[pkgsrc/trunk]: pkgsrc/sysutils Avoid re-closing a udev that already was clos...

[mrg <mrg%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/52cfa948bd2d
branches:  trunk
changeset: 388680:52cfa948bd2d
user:      mrg <mrg%pkgsrc.org@localhost>
date:      Fri Nov 25 07:45:03 2022 +0000

description:
Avoid re-closing a udev that already was closed.  Avoids a double-close
that triggers a SEGV in a list-delete operation.

This may actually be the real bug for this code in libusb1.c:

static int nut_libusb_open(libusb_device_handle **udevp,
[ ... ]
#ifndef __linux__ /* SUN_LIBUSB (confirmed to work on Solaris and FreeBSD) */
       /* Causes a double free corruption in linux if device is detached! */

as the same double-free list issue occurs here.

diffstat:

 sysutils/ups-nut-usb/Makefile                       |   4 +-
 sysutils/ups-nut/distinfo                           |   3 +-
 sysutils/ups-nut/patches/patch-drivers_usbhid-ups.c |  37 +++++++++++++++++++++
 3 files changed, 41 insertions(+), 3 deletions(-)

diffs (67 lines):

diff -r e1abd91b1519 -r 52cfa948bd2d sysutils/ups-nut-usb/Makefile
--- a/sysutils/ups-nut-usb/Makefile     Thu Nov 24 21:51:11 2022 +0000
+++ b/sysutils/ups-nut-usb/Makefile     Fri Nov 25 07:45:03 2022 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.15 2022/06/28 11:36:06 wiz Exp $
+# $NetBSD: Makefile,v 1.16 2022/11/25 07:45:04 mrg Exp $
 
-PKGREVISION= 1
+PKGREVISION= 2
 .include "../../sysutils/ups-nut/Makefile.common"
 
 PKGNAME=               ${DISTNAME:S/nut/ups-nut-usb/}
diff -r e1abd91b1519 -r 52cfa948bd2d sysutils/ups-nut/distinfo
--- a/sysutils/ups-nut/distinfo Thu Nov 24 21:51:11 2022 +0000
+++ b/sysutils/ups-nut/distinfo Fri Nov 25 07:45:03 2022 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.38 2022/04/26 23:28:25 gdt Exp $
+$NetBSD: distinfo,v 1.39 2022/11/25 07:45:03 mrg Exp $
 
 BLAKE2s (nut-2.8.0.tar.gz) = 244e154d951f4a1d08172e162826fdb4082c3e0a033a426040adc2b9a420feca
 SHA512 (nut-2.8.0.tar.gz) = 3c413ae54088045a713eb80cf1bdda474f41bb3b67c7c0248aa7a0c4d441dce1ff42627a2735273d7e36892d1f2eeb895220cf28af63fec2fa0c7a267f82d577
@@ -8,3 +8,4 @@
 SHA1 (patch-drivers_libhid.c) = 8b4f773d9b32e4c43f7045a4a83854382b08cb5b
 SHA1 (patch-drivers_libusb0.c) = 71719f12cd8a8efd93d07b6b2d50d8334df7daab
 SHA1 (patch-drivers_libusb1.c) = 58d8ffe9507399802ad885c2e2627641978e5438
+SHA1 (patch-drivers_usbhid-ups.c) = bb5cbdca45606152ea0bd5b94cf6955c0d839936
diff -r e1abd91b1519 -r 52cfa948bd2d sysutils/ups-nut/patches/patch-drivers_usbhid-ups.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/ups-nut/patches/patch-drivers_usbhid-ups.c       Fri Nov 25 07:45:03 2022 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-drivers_usbhid-ups.c,v 1.1 2022/11/25 07:45:03 mrg Exp $
+
+Avoid re-closing a udev that already was closed.  Avoids a double-close
+that triggers a SEGV in a list-delete operation.
+
+This may actually be the real bug for this code in libusb1.c:
+
+static int nut_libusb_open(libusb_device_handle **udevp,
+[ ... ]
+#ifndef __linux__ /* SUN_LIBUSB (confirmed to work on Solaris and FreeBSD) */
+       /* Causes a double free corruption in linux if device is detached! */
+
+as the same double-free list issue occurs here.
+
+
+--- drivers/usbhid-ups.c.orig  2022-04-26 17:03:31.000000000 -0500
++++ drivers/usbhid-ups.c       2022-11-25 01:36:52.595626560 -0600
+@@ -1147,6 +1147,7 @@
+       upsdebugx(1, "upsdrv_cleanup...");
+ 
+       comm_driver->close(udev);
++      udev = NULL;
+       Free_ReportDesc(pDesc);
+       free_report_buffer(reportbuf);
+ #ifndef SHUT_MODE
+@@ -1570,8 +1571,10 @@
+       upsdebugx(4, "==================================================");
+ 
+       /* Try to close the previous handle */
+-      if (udev)
++      if (udev) {
+               comm_driver->close(udev);
++              udev = NULL;
++      }
+ 
+       ret = comm_driver->open(&udev, &curDevice, subdriver_matcher, NULL);
+