OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Michael Schloh
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 05-Mar-2004 15:16:29
Branch: OPENPKG_1_3_SOLID Handle: 2004030514162900
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/libxml libxml.patch libxml.spec
Log:
integration of patch code to accompany SA-2004.003-libxml
(CAN-2004-0110)
Summary:
Revision Changes Path
1.2.2.1.2.1 +198 -0 openpkg-src/libxml/libxml.patch
1.50.2.2.2.2+1 -1 openpkg-src/libxml/libxml.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/libxml/libxml.patch
============================================================================
$ cvs diff -u -r1.2.2.1 -r1.2.2.1.2.1 libxml.patch
--- openpkg-src/libxml/libxml.patch 24 Jul 2003 20:44:24 -0000 1.2.2.1
+++ openpkg-src/libxml/libxml.patch 5 Mar 2004 14:16:29 -0000 1.2.2.1.2.1
@@ -1,5 +1,131 @@
--- nanoftp.c.dist 2003-07-09 16:36:59.000000000 +0200
+++ nanoftp.c 2003-07-09 16:48:21.000000000 +0200
+@@ -87,6 +87,8 @@
+ #define FTP_GET_PASSWD 331
+ #define FTP_BUF_SIZE 512
+
++#define XML_NANO_MAX_URLBUF 4096
++
+ typedef struct xmlNanoFTPCtxt {
+ char *protocol; /* the protocol name */
+ char *hostname; /* the host name */
+@@ -250,7 +252,7 @@
+ xmlNanoFTPScanURL(void *ctx, const char *URL) {
+ xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
+ const char *cur = URL;
+- char buf[4096];
++ char buf[XML_NANO_MAX_URLBUF];
+ int indx = 0;
+ int port = 0;
+
+@@ -268,7 +270,7 @@
+ }
+ if (URL == NULL) return;
+ buf[indx] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (indx < XML_NANO_MAX_URLBUF - 1)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[indx] = 0;
+ ctxt->protocol = xmlMemStrdup(buf);
+@@ -285,7 +287,7 @@
+ {
+ const char *p = strchr(cur, '@');
+ if(p) {
+- while(1) {
++ while(indx < XML_NANO_MAX_URLBUF-1) {
+ if(cur[0] == ':' || cur[0] == '@') break;
+ buf[indx++] = *cur++;
+ }
+@@ -294,7 +296,7 @@
+ indx = 0;
+ if(cur[0] == ':') {
+ cur++;
+- while(1) {
++ while(indx < XML_NANO_MAX_URLBUF-1) {
+ if(cur[0] == '@') break;
+ buf[indx++] = *cur++;
+ }
+@@ -306,7 +308,7 @@
+ }
+ }
+
+- while (1) {
++ while (indx < XML_NANO_MAX_URLBUF-1) {
+ if ((strchr (cur, '[') && !strchr (cur, ']')) ||
+ (!strchr (cur, '[') && strchr (cur, ']'))) {
+ xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPScanURL: %s",
+@@ -373,7 +375,7 @@
+ else {
+ indx = 0;
+ buf[indx] = 0;
+- while (*cur != 0)
++ while ((*cur != 0) && (indx < XML_NANO_MAX_URLBUF-1))
+ buf[indx++] = *cur++;
+ buf[indx] = 0;
+ ctxt->path = xmlMemStrdup(buf);
+@@ -398,7 +400,7 @@
+ xmlNanoFTPUpdateURL(void *ctx, const char *URL) {
+ xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
+ const char *cur = URL;
+- char buf[4096];
++ char buf[XML_NANO_MAX_URLBUF];
+ int indx = 0;
+ int port = 0;
+
+@@ -411,7 +413,7 @@
+ if (ctxt->hostname == NULL)
+ return(-1);
+ buf[indx] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (indx < XML_NANO_MAX_URLBUF - 1)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[indx] = 0;
+ if (strcmp(ctxt->protocol, buf))
+@@ -426,7 +428,7 @@
+ return(-1);
+
+ buf[indx] = 0;
+- while (1) {
++ while (indx < XML_NANO_MAX_URLBUF - 1) {
+ if ((strchr (cur, '[') && !strchr (cur, ']')) ||
+ (!strchr (cur, '[') && strchr (cur, ']'))) {
+ xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPUpdateURL: %s",
+@@ -503,7 +505,7 @@
+ else {
+ indx = 0;
+ buf[indx] = 0;
+- while (*cur != 0)
