network/squidGuard: Add missing patches.

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
This commit is contained in:
Willy Sudiarto Raharjo 2015-02-07 19:10:09 +07:00
parent 1c8b4ee4d7
commit 241b765d85
2 changed files with 79 additions and 13 deletions

View File

@ -25,7 +25,7 @@
PRGNAM=squidGuard
VERSION=${VERSION:-1.4}
BUILD=${BUILD:-1}
BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
@ -63,18 +63,6 @@ cd $TMP
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
# Fixes a buffer overflow problem and prevents squidGuard from going into
# emergency mode when overlong URLs are encountered (they can be perfectly
# legal).
tar xvf $CWD/patches/$PRGNAM-$VERSION-patch-20091015.tar.gz
cat $PRGNAM-$VERSION-patch-20091015/sgLog.c > $PRGNAM-$VERSION/src/sgLog.c
# Fixes two bypass problems with URLs having a length closed to the defined
# MAX_BUF value (4096).
tar xvf $CWD/patches/$PRGNAM-$VERSION-patch-20091019.tar.gz
cat $PRGNAM-$VERSION-20091019/sg.h.in > $PRGNAM-$VERSION/src/sg.h.in
cat $PRGNAM-$VERSION-20091019/sgDiv.c.in > $PRGNAM-$VERSION/src/sgDiv.c.in
cd $PRGNAM-$VERSION
chown -R root:root .
find -L . \
@ -83,6 +71,15 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
# Fixes a buffer overflow problem and prevents squidGuard from going into
# emergency mode when overlong URLs are encountered (they can be perfectly
# legal).
# Fixes two bypass problems with URLs having a length closed to the defined
# MAX_BUF value (4096).
patch -p1 < $CWD/squidGuard.patch
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \

View File

@ -0,0 +1,69 @@
diff -Nur squidGuard-1.4.orig/src/sg.h.in squidGuard-1.4/src/sg.h.in
--- squidGuard-1.4.orig/src/sg.h.in 2007-11-16 23:58:32.000000000 +0700
+++ squidGuard-1.4/src/sg.h.in 2015-02-07 22:26:18.632797069 +0700
@@ -73,7 +73,7 @@
#define REQUEST_TYPE_REDIRECT 2
#define REQUEST_TYPE_PASS 3
-#define MAX_BUF 4096
+#define MAX_BUF 12288
#define DEFAULT_LOGFILE "squidGuard.log"
#define WARNING_LOGFILE "squidGuard.log"
diff -Nur squidGuard-1.4.orig/src/sgDiv.c.in squidGuard-1.4/src/sgDiv.c.in
--- squidGuard-1.4.orig/src/sgDiv.c.in 2008-07-14 23:02:43.000000000 +0700
+++ squidGuard-1.4/src/sgDiv.c.in 2015-02-07 22:26:18.632797069 +0700
@@ -745,7 +745,7 @@
p++;
break;
case 'u': /* Requested URL */
- strcat(buf, req->orig);
+ strncat(buf, req->orig, 2048);
p++;
break;
default:
diff -Nur squidGuard-1.4.orig/src/sgLog.c squidGuard-1.4/src/sgLog.c
--- squidGuard-1.4.orig/src/sgLog.c 2007-11-16 23:58:32.000000000 +0700
+++ squidGuard-1.4/src/sgLog.c 2015-02-07 22:26:39.122853889 +0700
@@ -2,7 +2,7 @@
By accepting this notice, you agree to be bound by the following
agreements:
- This software product, squidGuard, is copyrighted (C) 1998-2007
+ This software product, squidGuard, is copyrighted (C) 1998-2009
by Christine Kronberg, Shalla Secure Services. All rights reserved.
This program is free software; you can redistribute it and/or modify it
@@ -55,8 +55,8 @@
char msg[MAX_BUF];
va_list ap;
VA_START(ap, format);
- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
- fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno));
+ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
+ fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno));
va_end(ap);
date = niso(0);
if(globalDebug || log == NULL) {
@@ -87,8 +87,8 @@
char msg[MAX_BUF];
va_list ap;
VA_START(ap, format);
- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
- sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno));
+ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
+ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
va_end(ap);
sgLog(globalErrorLog,"%s",msg);
}
@@ -104,8 +104,8 @@
char msg[MAX_BUF];
va_list ap;
VA_START(ap, format);
- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
- return;
+ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
+ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
va_end(ap);
sgLog(globalErrorLog,"%s",msg);
sgEmergency();