Return to patch-aj CVS log | Up to [cvs.NetBSD.org] / pkgsrc / multimedia / xine-ui / patches |
File: [cvs.NetBSD.org] / pkgsrc / multimedia / xine-ui / patches / Attic / patch-aj (download)
Revision 1.7, Sun Jan 21 18:44:59 2018 UTC (6 years, 2 months ago) by wiz
xine-ui: fix two buffer overflows found by SSP From Anon. Bump PKGREVISION. |
$NetBSD: patch-aj,v 1.7 2018/01/21 18:44:59 wiz Exp $ Support NetBSD and DragonFlyBSD. https://bugs.xine-project.org/show_bug.cgi?id=515 Fix buffer overflow --- src/xitk/session.c.orig 2014-02-25 16:52:58.000000000 +0000 +++ src/xitk/session.c @@ -21,7 +21,7 @@ /* Largely inspired of xmms control socket stuff */ /* required for getsubopt(); the __sun test gives us strncasecmp() on solaris */ -#if ! defined (__sun) && ! defined (__OpenBSD__) && ! defined (__FreeBSD__) +#if ! defined (__sun) && ! defined (__OpenBSD__) && ! defined (__FreeBSD__) && !defined(__NetBSD__) && !defined(__DragonFly__) #define _XOPEN_SOURCE 500 #endif @@ -453,7 +453,7 @@ int init_session(void) { for(i = 0;; i++) { saddr.un.sun_family = AF_UNIX; - snprintf(saddr.un.sun_path, 108, "%s%s%d", (xine_get_homedir()), "/.xine/session.", i); + snprintf(saddr.un.sun_path, sizeof(saddr.un.sun_path), "%s%s%d", (xine_get_homedir()), "/.xine/session.", i); if(!is_remote_running(i)) { if((unlink(saddr.un.sun_path) == -1) && errno != ENOENT) { fprintf(stderr, "setup_ctrlsocket(): Failed to unlink %s (Error: %s)",