Actually there are way more issues in it ... a small list that linux people have fixed: http://rpmfind.net/linux/RPM/suse/updates/10.0-OSS/i386/rpm/i586/zoo-2.10-858.4.i586.html
Patches for those follow; however this thing is a pile of poo altogether. There are likely many other issues (just look at the amount of remaining strcat/strcpy which come from user input). Someone should fix them all but I feel like I've already wasted enough time looking at this pile of poo. Anyway, someone should double check these don't break anything at least. Index: Makefile =================================================================== RCS file: /cvs/ports/archivers/zoo/Makefile,v retrieving revision 1.17 diff -u -p -r1.17 Makefile --- Makefile 21 Nov 2004 12:50:33 -0000 1.17 +++ Makefile 7 Apr 2006 07:41:16 -0000 @@ -3,7 +3,7 @@ COMMENT= "handle the old .ZOO archive format" DISTNAME= zoo-2.10pl1 -PKGNAME= zoo-2.10.1 +PKGNAME= zoo-2.10.1p0 CATEGORIES= archivers MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/ Index: patches/patch-misc_c =================================================================== RCS file: patches/patch-misc_c diff -N patches/patch-misc_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-misc_c 7 Apr 2006 07:41:16 -0000 @@ -0,0 +1,21 @@ +$OpenBSD$ +--- misc.c.orig Tue Jul 16 09:52:54 1991 ++++ misc.c Fri Apr 7 01:36:17 2006 +@@ -135,11 +135,16 @@ if available, else the short filename is + char *fullpath (direntry) + struct direntry *direntry; + { +- static char result[PATHSIZE]; ++ static char result[PATHSIZE+LFNAMESIZE+12]; /* Room for enough space.*/ + combine (result, + direntry->dirlen != 0 ? direntry->dirname : "", + (direntry->namlen != 0) ? direntry->lfname : direntry->fname + ); ++ ++ if (strlen (result) >= PATHSIZE) { ++ prterror ('f', "Combined dirname and filename too long!\n"); ++ } ++ + return (result); + } + Index: patches/patch-parse_c =================================================================== RCS file: patches/patch-parse_c diff -N patches/patch-parse_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-parse_c 7 Apr 2006 07:41:16 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- parse.c.orig Tue Jul 16 09:54:43 1991 ++++ parse.c Fri Apr 7 01:37:24 2006 +@@ -39,7 +39,7 @@ char *fname; + char *namep; /* points to relevant part of tempname */ + + char *p; +- strcpy (tempname, fname); ++ strlcpy(tempname, fname, LFNAMESIZE); + + #ifdef DEBUG + printf ("parse: supplied name is [%s].\n", tempname); Index: patches/patch-portable_c =================================================================== RCS file: patches/patch-portable_c diff -N patches/patch-portable_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-portable_c 7 Apr 2006 07:41:16 -0000 @@ -0,0 +1,35 @@ +$OpenBSD$ +--- portable.c.orig Tue Jul 16 09:55:11 1991 ++++ portable.c Fri Apr 7 01:35:28 2006 +@@ -364,6 +364,31 @@ ZOOFILE zoo_file; + show_dir(direntry); + } + #endif ++ char *p; ++ /* take off '../' */ ++ while ((p = strstr( direntry->dirname, "../" )) != NULL) { ++ while (*(p+3) != '\0') { ++ *p = *(p + 3); ++ p++; ++ } ++ *p = *(p+3); /* move last null */ ++ //printf("zoo: skipped \"../\" path component in '%s'\n", direntry->dirname); ++ } ++ /* take off '/' */ ++ if ( direntry->dirname[0] == '/' ) { ++ p = direntry->dirname; ++ while (*p != '\0') { ++ *p = *(p + 1); ++ p++; ++ } ++ *p = *(p+1); /* move last null */ ++ //printf("zoo: skipped \"/\" path component in '%s'\n", direntry->dirname); ++ } ++ /* take off '..' */ ++ if(!strcmp(direntry->dirname, "..")) ++ direntry->dirname[0] = '\0'; ++ /* direntry->dirlen = strlen(direntry->dirname); */ ++ + return (0); + } +