%s%s", finfo->file, RCSEXT);
/* if vers_head is NULL, may have been removed from the release */
@@ -757,8 +758,8 @@ failed to read diff file header %s for %s: end of file", tmpfile3, rcs);
free (vers_tag);
if (vers_head != NULL)
free (vers_head);
- if (rcs != NULL)
- free (rcs);
+ if (rcs_orig)
+ free (rcs_orig);
return ret;
}
diff --git a/contrib/cvs/src/rcs.c b/contrib/cvs/src/rcs.c
index 8aee286050ee..6728303e62ef 100644
--- a/contrib/cvs/src/rcs.c
+++ b/contrib/cvs/src/rcs.c
@@ -3040,8 +3040,7 @@ RCS_getdate (rcs, date, force_tag_match)
if (retval != NULL)
return (retval);
- if (!force_tag_match ||
- (vers != NULL && RCS_datecmp (vers->date, date) <= 0))
+ if (vers && (!force_tag_match || RCS_datecmp (vers->date, date) <= 0))
return xstrdup (vers->version);
else
return NULL;
@@ -4138,7 +4137,7 @@ RCS_checkout (rcs, workfile, rev, nametag, options, sout, pfn, callerdat)
size_t len;
int free_value = 0;
char *log = NULL;
- size_t loglen;
+ size_t loglen = 0;
Node *vp = NULL;
#ifdef PRESERVE_PERMISSIONS_SUPPORT
uid_t rcs_owner = (uid_t) -1;
@@ -7456,7 +7455,7 @@ RCS_deltas (rcs, fp, rcsbuf, version, op, text, len, log, loglen)
for (ln = 0; ln < headlines.nlines; ++ln)
{
- char buf[80];
+ char *buf;
/* Period which separates year from month in date. */
char *ym;
/* Period which separates month from day in date. */
@@ -7467,10 +7466,12 @@ RCS_deltas (rcs, fp, rcsbuf, version, op, text, len, log, loglen)
if (prvers == NULL)
prvers = vers;
+ buf = xmalloc (strlen (prvers->version) + 24);
sprintf (buf, "%-12s (%-8.8s ",
prvers->version,
prvers->author);
cvs_output (buf, 0);
+ free (buf);
/* Now output the date. */
ym = strchr (prvers->date, '.');
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 688acec22b27..d899b9ff6273 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.11"
-BRANCH="RELEASE-p3"
+BRANCH="RELEASE-p4"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"