Module Name: src
Committed By: drochner
Date: Thu Feb 9 16:28:53 UTC 2012
Modified Files:
src/external/gpl2/xcvs/dist/src: client.c
Log Message:
add patch from Redhat bug#784141 which fixes a possible
buffer overflow if used with an HTTP proxy (CVE-2012-0804)
approved by releng
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/external/gpl2/xcvs/dist/src/client.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/gpl2/xcvs/dist/src/client.c
diff -u src/external/gpl2/xcvs/dist/src/client.c:1.3 src/external/gpl2/xcvs/dist/src/client.c:1.4
--- src/external/gpl2/xcvs/dist/src/client.c:1.3 Sun May 15 17:52:41 2011
+++ src/external/gpl2/xcvs/dist/src/client.c Thu Feb 9 16:28:53 2012
@@ -3550,9 +3550,9 @@ connect_to_pserver (cvsroot_t *root, str
* code.
*/
read_line_via (from_server, to_server, &read_buf);
- sscanf (read_buf, "%s %d", write_buf, &codenum);
+ count = sscanf (read_buf, "%*s %d", &codenum);
- if ((codenum / 100) != 2)
+ if (count != 1 || (codenum / 100) != 2)
error (1, 0, "proxy server %s:%d does not support http tunnelling",
root->proxy_hostname, proxy_port_number);
free (read_buf);
