head	1.2;
access;
symbols
	OPENPKG_E1_MP_HEAD:1.2
	OPENPKG_E1_MP:1.2
	OPENPKG_E1_MP_2_STABLE:1.2
	OPENPKG_E1_FP:1.2
	OPENPKG_2_STABLE_MP:1.2
	OPENPKG_2_STABLE_20061018:1.2
	OPENPKG_2_STABLE_20060622:1.2
	OPENPKG_2_STABLE:1.2.0.16
	OPENPKG_2_STABLE_BP:1.2
	OPENPKG_2_5_RELEASE:1.2
	OPENPKG_2_5_SOLID:1.2.0.14
	OPENPKG_2_5_SOLID_BP:1.2
	OPENPKG_2_4_RELEASE:1.2
	OPENPKG_2_4_SOLID:1.2.0.12
	OPENPKG_2_4_SOLID_BP:1.2
	OPENPKG_CW_FP:1.2
	OPENPKG_2_3_RELEASE:1.2
	OPENPKG_2_3_SOLID:1.2.0.10
	OPENPKG_2_3_SOLID_BP:1.2
	OPENPKG_2_2_RELEASE:1.2
	OPENPKG_2_2_SOLID:1.2.0.8
	OPENPKG_2_2_SOLID_BP:1.2
	OPENPKG_2_1_RELEASE:1.2
	OPENPKG_2_1_SOLID:1.2.0.6
	OPENPKG_2_1_SOLID_BP:1.2
	OPENPKG_1_3_SOLID:1.2.0.4
	OPENPKG_2_0_SOLID:1.2.0.2;
locks; strict;
comment	@# @;


1.2
date	2004.03.12.13.36.31;	author thl;	state Exp;
branches
	1.2.2.1
	1.2.4.1;
next	1.1;

1.1
date	2004.03.12.12.56.33;	author thl;	state Exp;
branches;
next	;

1.2.2.1
date	2004.03.12.14.00.17;	author thl;	state Exp;
branches;
next	;

1.2.4.1
date	2004.03.12.14.05.32;	author thl;	state Exp;
branches;
next	;


desc
@@


1.2
log
@mkstemp security enhancement
@
text
@Patch to defeat uudeview "UNKNOWN" filenames.
Problem introduced with 0.5.19
Problem remains in 0.5.20

Index: uuscan.c
--- uulib/uuscan.c.orig	2004-03-12 11:47:13.000000000 +0100
+++ uulib/uuscan.c	2004-03-12 13:37:54.000000000 +0100
@@@@ -1604,20 +1604,23 @@@@
     }
 
     /* skip empty lines */
-    prevpos = ftell (datei);
+    {
+    long localprevpos;
+    localprevpos = ftell (datei);
     if (IsLineEmpty (line)) {
       while (!feof (datei)) {
 	if (_FP_fgets (line, 255, datei) == NULL)
 	  break;
 	if (UUBUSYPOLL(ftell(datei),progress.fsize)) SPCANCEL();
 	if (!IsLineEmpty (line)) {
-	  fseek (datei, prevpos, SEEK_SET);
+	  fseek (datei, localprevpos, SEEK_SET);
 	  line[255] = '\0';
 	  break;
 	}
-	prevpos = ftell (datei);
+	localprevpos = ftell (datei);
       }
     }
+    }
 
     /*
      * If we don't have all valid MIME headers yet, but the following

mkstemp security enhancement. Similar to
FreeBSD http://www.freebsd.org/cgi/query-pr.cgi?pr=41508
SuSE uudeview-0.5.18-244.src.rpm

--- unix/uudeview.c
+++ unix/uudeview.c
@@@@ -434,7 +434,7 @@@@
     return 0;
   }
 
-  if ((stdfile = tempnam (NULL, "uu")) == NULL) {
+  if ((stdfile = _FP_tempnam (NULL, "uu")) == NULL) {
     fprintf (stderr, "proc_stdin: cannot get temporary file\n");
     return 0;
   }

