[BACK]Return to patch-aj CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / multimedia / xine-ui / patches

File: [cvs.NetBSD.org] / pkgsrc / multimedia / xine-ui / patches / patch-aj (download)

Revision 1.7, Sun Jan 21 18:44:59 2018 UTC (20 months, 3 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.6: +13 -2 lines

xine-ui: fix two buffer overflows found by SSP

From Anon.

Bump PKGREVISION.

$NetBSD: patch-aj,v 1.7 2018/01/21 18:44:59 wiz Exp $

Support NetBSD and DragonFlyBSD.
https://bugs.xine-project.org/show_bug.cgi?id=515

Fix buffer overflow

--- src/xitk/session.c.orig	2014-02-25 16:52:58.000000000 +0000
+++ src/xitk/session.c
@@ -21,7 +21,7 @@
 /* Largely inspired of xmms control socket stuff */
 
 /* required for getsubopt(); the __sun test gives us strncasecmp() on solaris */
-#if ! defined (__sun) && ! defined (__OpenBSD__) && ! defined (__FreeBSD__)
+#if ! defined (__sun) && ! defined (__OpenBSD__) && ! defined (__FreeBSD__) && !defined(__NetBSD__) && !defined(__DragonFly__)
 #define _XOPEN_SOURCE 500
 #endif
 
@@ -453,7 +453,7 @@ int init_session(void) {
     for(i = 0;; i++)	{
       saddr.un.sun_family = AF_UNIX;
       
-      snprintf(saddr.un.sun_path, 108, "%s%s%d", (xine_get_homedir()), "/.xine/session.", i);
+      snprintf(saddr.un.sun_path, sizeof(saddr.un.sun_path), "%s%s%d", (xine_get_homedir()), "/.xine/session.", i);
       if(!is_remote_running(i)) {
 	if((unlink(saddr.un.sun_path) == -1) && errno != ENOENT) {
 	  fprintf(stderr, "setup_ctrlsocket(): Failed to unlink %s (Error: %s)",