add patch from Redhat bug#784141 which fixes a possible

buffer overflow if used with an HTTP proxy (CVE-2012-0804) approved by releng
2012-02-09 16:28:53 +00:00 · 2012-02-09 16:28:53 +00:00 · f9e6b678d8
parent b7196e474c
commit f9e6b678d8
1 changed files with 2 additions and 2 deletions
--- a/external/gpl2/xcvs/dist/src/client.c
+++ b/external/gpl2/xcvs/dist/src/client.c
@ -3550,9 +3550,9 @@ connect_to_pserver (cvsroot_t *root, struct buffer **to_server_p,
         * code.
         */
 	read_line_via (from_server, to_server, &read_buf);
-	sscanf (read_buf, "%s %d", write_buf, &codenum);
+	count = sscanf (read_buf, "%*s %d", &codenum);

-	if ((codenum / 100) != 2)
+	if (count != 1 || (codenum / 100) != 2)
 	    error (1, 0, "proxy server %s:%d does not support http tunnelling",
 		   root->proxy_hostname, proxy_port_number);
 	free (read_buf);