--- uulib/fptools.c
+++ uulib/fptools.c
@@@@ -507,5 +507,15 @@@@
 char * TOOLEXPORT
 _FP_tempnam (char *dir, char *pfx)
 {
-  return _FP_strdup (tmpnam (NULL));
+  int fd;
+  char fileName[100];
+
+  strncpy(fileName, pfx, 90);
+  strcat(fileName, "XXXXXX");
+  fd = mkstemp(fileName);
+  if (fd == -1)
+	return NULL;
+  close(fd);
+  unlink(fileName);
+  return _FP_strdup (fileName);
 }

--- uulib/uunconc.c
+++ uulib/uunconc.c
@@@@ -1264,7 +1264,7 @@@@
   else
     mode = "wb";	/* otherwise in binary          */
 
-  if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
+  if ((data->binfile = _FP_tempnam (NULL, "uu")) == NULL) {
     UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
 	       uustring (S_NO_TEMP_NAME));
     return UURET_NOMEM;
@@@@ -1426,7 +1426,7 @@@@
    */
 
   if (data->uudet == BH_ENCODED && data->binfile) {
-    if ((ntmp = tempnam (NULL, "uu")) == NULL) {
+    if ((ntmp = _FP_tempnam (NULL, "uu")) == NULL) {
       UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
 		 uustring (S_NO_TEMP_NAME));
       progress.action = 0;

@


1.2.4.1
log
@MFC: mkstemp security enhancement; OpenPKG-SA-2004.006 backport of bugfixes from diff 0.5.18/ 0.5.20/ including two fixes for buffer overflows
@
text
@d1 35
a91 173

--- uulib/fptools.c	2001-06-06 20:21:47.000000000 +0200
+++ uulib/fptools.c	2003-04-13 17:41:55.000000000 +0200
@@@@ -392,7 +392,7 @@@@
 {
   char *ptr;
 
-  if (string == NULL)
+  if (string == NULL || !*string)
     return NULL;
 
   ptr = string + strlen (string) - 1;

--- uulib/uunconc.c	2002-04-02 12:04:52.000000000 +0200
+++ uulib/uunconc.c	2003-09-30 01:17:35.000000000 +0200
@@@@ -541,6 +541,8 @@@@
 
   while (vflag == 0 && nflag && safety--) {
     if (nflag == 1) {		/* need next line to repair */
+      if (strlen (line) > 250)
+	break;
       ptr = line + strlen (line);
       while (ptr>line && (*(ptr-1)=='\015' || *(ptr-1)=='\012'))
 	ptr--;
@@@@ -1336,7 +1401,7 @@@@
 
   iter = data->thisfile;
   while (iter) {
-    if (part != -1 && iter->partno != part+1)
+    if (part != -1 && iter->partno != part+1 && !uu_desperate)
       break;
     else
       part = iter->partno;

--- uulib/uuscan.c	2002-04-02 12:04:52.000000000 +0200
+++ uulib/uuscan.c	2003-07-06 20:29:35.000000000 +0200
@@@@ -855,7 +937,7 @@@@
 
     if (strncmp (line, "=ybegin ", 8) == 0 &&
 	_FP_strstr (line, " name=") != NULL) {
-      if ((result->begin || result->end) && !uu_more_mime) {
+      if ((result->begin || result->end || result->uudet) && !uu_more_mime) {
 	fseek (datei, oldposition, SEEK_SET);
 	break;
       }
@@@@ -928,8 +928,7 @@@@
       if (yepartends == 0 || yepartends >= yefilesize) {
 	result->end = 1;
       }
-      if (!uu_more_mime)
-	break;
+       continue;
     }
 
     /*
@@@@ -1402,9 +1504,9 @@@@
       if (UUBUSYPOLL(ftell(datei),progress.fsize)) SPCANCEL();
       if (_FP_fgets (line, 255, datei) == NULL)
 	break;
+      line[255] = '\0';
       if (!IsLineEmpty (line)) {
 	fseek (datei, preheaders, SEEK_SET);
-	line[255] = '\0';
 	break;
       }
       preheaders = ftell (datei);

http://www.fpx.de/fp/Software/UUDeview/HISTORY.txt
    0.5.20 (01.03.2004)
    --------
    - fix fgets to accept lines that are exactly of the maximum length [uunconc.c, uuscan.c]
    - fix two buffer overflows [uuscan.c@@@@391, fptools.c]

diff --unified=3 uudeview-0.5.19/uulib/fptools.c uudeview-0.5.20/uulib/fptools.c
--- uulib/fptools.c 1.7 2003-04-13 17:41:55.000000000 +0200
+++ uulib/fptools.c 1.8 2004-02-24 01:05:32.000000000 +0100
@@@@ -444,7 +444,7 @@@@
   if (feof (stream))
     return NULL;
 
