aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorColin Percival <cperciva@FreeBSD.org>2004-11-18 12:06:51 +0000
committerColin Percival <cperciva@FreeBSD.org>2004-11-18 12:06:51 +0000
commitf7e41fe05b63955dae50c7f789e363576b0570af (patch)
tree8ad280bc0b6ae7947ce072b99ab246c92c44aadb
parent503667654bb4362b55a289bd93715dcc001867cb (diff)
downloadsrc-f7e41fe05b63955dae50c7f789e363576b0570af.tar.gz
src-f7e41fe05b63955dae50c7f789e363576b0570af.zip
FreeBSD-SA-04:16.fetch:
MFC revision 1.75 of src/usr.bin/fetch/fetch.c Bump newvers.sh and document in UPDATING. Approved by: so
Notes
Notes: svn path=/releng/4.9/; revision=137856
-rw-r--r--UPDATING4
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--usr.bin/fetch/fetch.c3
3 files changed, 7 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index 4deccd3e2150..4d9df8ce558b 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,10 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20041118: p13 FreeBSD-SA-04:16.fetch
+ Correct a buffer overflow in fetch(1) which could allow a
+ mallicious server to execute arbitrary code on the client.
+
20040919: p12 FreeBSD-SA-04:14.cvs
Correct several vulnerabilities in CVS (CAN-2004-0414,
CAN-2004-0416, CAN-2004-0417, CAN-2004-0418, CAN-2004-0778).
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 5994ae06c428..16670061961f 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.9"
-BRANCH="RELEASE-p12"
+BRANCH="RELEASE-p13"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
diff --git a/usr.bin/fetch/fetch.c b/usr.bin/fetch/fetch.c
index 00bcc7659ba6..e8c9536a5ce3 100644
--- a/usr.bin/fetch/fetch.c
+++ b/usr.bin/fetch/fetch.c
@@ -565,7 +565,8 @@ fetch(char *URL, const char *path)
/* suck in the data */
signal(SIGINFO, sig_handler);
while (!sigint) {
- if (us.size != -1 && us.size - count < B_size)
+ if (us.size != -1 && us.size - count < B_size &&
+ us.size - count >= 0)
size = us.size - count;
else
size = B_size;