Files
@ a7af73317130
Branch filter:
Location: ohnobinki_overlay/net-misc/whois/files/whois-4.7.26-gentoo-security.patch - annotation
a7af73317130
2.8 KiB
text/x-diff
sys-apps/busybox: Bump to busybox-1.18.3.
(Portage version: 2.2.0_alpha26-r1/hg/Linux x86_64, signed Manifest commit with key 6BA81050)
(Portage version: 2.2.0_alpha26-r1/hg/Linux x86_64, signed Manifest commit with key 6BA81050)
c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c | --- whois-4.7.26/whois.c
+++ whois-4.7.26/whois.c
@@ -87,7 +87,7 @@
/* RIPE flags */
if (strchr(ripeflags, ch)) {
for (p = fstring; *p; p++);
- sprintf(p--, "-%c ", ch);
+ snprintf(p--, sizeof(fstring), "-%c ", ch);
continue;
}
if (strchr(ripeflagsp, ch)) {
@@ -141,10 +141,10 @@
while (1) {
qslen += strlen(*argv) + 1 + 1;
qstring = realloc(qstring, qslen);
- strcat(qstring, *argv++);
+ strncat(qstring, *argv++, qslen-1);
if (argc == 1)
break;
- strcat(qstring, " ");
+ strncat(qstring, " ", qslen-1);
argc--;
}
}
@@ -467,8 +467,10 @@
char *buf, *p;
int i, isripe = 0;
+ /* buflen was always 0 in original patch and buf was allocated twice /Aye */
/* 64 bytes reserved for server-specific flags added later */
- buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64);
+ int buflen = strlen(flags) + strlen(query) + strlen(client_tag) + 64;
+ buf = malloc(buflen);
*buf = '\0';
for (i = 0; ripe_servers[i]; i++)
if (streq(server, ripe_servers[i])) {
@@ -481,7 +483,7 @@
if (*flags) {
if (!isripe && !streq(server, "whois.corenic.net"))
puts(_("Warning: RIPE flags used with a traditional server."));
- strcat(buf, flags);
+ strncat(buf, flags, buflen-1);
}
#ifdef HAVE_LIBIDN
@@ -490,28 +492,28 @@
*/
if (streq(server, "whois.denic.de") && domcmp(query, ".de")
&& !strchr(query, ' ') && !*flags)
- sprintf(buf, "-T dn,ace -C US-ASCII %s", query);
+ snprintf(buf, buflen-1, "-T dn,ace -C US-ASCII %s", query);
else
/* here we have another registrar who could not make things simple
* -C sets the language for both input and output
*/
if (!isripe && streq(server, "whois.cat") && domcmp(query, ".cat")
&& !strchr(query, ' '))
- sprintf(buf, "-C US-ASCII ace %s", query);
+ snprintf(buf, buflen-1, "-C US-ASCII ace %s", query);
else
#endif
if (!isripe && (streq(server, "whois.nic.mil") ||
streq(server, "whois.nic.ad.jp")) &&
strncaseeq(query, "AS", 2) && isasciidigit(query[2]))
/* FIXME: /e is not applied to .JP ASN */
- sprintf(buf, "AS %s", query + 2); /* fix query for DDN */
+ snprintf(buf, buflen-1, "AS %s", query + 2); /* fix query for DDN */
else if (!isripe && (streq(server, "whois.nic.ad.jp") ||
streq(server, "whois.jprs.jp"))) {
char *lang = getenv("LANG"); /* not a perfect check, but... */
if (!lang || !strneq(lang, "ja", 2))
- sprintf(buf, "%s/e", query); /* ask for english text */
+ snprintf(buf, buflen-1, "%s/e", query); /* ask for english text */
else
- strcat(buf, query);
+ strncat(buf, query, buflen-1);
} else if (!isripe && streq(server, "whois.arin.net") &&
(p = strrchr(query, '/'))) {
strncat(buf, query, p - query); /* strip CIDR */
|