-  while (--n) {
+  while (--n && !feof (stream)) {
     if ((c = fgetc (stream)) == EOF) {
       if (ferror (stream))
 	return NULL;
@@@@ -478,11 +478,28 @@@@
      */
     *buf++ = c;
   }
+
   /*
    * n-1 characters already transferred
    */
+
   *buf = '\0';
 
+  /*
+   * If a line break is coming up, read it
+   */
+
+  if (!feof (stream)) {
+    if ((c = fgetc (stream)) == '\015' && !feof (stream)) {
+      if ((c = fgetc (stream)) != '\012' && !feof (stream)) {
+	ungetc (c, stream);
+      }
+    }
+    else if (c != '\012' && !feof (stream)) {
+      ungetc (c, stream);
+    }
+  }
+
   return obp;
 }
 
diff --unified=3 uudeview-0.5.19/uulib/uunconc.c uudeview-0.5.20/uulib/uunconc.c
--- uulib/uunconc.c 1.36 2003-09-30 01:17:35.000000000 +0200
+++ uulib/uunconc.c 1.38 2004-03-01 23:52:27.000000000 +0100
@@@@ -1004,7 +1004,7 @@@@
   while (!feof (datain) && *state != DONE && 
 	 (ftell(datain)<maxpos || flags&FL_TOEND || maxpos==-1 ||
 	  (!(flags&FL_PROPER) && uu_fast_scanning))) {
-    if (_FP_fgets (line, 299, datain) == NULL)
+    if (_FP_fgets (line, 255, datain) == NULL)
       break;
 
     if (ferror (datain)) {
@@@@ -1046,7 +1046,7 @@@@
      * try to make sense of data
      */
 
-    line[299] = '\0'; /* For Safety of string functions */
+    line[255] = '\0'; /* For Safety of string functions */
     count     =  0;
 
     if (boundary && line[0]=='-' && line[1]=='-' &&
@@@@ -1113,7 +1113,7 @@@@
 	}
 
 	if (_FP_strstr (line, " part=") != NULL) {
-	  if (_FP_fgets (line, 299, datain) == NULL) {
+	  if (_FP_fgets (line, 255, datain) == NULL) {
 	    break;
 	  }
 
--- uulib/uuscan.c	2002-04-02 12:04:52.000000000 +0200
+++ uulib/uuscan.c	2003-07-06 20:29:35.000000000 +0200
@@@@ -310,8 +310,10 @@@@
 	   *attribute != '\\' &&*attribute != '"' &&
 	   *attribute != '/' && *attribute != '[' &&
 	   *attribute != ']' && *attribute != '?' &&
-	   *attribute != '=' && length < 255)
+	   *attribute != '=' && length < 255) {
       *ptr++ = *attribute++;
+      length++;
+    }
 
     *ptr = '\0';
   }
@@@@ -547,12 +547,12 @@@@
 
   while (!feof (datei)) {
     oldposition = ftell (datei);
-    if (_FP_fgets (line, 299, datei) == NULL)
+    if (_FP_fgets (line, 255, datei) == NULL)
       break;
     if (ferror (datei))
       break;
 
-    line[299] = '\0'; /* For Safety of string functions */
+    line[255] = '\0'; /* For Safety of string functions */
 
     /*
      * Make Busy Polls
@


1.2.2.1
log
@MFC: fix broken uudeview 0.5.19 and later; MFC: mkstemp security enhancement; OpenPKG-SA-2004.006 backport of bugfixes from diff 0.5.18/ 0.5.20/ including two fixes for buffer overflows
@
text
@a92 118
http://www.fpx.de/fp/Software/UUDeview/HISTORY.txt
    0.5.20 (01.03.2004)
    --------
    - fix bug in parsing of header lines [uuscan.c@@@@155]
    - fix fgets to accept lines that are exactly of the maximum length [uunconc.c, uuscan.c]
    - fix two buffer overflows [uuscan.c@@@@391, fptools.c]

diff --unified=3 uudeview-0.5.19/uulib/fptools.c uudeview-0.5.20/uulib/fptools.c
--- uulib/fptools.c 1.7 2003-04-13 17:41:55.000000000 +0200
+++ uulib/fptools.c 1.8 2004-02-24 01:05:32.000000000 +0100
@@@@ -444,7 +444,7 @@@@
   if (feof (stream))
     return NULL;
 
