head	1.2;
access;
symbols
	RELEASE_5_4_0:1.1
	RELEASE_4_11_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2005.04.20.20.55.03;	author jylefort;	state dead;
branches;
next	1.1;

1.1
date	2004.10.13.10.17.01;	author simon;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- Update to 4.3.77
- Pass maintainership to sylvioc@@gmail.com
- Enable NLS and add WITHOUT_NLS knob

PR:		ports/80123
Submitted by:	Sylvio Cesar <sylvioc@@gmail.com>
Approved by:	adamw (mentor)
@
text
@--- src/shar.c.orig	1999-09-10 21:20:41.000000000 +0200
+++ src/shar.c	2004-09-29 15:09:40.790061000 +0200
@@@@ -1571,7 +1571,7 @@@@
 	  sprintf (command, "%s '%s'", CHARACTER_COUNT_COMMAND, local_name);
 	  if (pfp = popen (command, "r"), pfp)
 	    {
-	      char wc[BUFSIZ];
+		char wc[BUFSIZ], tempform[50];      
 	      const char *prefix = "";
 
 	      if (did_md5)
@@@@ -1579,8 +1579,8 @@@@
 		  fputs ("  else\n", output);
 		  prefix = "  ";
 		}
-
-	      fscanf (pfp, "%s", wc);
+	sprintf (tempform, "%%%ds", BUFSIZ - 1);
+	fscanf (pfp, tempform, wc);
 	      fprintf (output, "\
 %s  shar_count=\"`%s '%s'`\"\n\
 %s  test %s -eq \"$shar_count\" ||\n\
diff -Naur ./sharutils-4.2.1/src/unshar.c ./sharutils-4.2.1_new/src/unshar.c
--- src/unshar.c.orig	1995-11-21 17:22:14.000000000 +0100
+++ src/unshar.c	2004-09-29 15:09:44.682469264 +0200
@@@@ -346,8 +346,8 @@@@
 {
   size_t size_read;
   FILE *file;
-  char name_buffer[NAME_BUFFER_SIZE];
-  char copy_buffer[NAME_BUFFER_SIZE];
+  char name_buffer[NAME_BUFFER_SIZE] = {'\0'};
+  char copy_buffer[NAME_BUFFER_SIZE] = {'\0'};
   int optchar;
 
   program_name = argv[0];
@@@@ -409,14 +409,14 @@@@
   if (optind < argc)
     for (; optind < argc; optind++)
       {
-	if (argv[optind][0] == '/')
-	  stpcpy (name_buffer, argv[optind]);
-	else
-	  {
-	    char *cp = stpcpy (name_buffer, current_directory);
-	    *cp++ = '/';
-	    stpcpy (cp, argv[optind]);
-	  }
+	if (argv[optind][0] == '/') {
+		strncpy (name_buffer, argv[optind], sizeof(name_buffer));
+		name_buffer[sizeof(name_buffer)-1] = '\0';
+	}
+	else {
+		snprintf(name_buffer, sizeof(name_buffer),"%s/%s", current_directory, argv[optind]);
+		name_buffer[sizeof(name_buffer)-1] = '\0';
+	}
 	if (file = fopen (name_buffer, "r"), !file)
 	  error (EXIT_FAILURE, errno, name_buffer);
 	unarchive_shar_file (name_buffer, file);
@


1.1
log
@Security update to sharutils:
- Fix two buffer overflows. [1]
- Fix format string handling problems with command line parsing
  shar -o. [2]

Obtained from:	Gentoo [1] [2]
Patch by:	Michael Schrder [2]
VuXML:		26c9e8c6-1c99-11d9-814e-0001020eed82 [1]
Approved by:	erwin
@
text
@@