++ while ((*cur != 0) && (indx < XML_NANO_MAX_URLBUF-1))
+ buf[indx++] = *cur++;
+ buf[indx] = 0;
+ ctxt->path = xmlMemStrdup(buf);
+@@ -524,7 +526,7 @@
+ void
+ xmlNanoFTPScanProxy(const char *URL) {
+ const char *cur = URL;
+- char buf[4096];
++ char buf[XML_NANO_MAX_URLBUF];
+ int indx = 0;
+ int port = 0;
+
+@@ -543,7 +545,7 @@
+ #endif
+ if (URL == NULL) return;
+ buf[indx] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (indx < XML_NANO_MAX_URLBUF-1)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[indx] = 0;
+ indx = 0;
+@@ -555,7 +557,7 @@
+ if (*cur == 0) return;
+
+ buf[indx] = 0;
+- while (1) {
++ while (indx < XML_NANO_MAX_URLBUF-1) {
+ if ((strchr (cur, '[') && !strchr (cur, ']')) ||
+ (!strchr (cur, '[') && strchr (cur, ']'))) {
+ xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPScanProxy: %s",
@@ -1480,7 +1480,7 @@
memset (&dataAddr, 0, sizeof(dataAddr));
@@ -54,3 +180,75 @@
char buf6[INET6_ADDRSTRLEN];
inet_ntop (AF_INET6, &((struct sockaddr_in6 *)&dataAddr)->sin6_addr,
buf6, INET6_ADDRSTRLEN);
+--- nanohttp.c.dist 2003-07-06 22:53:44.000000000 +0200
++++ nanohttp.c 2004-03-05 14:47:47.000000000 +0100
+@@ -237,6 +237,7 @@
+ const char *cur = URL;
+ char buf[4096];
+ int indx = 0;
++ const int indxMax = 4096 - 1;
+ int port = 0;
+
+ if (ctxt->protocol != NULL) {
+@@ -253,7 +254,7 @@
+ }
+ if (URL == NULL) return;
+ buf[indx] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (indx < indxMax)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[indx] = 0;
+ ctxt->protocol = xmlMemStrdup(buf);
+@@ -266,7 +267,7 @@
+ if (*cur == 0) return;
+
+ buf[indx] = 0;
+- while (1) {
++ while (indx < indxMax) {
+ if ((strchr (cur, '[') && !strchr (cur, ']')) ||
+ (!strchr (cur, '[') && strchr (cur, ']'))) {
+ xmlGenericError (xmlGenericErrorContext, "\nxmlNanoHTTPScanURL: %s",
+@@ -276,7 +277,7 @@
+
+ if (cur[0] == '[') {
+ cur++;
+- while (cur[0] != ']')
++ while ((cur[0] != ']') && (indx < indxMax))
+ buf[indx++] = *cur++;
+
+ if (!strchr (buf, ':')) {
+@@ -355,6 +356,7 @@
+ const char *cur = URL;
+ char buf[4096];
+ int indx = 0;
++ const int indxMax = 4096 - 1;
+ int port = 0;
+
+ if (proxy != NULL) {
+@@ -374,7 +376,7 @@
+ #endif
+ if (URL == NULL) return;
+ buf[indx] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (indx < indxMax)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[indx] = 0;
+ indx = 0;
+@@ -386,7 +388,7 @@
+ if (*cur == 0) return;
+
+ buf[indx] = 0;
+- while (1) {
++ while (indx < indxMax) {
+ if ((strchr (cur, '[') && !strchr (cur, ']')) ||
+ (!strchr (cur, '[') && strchr (cur, ']'))) {
+ xmlGenericError (xmlGenericErrorContext, "\nxmlNanoHTTPScanProxy: %s",
+@@ -394,7 +396,7 @@
+ return;
+ }
+
+- if (cur[0] == '[') {
++ if ((cur[0] == '[') && (indx < indxMax)) {
+ cur++;
+ while (cur[0] != ']')
+ buf[indx++] = *cur++;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/libxml/libxml.spec
============================================================================
$ cvs diff -u -r1.50.2.2.2.1 -r1.50.2.2.2.2 libxml.spec
--- openpkg-src/libxml/libxml.spec 29 Jul 2003 14:59:41 -0000 1.50.2.2.2.1
+++ openpkg-src/libxml/libxml.spec 5 Mar 2004 14:16:29 -0000 1.50.2.2.2.2
@@ -33,7 +33,7 @@
Group: SGML
License: LGPL
Version: 2.5.8
-Release: 1.3.0
+Release: 1.3.1
# list of sources
Source0: ftp://xmlsoft.org/libxml2-%{version}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