-  while (--n) {
+  while (--n && !feof (stream)) {
     if ((c = fgetc (stream)) == EOF) {
       if (ferror (stream))
 	return NULL;
@@@@ -478,11 +478,28 @@@@
      */
     *buf++ = c;
   }
+
   /*
    * n-1 characters already transferred
    */
+
   *buf = '\0';
 
+  /*
+   * If a line break is coming up, read it
+   */
+
+  if (!feof (stream)) {
+    if ((c = fgetc (stream)) == '\015' && !feof (stream)) {
+      if ((c = fgetc (stream)) != '\012' && !feof (stream)) {
+	ungetc (c, stream);
+      }
+    }
+    else if (c != '\012' && !feof (stream)) {
+      ungetc (c, stream);
+    }
+  }
+
   return obp;
 }
 
diff --unified=3 uudeview-0.5.19/uulib/uunconc.c uudeview-0.5.20/uulib/uunconc.c
--- uulib/uunconc.c 1.36 2003-09-30 01:17:35.000000000 +0200
+++ uulib/uunconc.c 1.38 2004-03-01 23:52:27.000000000 +0100
@@@@ -1004,7 +1004,7 @@@@
   while (!feof (datain) && *state != DONE && 
 	 (ftell(datain)<maxpos || flags&FL_TOEND || maxpos==-1 ||
 	  (!(flags&FL_PROPER) && uu_fast_scanning))) {
-    if (_FP_fgets (line, 299, datain) == NULL)
+    if (_FP_fgets (line, 255, datain) == NULL)
       break;
 
     if (ferror (datain)) {
@@@@ -1046,7 +1046,7 @@@@
      * try to make sense of data
      */
 
-    line[299] = '\0'; /* For Safety of string functions */
+    line[255] = '\0'; /* For Safety of string functions */
     count     =  0;
 
     if (boundary && line[0]=='-' && line[1]=='-' &&
@@@@ -1113,7 +1113,7 @@@@
 	}
 
 	if (_FP_strstr (line, " part=") != NULL) {
-	  if (_FP_fgets (line, 299, datain) == NULL) {
+	  if (_FP_fgets (line, 255, datain) == NULL) {
 	    break;
 	  }
 
diff --unified=3 uudeview-0.5.19/uulib/uuscan.c uudeview-0.5.20/uulib/uuscan.c
--- uulib/uuscan.c 1.43 2003-07-06 20:29:35.000000000 +0200
+++ uulib/uuscan.c 1.46 2004-03-01 23:52:27.000000000 +0100
@@@@ -155,7 +155,7 @@@@
 {
   if (data == NULL) return 0;
   if (*data == ':') return 0;
-  while (*data && isalnum (*data)) data++;
+  while (*data && (isalnum (*data) || *data=='-')) data++;
   return (*data == ':') ? 1 : 0;
 }
 
@@@@ -391,8 +391,10 @@@@
 	   *attribute != '\\' &&*attribute != '"' &&
 	   *attribute != '/' && /* *attribute != '[' &&
 	   *attribute != ']' && */ *attribute != '?' &&
-	   *attribute != '=' && length < 255)
+	   *attribute != '=' && length < 255) {
       *ptr++ = *attribute++;
+      length++;
+    }
 
     *ptr = '\0';
   }
@@@@ -629,12 +631,12 @@@@
 
   while (!feof (datei)) {
     oldposition = ftell (datei);
-    if (_FP_fgets (line, 299, datei) == NULL)
+    if (_FP_fgets (line, 255, datei) == NULL)
       break;
     if (ferror (datei))
       break;
 
-    line[299] = '\0'; /* For Safety of string functions */
+    line[255] = '\0'; /* For Safety of string functions */
 
     /*
      * Make Busy Polls

@


1.1
log
@fix broken uudeview 0.5.19 and later
@
text
@d36 57
@