Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1

To: bsiegert%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost, adrian%kiess.onl@localhost
Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
From: Adrian Immanuel Kieß <adrian%kiess.onl@localhost>
Date: Sun, 24 Jan 2021 08:45:01 +0000 (UTC)

The following reply was made to PR pkg/55809; it has been noted by GNATS.

From: Adrian Immanuel =?ISO-8859-1?Q?Kie=DF?= <adrian%kiess.onl@localhost>
To: gnats-bugs%netbsd.org@localhost, pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, 
	pkgsrc-bugs%netbsd.org@localhost
Cc: 
Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Date: Sun, 24 Jan 2021 09:41:11 +0100

 Dear Maintainer,
 
 I have sent the patch as attachment to my last e-mail for this
 particular issue.
 
 Since the attachment got encoded, I insert an URL to the patch and
 paste the patch here in this e-mail.
 
 With this patch, Webalizer won't suffer from the bug, I described in
 the first e-mail, which describes the bug itself.
 
 URL to the patch for the preserve.c from Webalizer:
 
 https://www3.aik.onl/guests/adrian/tmp/pkgsrc-webalizer-preserve.c.diff.txt
 
 The patch for preserve.c as plaintext:
 
 --- preserve.c.orig	2021-01-06 10:31:49.653319696 +0100
 +++ preserve.c.new	2021-01-06 11:41:49.268647137 +0100
 @@ -109,7 +109,13 @@ void get_history()
                          yr = hist[i].year;
                          mth= hist[i].month+1;
                          if (mth>12) { mth=1; yr++; }
 -                        memcpy(&hist[0], &hist[1], sizeof(hist[0])*i);
 +		                    
 +								
 				/**
 +								
 				* memcpy of overlapping arguments is undefined
 behaviour -- change to memmove
 +								
 				*
 +                        * memcpy(&hist[0], &hist[1],
 sizeof(hist[0])*i);
 +								       
 */
 +                        memmove(&hist[0], &hist[1],
 sizeof(hist[0])*i);
                          memset(&hist[i], 0, sizeof(struct hist_rec));
                          hist[i].year=yr; hist[i].month=mth; n--;
                      }
 @@ -277,7 +283,12 @@ void update_history()
                    yr = hist[i].year;
                    mth= hist[i].month+1;
                    if (mth>12) { mth=1; yr++; }
 -                  memcpy(&hist[0],&hist[1],sizeof(hist[0])*i);
 +                  /** 
 +								
 	 * memcpy of overlapping arguments is undefined behaviour -- change to
 memmove
 +								
 	 *
 +								
 	 * memcpy(&hist[0],&hist[1],sizeof(hist[0])*i);
 +								
 	 **/
 +								
 	memmove(&hist[0],&hist[1],sizeof(hist[0])*i);
                    memset(&hist[i], 0, sizeof(struct hist_rec));
                    hist[i].year=yr; hist[i].month=mth; n--;
                 }
 
 Thank you very much for your kind attention.
 
 Sincerely,
 
 Adrian Kiess
 
 Le jeudi 26 novembre 2020 Ã  15:25 +0000, Benny Siegert a Ã©critÂ :
 > The following reply was made to PR pkg/55809; it has been noted by
 > GNATS.
 > 
 > From: Benny Siegert <bsiegert%gmail.com@localhost>
 > To: gnats-bugs%netbsd.org@localhost
 > Cc: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
 > pkgsrc-bugs%netbsd.org@localhost
 > Subject: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD
 > 9.1
 > Date: Thu, 26 Nov 2020 16:21:49 +0100
 > 
 > Â Yes, this indicates a buffer overflow, which is a security issue.
 > This
 > Â is something that you should report upstream.
 > Â 
 > Â That said, the pkgsrc package is an older version, and version 2.23-
 > 08
 > Â (released in 2013!) says in the release notes that it fixes a buffer
 > Â overflow.
 > Â

Prev by Date: Re: pkg/55952: Problems with /usr/pkg hardcoding in pkgsrc
Next by Date: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Previous by Thread: Re: pkg/55809: Webalizer seqfaults on NetBSD 9.0 and NetBSD 9.1
Next by Thread: pkg/55811: Merge php-embed patch to all lang/php packages
Indexes:

Home | Main Index | Thread Index | Old Index