From sime@logos.hr  Fri Sep 29 12:36:14 2006
Return-Path: <sime@logos.hr>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BBC5316A492;
	Fri, 29 Sep 2006 12:36:14 +0000 (UTC)
	(envelope-from sime@logos.hr)
Received: from mail.logos.hr (gates.logos.hr [213.149.47.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F2A2B43D78;
	Fri, 29 Sep 2006 12:36:13 +0000 (GMT)
	(envelope-from sime@logos.hr)
Received: from localhost (localhost.logos.hr [127.0.0.1])
	by mail.logos.hr (Postfix) with ESMTP id 63E5626D0EC;
	Fri, 29 Sep 2006 14:36:11 +0200 (CEST)
Received: from mail.logos.hr ([127.0.0.1])
 by localhost (mail.logos.hr [127.0.0.1]) (amavisd-new, port 10024) with LMTP
 id 42061-04-3; Fri, 29 Sep 2006 14:35:57 +0200 (CEST)
Received: by mail.logos.hr (Postfix, from userid 34062)
	id 3377426D0D6; Fri, 29 Sep 2006 14:35:57 +0200 (CEST)
Message-Id: <20060929123557.3377426D0D6@mail.logos.hr>
Date: Fri, 29 Sep 2006 14:35:57 +0200 (CEST)
From: Simun Mikecin <numisemis@yahoo.com>
Reply-To: Simun Mikecin <numisemis@yahoo.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: sem@freebsd.org
Subject: [fix] devel/gsoap: buffer overrun in version 2.7.8c
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         103810
>Category:       ports
>Synopsis:       [fix] devel/gsoap: buffer overrun in version 2.7.8c
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    sem
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 29 12:40:12 GMT 2006
>Closed-Date:    Sun Oct 08 11:26:01 GMT 2006
>Last-Modified:  Sun Oct  8 11:30:29 GMT 2006
>Originator:     Simun Mikecin
>Release:        FreeBSD 5.2.1-RELEASE-p9 i386
>Organization:
>Environment:
System: FreeBSD mail.logos.hr 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #1: Mon Jul 26 14:07:00 CEST 2004 root@mail.logos.hr:/usr/obj/usr/src.5.2.1-R/sys/MAIL i386

>Description:
There is a buffer overrun by one byte in stdsoap2.c and stdsoap2.cpp. See:
http://sourceforge.net/tracker/index.php?func=detail&aid=1534483&group_id=52781&atid=468021
>How-To-Repeat:
>Fix:
diff -urN gsoap.orig/Makefile gsoap/Makefile
--- gsoap.orig/Makefile	Sat Aug 12 11:28:02 2006
+++ gsoap/Makefile	Fri Sep 29 14:20:16 2006
@@ -7,7 +7,7 @@
 
 PORTNAME=	gsoap
 PORTVERSION=	2.7.8c
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	gsoap2
diff -urN gsoap.orig/files/patch-soapcpp2-stdsoap2.c gsoap/files/patch-soapcpp2-stdsoap2.c
--- gsoap.orig/files/patch-soapcpp2-stdsoap2.c	Fri May 19 23:15:26 2006
+++ gsoap/files/patch-soapcpp2-stdsoap2.c	Fri Sep 29 14:23:37 2006
@@ -1,6 +1,6 @@
---- soapcpp2/stdsoap2.c.orig	Sat May 20 00:20:40 2006
-+++ soapcpp2/stdsoap2.c	Sat May 20 00:58:33 2006
-@@ -3251,7 +3251,7 @@
+--- soapcpp2/stdsoap2.c.orig	Mon Jun 26 21:36:38 2006
++++ soapcpp2/stdsoap2.c	Fri Sep 29 14:22:51 2006
+@@ -3282,7 +3282,7 @@
      soap->errnum = h_errno;
    }
  #elif defined(HAVE_GETHOSTBYNAME_R)
@@ -9,3 +9,12 @@
  #elif defined(VXWORKS)
    /* If the DNS resolver library resolvLib has been configured in the vxWorks
     * image, a query for the host IP address is sent to the DNS server, if the
+@@ -7616,7 +7616,7 @@
+         break;
+     }
+     if (!tp)
+-    { tp = (struct soap_attribute*)SOAP_MALLOC(soap, sizeof(struct soap_attribute) + strlen(soap->tmpbuf));
++    { tp = (struct soap_attribute*)SOAP_MALLOC(soap, sizeof(struct soap_attribute) + strlen(soap->tmpbuf) + 1);
+       if (!tp)
+         return soap->error = SOAP_EOM;
+       strcpy(tp->name, soap->tmpbuf);
diff -urN gsoap.orig/files/patch-soapcpp2-stdsoap2.cpp gsoap/files/patch-soapcpp2-stdsoap2.cpp
--- gsoap.orig/files/patch-soapcpp2-stdsoap2.cpp	Sun Aug  6 20:41:40 2006
+++ gsoap/files/patch-soapcpp2-stdsoap2.cpp	Fri Sep 29 14:23:45 2006
@@ -1,5 +1,5 @@
---- soapcpp2/stdsoap2.cpp.orig	Mon Jun 26 23:36:38 2006
-+++ soapcpp2/stdsoap2.cpp	Sat Aug  5 12:18:51 2006
+--- soapcpp2/stdsoap2.c.orig	Mon Jun 26 21:36:38 2006
++++ soapcpp2/stdsoap2.cpp	Fri Sep 29 14:22:34 2006
 @@ -3282,7 +3282,7 @@
      soap->errnum = h_errno;
    }
@@ -18,3 +18,12 @@
              for (j = 0; j < sk_CONF_VALUE_num(val); j++)
              { CONF_VALUE *nval = sk_CONF_VALUE_value(val, j);
                if (nval && !strcmp(nval->name, "DNS") && !strcmp(nval->value, host))
+@@ -7616,7 +7616,7 @@
+         break;
+     }
+     if (!tp)
+-    { tp = (struct soap_attribute*)SOAP_MALLOC(soap, sizeof(struct soap_attribute) + strlen(soap->tmpbuf));
++    { tp = (struct soap_attribute*)SOAP_MALLOC(soap, sizeof(struct soap_attribute) + strlen(soap->tmpbuf) + 1);
+       if (!tp)
+         return soap->error = SOAP_EOM;
+       strcpy(tp->name, soap->tmpbuf);
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->sem 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Fri Sep 29 12:40:20 UTC 2006 
Responsible-Changed-Why:  
Over to maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103810 
State-Changed-From-To: open->closed 
State-Changed-By: sem 
State-Changed-When: Sun Oct 8 11:25:59 UTC 2006 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103810 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/103810: commit references a PR
Date: Sun,  8 Oct 2006 11:25:40 +0000 (UTC)

 sem         2006-10-08 11:25:32 UTC
 
   FreeBSD ports repository
 
   Modified files:
     devel/gsoap          Makefile 
     devel/gsoap/files    patch-soapcpp2-stdsoap2.c 
                          patch-soapcpp2-stdsoap2.cpp 
   Log:
   - A patch to prevent a buffer overrun
     http://sourceforge.net/tracker/index.php?func=detail&aid=1534483&group_id=52781&atid=468021
   
   PR:             ports/103810
   Submitted by:   Simun Mikecin <numisemis at yahoo.com>
   
   Revision  Changes    Path
   1.27      +1 -1      ports/devel/gsoap/Makefile
   1.2       +12 -3     ports/devel/gsoap/files/patch-soapcpp2-stdsoap2.c
   1.4       +11 -2     ports/devel/gsoap/files/patch-soapcpp2-stdsoap2.cpp
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
