aboutsummaryrefslogtreecommitdiffstats
path: root/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch')
-rw-r--r--recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch46
1 files changed, 46 insertions, 0 deletions
diff --git a/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch
new file mode 100644
index 0000000000..6f0d9a817d
--- /dev/null
+++ b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch
@@ -0,0 +1,46 @@
+Index: squidGuard-1.4/src/sgLog.c
+===================================================================
+--- squidGuard-1.4.orig/src/sgLog.c
++++ squidGuard-1.4/src/sgLog.c
+@@ -2,7 +2,7 @@
+ By accepting this notice, you agree to be bound by the following
+ agreements:
+
+- This software product, squidGuard, is copyrighted (C) 1998-2007
++ This software product, squidGuard, is copyrighted (C) 1998-2009
+ by Christine Kronberg, Shalla Secure Services. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify it
+@@ -55,8 +55,8 @@ void sgLog(log, format, va_alist)
+ char msg[MAX_BUF];
+ va_list ap;
+ VA_START(ap, format);
+- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
+- fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno));
++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
++ fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno));
+ va_end(ap);
+ date = niso(0);
+ if(globalDebug || log == NULL) {
+@@ -87,8 +87,8 @@ void sgLogError(format, va_alist)
+ char msg[MAX_BUF];
+ va_list ap;
+ VA_START(ap, format);
+- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
+- sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno));
++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+ va_end(ap);
+ sgLog(globalErrorLog,"%s",msg);
+ }
+@@ -104,8 +104,8 @@ void sgLogFatalError(format, va_alist)
+ char msg[MAX_BUF];
+ va_list ap;
+ VA_START(ap, format);
+- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
+- return;
++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+ va_end(ap);
+ sgLog(globalErrorLog,"%s",msg);
+ sgEmergency();
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-09-26 14:43:55 +0000