Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1

To: gnats-bugs%netbsd.org@localhost, pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
From: Adrian Immanuel Kieß <adrian%kiess.onl@localhost>
Date: Sun, 24 Jan 2021 09:41:11 +0100

Dear Maintainer,

I have sent the patch as attachment to my last e-mail for this
particular issue.

Since the attachment got encoded, I insert an URL to the patch and
paste the patch here in this e-mail.

With this patch, Webalizer won't suffer from the bug, I described in
the first e-mail, which describes the bug itself.

URL to the patch for the preserve.c from Webalizer:

https://www3.aik.onl/guests/adrian/tmp/pkgsrc-webalizer-preserve.c.diff.txt

The patch for preserve.c as plaintext:

--- preserve.c.orig	2021-01-06 10:31:49.653319696 +0100
+++ preserve.c.new	2021-01-06 11:41:49.268647137 +0100
@@ -109,7 +109,13 @@ void get_history()
                         yr = hist[i].year;
                         mth= hist[i].month+1;
                         if (mth>12) { mth=1; yr++; }
-                        memcpy(&hist[0], &hist[1], sizeof(hist[0])*i);
+		                    
+								
				/**
+								
				* memcpy of overlapping arguments is undefined
behaviour -- change to memmove
+								
				*
+                        * memcpy(&hist[0], &hist[1],
sizeof(hist[0])*i);
+								       
*/
+                        memmove(&hist[0], &hist[1],
sizeof(hist[0])*i);
                         memset(&hist[i], 0, sizeof(struct hist_rec));
                         hist[i].year=yr; hist[i].month=mth; n--;
                     }
@@ -277,7 +283,12 @@ void update_history()
                   yr = hist[i].year;
                   mth= hist[i].month+1;
                   if (mth>12) { mth=1; yr++; }
-                  memcpy(&hist[0],&hist[1],sizeof(hist[0])*i);
+                  /** 
+								
	 * memcpy of overlapping arguments is undefined behaviour -- change to
memmove
+								
	 *
+								
	 * memcpy(&hist[0],&hist[1],sizeof(hist[0])*i);
+								
	 **/
+								
	memmove(&hist[0],&hist[1],sizeof(hist[0])*i);
                   memset(&hist[i], 0, sizeof(struct hist_rec));
                   hist[i].year=yr; hist[i].month=mth; n--;
                }

Thank you very much for your kind attention.

Sincerely,

Adrian Kiess

Le jeudi 26 novembre 2020 à 15:25 +0000, Benny Siegert a écrit :
> The following reply was made to PR pkg/55809; it has been noted by
> GNATS.
> 
> From: Benny Siegert <bsiegert%gmail.com@localhost>
> To: gnats-bugs%netbsd.org@localhost
> Cc: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
> pkgsrc-bugs%netbsd.org@localhost
> Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD
> 9.1
> Date: Thu, 26 Nov 2020 16:21:49 +0100
> 
>  Yes, this indicates a buffer overflow, which is a security issue.
> This
>  is something that you should report upstream.
>  
>  That said, the pkgsrc package is an older version, and version 2.23-
> 08
>  (released in 2013!) says in the release notes that it fixes a buffer
>  overflow.
>

References:
- Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
  - From: Benny Siegert

Prev by Date: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Next by Date: Re: pkg/55949 (The Profanity XMPP/Jabber client has wrong certpath set for default)
Previous by Thread: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Next by Thread: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Indexes:

Home | Main Index | Thread Index | Old Index