aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2005-04-22 17:58:25 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2005-04-22 17:58:25 +0000
commit31363b6067f34eaecf45a58bf60fb2f85542bd60 (patch)
tree081bd1bd93ef89017d0a5e44074b9888d47f0e37
parentde12942735947710d7266625418cf421f3a3cce0 (diff)
downloadsrc-31363b6067f34eaecf45a58bf60fb2f85542bd60.tar.gz
src-31363b6067f34eaecf45a58bf60fb2f85542bd60.zip
Correct multiple security related errors: a buffer overflow, NULL
pointer dereferences, possible use of uninitialized variables, and memory leaks. Security: CAN-2005-0753 Security: FreeBSD-SA-05:05.cvs Approved by: peter
Notes
Notes: svn path=/head/; revision=145406
-rw-r--r--contrib/cvs/src/login.c2
-rw-r--r--contrib/cvs/src/patch.c9
-rw-r--r--contrib/cvs/src/rcs.c9
3 files changed, 12 insertions, 8 deletions
diff --git a/contrib/cvs/src/login.c b/contrib/cvs/src/login.c
index 2b8bbea2c612..86705eab973a 100644
--- a/contrib/cvs/src/login.c
+++ b/contrib/cvs/src/login.c
@@ -116,7 +116,7 @@ password_entry_parseline (cvsroot_canonical, warn, linenumber, linebuf)
if (isspace(*(linebuf + 1)))
/* special case since strtoul ignores leading white space */
- entry_version = 0;
+ q = linebuf + 1;
else
entry_version = strtoul (linebuf + 1, &q, 10);
diff --git a/contrib/cvs/src/patch.c b/contrib/cvs/src/patch.c
index cba6a8a02fa8..7d99f29a602c 100644
--- a/contrib/cvs/src/patch.c
+++ b/contrib/cvs/src/patch.c
@@ -10,6 +10,8 @@
* Create a Larry Wall format "patch" file between a previous release and the
* current head of a module, or between two releases. Can specify the
* release as either a date or a revision number.
+ *
+ * $FreeBSD$
*/
#include <assert.h>
@@ -385,6 +387,7 @@ patch_fileproc (callerdat, finfo)
struct utimbuf t;
char *vers_tag, *vers_head;
char *rcs = NULL;
+ char *rcs_orig = NULL;
RCSNode *rcsfile;
FILE *fp1, *fp2, *fp3;
int ret = 0;
@@ -415,7 +418,7 @@ patch_fileproc (callerdat, finfo)
if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC))
isattic = 1;
- rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
+ rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
(void) sprintf (rcs, "%s%s", finfo->file, RCSEXT);
/* if vers_head is NULL, may have been removed from the release */
@@ -757,8 +760,8 @@ failed to read diff file header %s for %s: end of file", tmpfile3, rcs);
free (vers_tag);
if (vers_head != NULL)
free (vers_head);
- if (rcs != NULL)
- free (rcs);
+ if (rcs_orig)
+ free (rcs_orig);
return ret;
}
diff --git a/contrib/cvs/src/rcs.c b/contrib/cvs/src/rcs.c
index f60d02e971ef..1d3c1fdbbfac 100644
--- a/contrib/cvs/src/rcs.c
+++ b/contrib/cvs/src/rcs.c
@@ -3041,8 +3041,7 @@ RCS_getdate (rcs, date, force_tag_match)
if (retval != NULL)
return (retval);
- if (!force_tag_match ||
- (vers != NULL && RCS_datecmp (vers->date, date) <= 0))
+ if (vers && (!force_tag_match || RCS_datecmp (vers->date, date) <= 0))
return xstrdup (vers->version);
else
return NULL;
@@ -4139,7 +4138,7 @@ RCS_checkout (rcs, workfile, rev, nametag, options, sout, pfn, callerdat)
size_t len;
int free_value = 0;
char *log = NULL;
- size_t loglen;
+ size_t loglen = 0;
Node *vp = NULL;
#ifdef PRESERVE_PERMISSIONS_SUPPORT
uid_t rcs_owner = (uid_t) -1;
@@ -7457,7 +7456,7 @@ RCS_deltas (rcs, fp, rcsbuf, version, op, text, len, log, loglen)
for (ln = 0; ln < headlines.nlines; ++ln)
{
- char buf[80];
+ char *buf;
/* Period which separates year from month in date. */
char *ym;
/* Period which separates month from day in date. */
@@ -7468,10 +7467,12 @@ RCS_deltas (rcs, fp, rcsbuf, version, op, text, len, log, loglen)
if (prvers == NULL)
prvers = vers;
+ buf = xmalloc (strlen (prvers->version) + 24);
sprintf (buf, "%-12s (%-8.8s ",
prvers->version,
prvers->author);
cvs_output (buf, 0);
+ free (buf);
/* Now output the date. */
ym = strchr (prvers->date, '.');