[packages/slang.git] / slang-security.patch

--- slang1.3.5/src/sltermin.c.old	Tue Jan 12 06:29:12 1999
+++ slang1.3.5/src/sltermin.c	Wed May 12 17:17:15 1999
@@ -105,7 +105,31 @@
     * I will also look into the use of setreuid, seteuid and setregid, setegid.
     * FIXME: Priority=medium
     */
+    /* If your system lacks setfsuid/getfsuid either write
+       equivalent support or dont use slang to build setuid/setgid
+       apps like Mutt */
+ 
+   if(setfsuid(getuid())==-1)
+   {
+       perror("setfsuid");
+       return NULL;
+   }
+   if(setfsgid(getgid())==-1)
+   {
+       perror("setfsgid");
+       return NULL;
+   }
    fp = fopen (file, "rb");
+   if(setfsuid(geteuid())==-1)
+   {
+       perror("setfsuid");
+       return NULL;
+   }
+   if(setfsgid(getegid())==-1)
+   {
+       perror("setfsgid");
+       return NULL;
+   }
    if (fp == NULL) return NULL;
 
    if ((12 == fread ((char *) buf, 1, 12, fp) && (MAGIC == make_integer (buf))))
@@ -278,7 +302,7 @@
 	if ((tidir != NULL)
 	    && (sizeof (file) > strlen (tidir) + 2 + strlen (term)))
 	  {
-	     sprintf (file, "%s/%c/%s", tidir, *term, term);
+	     snprintf (file, sizeof(file), "%s/%c/%s", tidir, *term, term);
 	     if (NULL != (fp = open_terminfo (file, ti)))
 	       break;
 	  }
Commit	Line	Data
06061835 AF	1	--- slang1.3.5/src/sltermin.c.old Tue Jan 12 06:29:12 1999
	2	+++ slang1.3.5/src/sltermin.c Wed May 12 17:17:15 1999
	3	@@ -105,7 +105,31 @@
	4	* I will also look into the use of setreuid, seteuid and setregid, setegid.
	5	* FIXME: Priority=medium
	6	*/
	7	+ /* If your system lacks setfsuid/getfsuid either write
	8	+ equivalent support or dont use slang to build setuid/setgid
	9	+ apps like Mutt */
	10	+
43a51512 AF	11	+ if(setfsuid(getuid())==-1)
43a51512 AF	12	+ {
06061835 AF	13	+ perror("setfsuid");
06061835 AF	14	+ return NULL;
43a51512 AF	15	+ }
	16	+ if(setfsgid(getgid())==-1)
	17	+ {
06061835 AF	18	+ perror("setfsgid");
06061835 AF	19	+ return NULL;
43a51512 AF	20	+ }
	21	fp = fopen (file, "rb");
	22	+ if(setfsuid(geteuid())==-1)
	23	+ {
06061835 AF	24	+ perror("setfsuid");
06061835 AF	25	+ return NULL;
43a51512 AF	26	+ }
	27	+ if(setfsgid(getegid())==-1)
	28	+ {
06061835 AF	29	+ perror("setfsgid");
06061835 AF	30	+ return NULL;
43a51512 AF	31	+ }
	32	if (fp == NULL) return NULL;
	33
	34	if ((12 == fread ((char *) buf, 1, 12, fp) && (MAGIC == make_integer (buf))))
06061835	35	@@ -278,7 +302,7 @@
43a51512 AF	36	if ((tidir != NULL)
	37	&& (sizeof (file) > strlen (tidir) + 2 + strlen (term)))
	38	{
	39	- sprintf (file, "%s/%c/%s", tidir, *term, term);
	40	+ snprintf (file, sizeof(file), "%s/%c/%s", tidir, *term, term);
	41	if (NULL != (fp = open_terminfo (file, ti)))
	42	break;
	43	}