Module Name: src Committed By: drochner Date: Thu Feb 9 16:28:53 UTC 2012
Modified Files: src/external/gpl2/xcvs/dist/src: client.c Log Message: add patch from Redhat bug#784141 which fixes a possible buffer overflow if used with an HTTP proxy (CVE-2012-0804) approved by releng To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/external/gpl2/xcvs/dist/src/client.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/gpl2/xcvs/dist/src/client.c diff -u src/external/gpl2/xcvs/dist/src/client.c:1.3 src/external/gpl2/xcvs/dist/src/client.c:1.4 --- src/external/gpl2/xcvs/dist/src/client.c:1.3 Sun May 15 17:52:41 2011 +++ src/external/gpl2/xcvs/dist/src/client.c Thu Feb 9 16:28:53 2012 @@ -3550,9 +3550,9 @@ connect_to_pserver (cvsroot_t *root, str * code. */ read_line_via (from_server, to_server, &read_buf); - sscanf (read_buf, "%s %d", write_buf, &codenum); + count = sscanf (read_buf, "%*s %d", &codenum); - if ((codenum / 100) != 2) + if (count != 1 || (codenum / 100) != 2) error (1, 0, "proxy server %s:%d does not support http tunnelling", root->proxy_hostname, proxy_port_number); free (read_buf);