pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/pkgtools/pkg_select



Module Name:    pkgsrc
Committed By:   maya
Date:           Fri Dec 29 17:55:13 UTC 2017

Modified Files:
        pkgsrc/pkgtools/pkg_select: Makefile distinfo
Added Files:
        pkgsrc/pkgtools/pkg_select/patches: patch-file.c patch-tools.h

Log Message:
pkg_select: fix buffer overflow

expanding the macro with ++len for size meant our memset to zero was
one bigger than the above allocated size.

while here simplify the problematic macro - malloc+memset zero is calloc.

bump pkgrevision


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/pkgtools/pkg_select/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/pkgtools/pkg_select/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/pkgtools/pkg_select/patches/patch-file.c \
    pkgsrc/pkgtools/pkg_select/patches/patch-tools.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/pkgtools/pkg_select/Makefile
diff -u pkgsrc/pkgtools/pkg_select/Makefile:1.25 pkgsrc/pkgtools/pkg_select/Makefile:1.26
--- pkgsrc/pkgtools/pkg_select/Makefile:1.25    Fri Dec 29 11:59:13 2017
+++ pkgsrc/pkgtools/pkg_select/Makefile Fri Dec 29 17:55:13 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2017/12/29 11:59:13 plunky Exp $
+# $NetBSD: Makefile,v 1.26 2017/12/29 17:55:13 maya Exp $
 #
 
 DISTNAME=      pkg_select-20090308
-PKGREVISION=   7
+PKGREVISION=   8
 CATEGORIES=    pkgtools
 MASTER_SITES=  ftp://ftp.NetBSD.org/pub/NetBSD/misc/imil/
 

Index: pkgsrc/pkgtools/pkg_select/distinfo
diff -u pkgsrc/pkgtools/pkg_select/distinfo:1.11 pkgsrc/pkgtools/pkg_select/distinfo:1.12
--- pkgsrc/pkgtools/pkg_select/distinfo:1.11    Fri Dec 29 11:59:13 2017
+++ pkgsrc/pkgtools/pkg_select/distinfo Fri Dec 29 17:55:13 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2017/12/29 11:59:13 plunky Exp $
+$NetBSD: distinfo,v 1.12 2017/12/29 17:55:13 maya Exp $
 
 SHA1 (pkg_select-20090308.tar.gz) = f4a4f40927631d16ee563671ce98e69843382c93
 RMD160 (pkg_select-20090308.tar.gz) = d265f8e18ee4500e2ac34ba2d105acff28cc7e91
@@ -6,9 +6,11 @@ SHA512 (pkg_select-20090308.tar.gz) = 77
 Size (pkg_select-20090308.tar.gz) = 54637 bytes
 SHA1 (patch-curses__helpers.c) = fa30914f4a9b147c433fcb32249d2b773a5e2604
 SHA1 (patch-extern.h) = e1248f7180a76ec8f623719037cf5306b8de573b
+SHA1 (patch-file.c) = ad32f135386b8c4be140305ccade97f6220f168d
 SHA1 (patch-install__many.c) = 24a39faaab697a84103311f0fc28c2670e201bbe
 SHA1 (patch-listmgt.c) = d27477fd0ce46a9c8ad6a86818dd9f018557459a
 SHA1 (patch-live.c) = b821986e8da22cd53b6c95975cd36abafbeda453
 SHA1 (patch-more.c) = 0a8c4440a085edfae7f8f4832cdbb7878e3bf85b
 SHA1 (patch-pkg__info.c) = d6c1f93461c91cfe44a9659d7197406c9c47d890
 SHA1 (patch-pkgsrc.c) = df0b6c9633e75bc784ec34e88ec4201426d66464
+SHA1 (patch-tools.h) = add83ba82a5aa96c0805348e767bc0fffc2f9e0b

Added files:

Index: pkgsrc/pkgtools/pkg_select/patches/patch-file.c
diff -u /dev/null pkgsrc/pkgtools/pkg_select/patches/patch-file.c:1.1
--- /dev/null   Fri Dec 29 17:55:13 2017
+++ pkgsrc/pkgtools/pkg_select/patches/patch-file.c     Fri Dec 29 17:55:13 2017
@@ -0,0 +1,17 @@
+$NetBSD: patch-file.c,v 1.1 2017/12/29 17:55:13 maya Exp $
+
+Avoid buffer overflow from magical side effecting macro expansion
+
+--- file.c.orig        2009-03-08 14:25:53.000000000 +0000
++++ file.c
+@@ -156,7 +156,9 @@ loadfile(const char *path)
+       if (len == 0)
+               return(NULL);
+ 
+-      XMALLOC(lfile, ++len * sizeof(char *));
++      ++len;
++
++      XMALLOC(lfile, len * sizeof(char *));
+ 
+       for (i = 0; i < len; i++)
+               lfile[i] = NULL;
Index: pkgsrc/pkgtools/pkg_select/patches/patch-tools.h
diff -u /dev/null pkgsrc/pkgtools/pkg_select/patches/patch-tools.h:1.1
--- /dev/null   Fri Dec 29 17:55:13 2017
+++ pkgsrc/pkgtools/pkg_select/patches/patch-tools.h    Fri Dec 29 17:55:13 2017
@@ -0,0 +1,18 @@
+$NetBSD: patch-tools.h,v 1.1 2017/12/29 17:55:13 maya Exp $
+
+malloc+memset to calloc
+
+--- tools.h.orig       2009-03-08 14:25:53.000000000 +0000
++++ tools.h
+@@ -74,10 +74,9 @@
+ 
+ #define XMALLOC(elm, size)                                            \
+       do {                                                            \
+-              elm = malloc(size);                                     \
++              elm = calloc(1, size);                                  \
+               if (elm == NULL)                                        \
+                       err(1, "can't allocate memory\n");              \
+-              memset(elm, 0, size);                                   \
+       } while (/* CONSTCOND */ 0)
+ 
+ #define XSTRDUP(dest, src)                                            \



Home | Main Index | Thread Index | Old Index