From 241b765d8566546ecabc19413d5d353f233fa290 Mon Sep 17 00:00:00 2001 From: Willy Sudiarto Raharjo Date: Sat, 7 Feb 2015 19:10:09 +0700 Subject: network/squidGuard: Add missing patches. Signed-off-by: Willy Sudiarto Raharjo --- network/squidGuard/squidGuard.SlackBuild | 23 +++++------ network/squidGuard/squidGuard.patch | 69 ++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 13 deletions(-) create mode 100644 network/squidGuard/squidGuard.patch (limited to 'network/squidGuard') diff --git a/network/squidGuard/squidGuard.SlackBuild b/network/squidGuard/squidGuard.SlackBuild index aff5b9e326..b79867661b 100644 --- a/network/squidGuard/squidGuard.SlackBuild +++ b/network/squidGuard/squidGuard.SlackBuild @@ -25,7 +25,7 @@ PRGNAM=squidGuard VERSION=${VERSION:-1.4} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then @@ -63,18 +63,6 @@ cd $TMP rm -rf $PRGNAM-$VERSION tar xvf $CWD/$PRGNAM-$VERSION.tar.gz -# Fixes a buffer overflow problem and prevents squidGuard from going into -# emergency mode when overlong URLs are encountered (they can be perfectly -# legal). -tar xvf $CWD/patches/$PRGNAM-$VERSION-patch-20091015.tar.gz -cat $PRGNAM-$VERSION-patch-20091015/sgLog.c > $PRGNAM-$VERSION/src/sgLog.c - -# Fixes two bypass problems with URLs having a length closed to the defined -# MAX_BUF value (4096). -tar xvf $CWD/patches/$PRGNAM-$VERSION-patch-20091019.tar.gz -cat $PRGNAM-$VERSION-20091019/sg.h.in > $PRGNAM-$VERSION/src/sg.h.in -cat $PRGNAM-$VERSION-20091019/sgDiv.c.in > $PRGNAM-$VERSION/src/sgDiv.c.in - cd $PRGNAM-$VERSION chown -R root:root . find -L . \ @@ -83,6 +71,15 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; +# Fixes a buffer overflow problem and prevents squidGuard from going into +# emergency mode when overlong URLs are encountered (they can be perfectly +# legal). + +# Fixes two bypass problems with URLs having a length closed to the defined +# MAX_BUF value (4096). +patch -p1 < $CWD/squidGuard.patch + + CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ diff --git a/network/squidGuard/squidGuard.patch b/network/squidGuard/squidGuard.patch new file mode 100644 index 0000000000..46880baf67 --- /dev/null +++ b/network/squidGuard/squidGuard.patch @@ -0,0 +1,69 @@ +diff -Nur squidGuard-1.4.orig/src/sg.h.in squidGuard-1.4/src/sg.h.in +--- squidGuard-1.4.orig/src/sg.h.in 2007-11-16 23:58:32.000000000 +0700 ++++ squidGuard-1.4/src/sg.h.in 2015-02-07 22:26:18.632797069 +0700 +@@ -73,7 +73,7 @@ + #define REQUEST_TYPE_REDIRECT 2 + #define REQUEST_TYPE_PASS 3 + +-#define MAX_BUF 4096 ++#define MAX_BUF 12288 + + #define DEFAULT_LOGFILE "squidGuard.log" + #define WARNING_LOGFILE "squidGuard.log" +diff -Nur squidGuard-1.4.orig/src/sgDiv.c.in squidGuard-1.4/src/sgDiv.c.in +--- squidGuard-1.4.orig/src/sgDiv.c.in 2008-07-14 23:02:43.000000000 +0700 ++++ squidGuard-1.4/src/sgDiv.c.in 2015-02-07 22:26:18.632797069 +0700 +@@ -745,7 +745,7 @@ + p++; + break; + case 'u': /* Requested URL */ +- strcat(buf, req->orig); ++ strncat(buf, req->orig, 2048); + p++; + break; + default: +diff -Nur squidGuard-1.4.orig/src/sgLog.c squidGuard-1.4/src/sgLog.c +--- squidGuard-1.4.orig/src/sgLog.c 2007-11-16 23:58:32.000000000 +0700 ++++ squidGuard-1.4/src/sgLog.c 2015-02-07 22:26:39.122853889 +0700 +@@ -2,7 +2,7 @@ + By accepting this notice, you agree to be bound by the following + agreements: + +- This software product, squidGuard, is copyrighted (C) 1998-2007 ++ This software product, squidGuard, is copyrighted (C) 1998-2009 + by Christine Kronberg, Shalla Secure Services. All rights reserved. + + This program is free software; you can redistribute it and/or modify it +@@ -55,8 +55,8 @@ + char msg[MAX_BUF]; + va_list ap; + VA_START(ap, format); +- if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) +- fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno)); ++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) ++ fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno)); + va_end(ap); + date = niso(0); + if(globalDebug || log == NULL) { +@@ -87,8 +87,8 @@ + char msg[MAX_BUF]; + va_list ap; + VA_START(ap, format); +- if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) +- sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno)); ++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) ++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno)); + va_end(ap); + sgLog(globalErrorLog,"%s",msg); + } +@@ -104,8 +104,8 @@ + char msg[MAX_BUF]; + va_list ap; + VA_START(ap, format); +- if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) +- return; ++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) ++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno)); + va_end(ap); + sgLog(globalErrorLog,"%s",msg); + sgEmergency(); -- cgit v1.2.3