Sophie: libxml2-2.6.6-1.1.100mdk src

libxml2-2.6.6-1.1.100mdk.src.rpm

diff -EburN libxml2-2.5.10.orig/nanoftp.c libxml2-2.5.10/nanoftp.c
--- libxml2-2.5.10.orig/nanoftp.c	2004-10-27 13:03:52.000000000 +0200
+++ libxml2-2.5.10/nanoftp.c	2004-10-27 13:26:13.000000000 +0200
@@ -334,7 +334,7 @@
 
 	if (cur[0] == '[') {
 	    cur++;
-	    while (cur[0] != ']')
+	    while (cur[0] != ']' && (indx < XML_NANO_MAX_URLBUF-1))
 		buf[indx++] = *cur++;
 
 	    if (!strchr (buf, ':')) {
@@ -583,7 +583,7 @@
 
 	if (cur[0] == '[') {
 	    cur++;
-	    while (cur[0] != ']')
+	    while (cur[0] != ']' && (indx < XML_NANO_MAX_URLBUF-1))
 		buf[indx++] = *cur++;
 	    if (!strchr (buf, ':')) {
 		xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPScanProxy: %s",
@@ -1062,16 +1062,22 @@
 	}
 	else {
 	    if (tmp->ai_family == AF_INET6) {
-		memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
+		memcpy (&ctxt->ftpAddr, tmp->ai_addr,
+		tmp->ai_addrlen > sizeof(ctxt->ftpAddr) ? sizeof(ctxt->ftpAddr)
+							: tmp->ai_addrlen);
 		((struct sockaddr_in6 *) &ctxt->ftpAddr)->sin6_port = htons (port);
 		ctxt->controlFd = socket (AF_INET6, SOCK_STREAM, 0);
 	    }
 	    else {
-		memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
+		memcpy (&ctxt->ftpAddr, tmp->ai_addr,
+		tmp->ai_addrlen > sizeof(ctxt->ftpAddr) ? sizeof(ctxt->ftpAddr)
+							: tmp->ai_addrlen);
 		((struct sockaddr_in *) &ctxt->ftpAddr)->sin_port = htons (port);
 		ctxt->controlFd = socket (AF_INET, SOCK_STREAM, 0);
 	    }
-	    addrlen = tmp->ai_addrlen;
+	    addrlen = tmp->ai_addrlen > sizeof(ctxt->ftpAddr)
+				? sizeof(ctxt->ftpAddr)
+				: tmp->ai_addrlen;
 	    freeaddrinfo (result);
 	}
     }
diff -EburN libxml2-2.5.10.orig/nanohttp.c libxml2-2.5.10/nanohttp.c
--- libxml2-2.5.10.orig/nanohttp.c	2004-10-27 13:03:52.000000000 +0200
+++ libxml2-2.5.10/nanohttp.c	2004-10-27 13:32:16.000000000 +0200
@@ -995,7 +995,7 @@
 	struct addrinfo hints, *res, *result;
 
 	result = NULL;
-	memset (&hints, 0,sizeof(hints));
+	memset (&hints, 0, sizeof(hints));
 	hints.ai_socktype = SOCK_STREAM;
 
 	status = getaddrinfo (host, NULL, &hints, &result);
@@ -1010,12 +1010,16 @@
 	for (res = result; res; res = res->ai_next) {
 	    if (res->ai_family == AF_INET || res->ai_family == AF_INET6) {
 		if (res->ai_family == AF_INET6) {
-		    memcpy (&sockin6, res->ai_addr, res->ai_addrlen);
+		    memcpy (&sockin6, res->ai_addr,
+			res->ai_addrlen > sizeof(sockin6) ?
+			sizeof(sockin6) : res->ai_addrlen);
 		    sockin6.sin6_port = htons (port);
 		    addr = (struct sockaddr *)&sockin6;
 		}
 		else {
-		    memcpy (&sockin, res->ai_addr, res->ai_addrlen);
+		    memcpy (&sockin, res->ai_addr,
+			res->ai_addrlen > sizeof(sockin) ?
+			sizeof(sockin) : res->ai_addrlen);
 		    sockin.sin_port = htons (port);
 		    addr = (struct sockaddr *)&sockin;
 		}
@@ -1083,7 +1087,8 @@
 	for (i = 0; h->h_addr_list[i]; i++) {
 	    if (h->h_addrtype == AF_INET) {
 		/* A records (IPv4) */
-		memcpy (&ia, h->h_addr_list[i], h->h_length);
+		memcpy (&ia, h->h_addr_list[i], h->h_length > sizeof(ia) ?
+		sizeof(ia) : h->h_length);
 		sockin.sin_family = h->h_addrtype;
 		sockin.sin_addr = ia;
 		sockin.sin_port = htons (port);
@@ -1091,7 +1096,8 @@
 #ifdef SUPPORT_IP6
 	    } else if (have_ipv6 () && (h->h_addrtype == AF_INET6)) {
 		/* AAAA records (IPv6) */
-		memcpy (&ia6, h->h_addr_list[i], h->h_length);
+		memcpy (&ia6, h->h_addr_list[i], h->h_length > sizeof(ia6) ?
+		sizeof(ia6) : h->h_length);
 		sockin6.sin6_family = h->h_addrtype;
 		sockin6.sin6_addr = ia6;
 		sockin6.sin6_port = htons (port);