Wed Nov 17 22:24:41 2010 UTC ()
Fix decoding of message/partial. Explanation:
mpack-1.6 introduced more security on Unix-like systems by creating
and using a helper function, os_createnewfile, that uses O_CREAT|O_EXCL.
Unfortunately, it also uses it to write the total number of parts
temporary file, which fails if more than one part contains the
total number (as mpack creates them!)
The new code compares old and new totals, if both exist, and only
writes the new total, if the old didn't exist. Problem solved and
one sanity check more at the same time.
(is)
diff -r1.20 -r1.21 pkgsrc/converters/mpack/Makefile
diff -r1.11 -r1.12 pkgsrc/converters/mpack/distinfo
diff -r0 -r1.1 pkgsrc/converters/mpack/patches/patch-ag
--- pkgsrc/converters/mpack/Makefile 2010/04/20 10:26:40 1.20
+++ pkgsrc/converters/mpack/Makefile 2010/11/17 22:24:40 1.21
| @@ -1,15 +1,15 @@ | | | @@ -1,15 +1,15 @@ |
| 1 | # $NetBSD: Makefile,v 1.20 2010/04/20 10:26:40 is Exp $ | | 1 | # $NetBSD: Makefile,v 1.21 2010/11/17 22:24:40 is Exp $ |
| 2 | | | 2 | |
| 3 | DISTNAME= mpack-1.6 | | 3 | DISTNAME= mpack-1.6 |
| 4 | PKGREVISION= 1 | | 4 | PKGREVISION= 2 |
| 5 | CATEGORIES= converters mail news | | 5 | CATEGORIES= converters mail news |
| 6 | MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/mpack/ | | 6 | MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/mpack/ |
| 7 | | | 7 | |
| 8 | MAINTAINER= pkgsrc-users@NetBSD.org | | 8 | MAINTAINER= pkgsrc-users@NetBSD.org |
| 9 | COMMENT= External MIME packer/unpacker | | 9 | COMMENT= External MIME packer/unpacker |
| 10 | | | 10 | |
| 11 | PKG_DESTDIR_SUPPORT= user-destdir | | 11 | PKG_DESTDIR_SUPPORT= user-destdir |
| 12 | | | 12 | |
| 13 | GNU_CONFIGURE= yes | | 13 | GNU_CONFIGURE= yes |
| 14 | | | 14 | |
| 15 | .include "../../mk/bsd.pkg.mk" | | 15 | .include "../../mk/bsd.pkg.mk" |
--- pkgsrc/converters/mpack/distinfo 2010/06/15 04:18:04 1.11
+++ pkgsrc/converters/mpack/distinfo 2010/11/17 22:24:40 1.12
| @@ -1,10 +1,11 @@ | | | @@ -1,10 +1,11 @@ |
| 1 | $NetBSD: distinfo,v 1.11 2010/06/15 04:18:04 dholland Exp $ | | 1 | $NetBSD: distinfo,v 1.12 2010/11/17 22:24:40 is Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (mpack-1.6.tar.gz) = 7fd3a73e0f131412920b6ff34872e7e7fa03e03b | | 3 | SHA1 (mpack-1.6.tar.gz) = 7fd3a73e0f131412920b6ff34872e7e7fa03e03b |
| 4 | RMD160 (mpack-1.6.tar.gz) = a83330aa15437dc3ca6475cbf6e35b09ab9cef07 | | 4 | RMD160 (mpack-1.6.tar.gz) = a83330aa15437dc3ca6475cbf6e35b09ab9cef07 |
| 5 | Size (mpack-1.6.tar.gz) = 179850 bytes | | 5 | Size (mpack-1.6.tar.gz) = 179850 bytes |
| 6 | SHA1 (patch-ab) = a17706d20573b65bf21017096d4b2178c75dbacc | | 6 | SHA1 (patch-ab) = a17706d20573b65bf21017096d4b2178c75dbacc |
| 7 | SHA1 (patch-ac) = a69986a5c1b7659fac6df05f4db9a44df3110892 | | 7 | SHA1 (patch-ac) = a69986a5c1b7659fac6df05f4db9a44df3110892 |
| 8 | SHA1 (patch-ad) = 76f32d163021a81d73d8316f72b141ef3edf4f14 | | 8 | SHA1 (patch-ad) = 76f32d163021a81d73d8316f72b141ef3edf4f14 |
| 9 | SHA1 (patch-ae) = 7cbc232a310d0aa2c18b8f2fc3dba0a3fae311b8 | | 9 | SHA1 (patch-ae) = 7cbc232a310d0aa2c18b8f2fc3dba0a3fae311b8 |
| 10 | SHA1 (patch-af) = 2b38171d450ddbe1f9bb7a520d5e114a15afab9d | | 10 | SHA1 (patch-af) = 2b38171d450ddbe1f9bb7a520d5e114a15afab9d |
| | | 11 | SHA1 (patch-ag) = 9075ca42dd37e349284e5bb44bc15b740998a987 |
$NetBSD: patch-ag,v 1.1 2010/11/17 22:24:40 is Exp $
--- decode.c.orig 2003-07-21 20:47:54.000000000 +0000
+++ decode.c
@@ -25,6 +25,7 @@
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE. */
+#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <ctype.h>
@@ -601,7 +602,7 @@ int handlePartial(struct part *inpart, c
{
char *id, *dir, *p;
int thispart;
- int nparts = 0;
+ int nparts = 0, onparts=0;
char buf[1024];
FILE *partfile, *outfile;
struct part *outpart;
@@ -624,33 +625,44 @@ int handlePartial(struct part *inpart, c
}
thispart = atoi(p);
+ /* Try to retrieve number of parts from reassembly directory */
+ sprintf(buf, "%sCT", dir);
+ if (partfile = fopen(buf, "r")) {
+ if (fgets(buf, sizeof(buf), partfile)) {
+ onparts = atoi(buf);
+ if (onparts < 0) onparts = 0;
+ }
+ fclose(partfile);
+ }
+
if (p = getParam(contentParams, "total")) {
nparts = atoi(p);
if (nparts <= 0) {
warn("partial message has invalid number of parts");
goto ignore;
}
- /* Store number of parts in reassembly directory */
- sprintf(buf, "%sCT", dir);
- partfile = os_createnewfile(buf);
- if (!partfile) {
- os_perror(buf);
+ if (onparts && nparts && nparts != onparts) {
+ warn("messages disagree about total number of parts");
goto ignore;
}
- fprintf(partfile, "%d\n", nparts);
- fclose(partfile);
- }
- else {
- /* Try to retrieve number of parts from reassembly directory */
+
+ /* Store number of parts in reassembly directory */
sprintf(buf, "%sCT", dir);
- if (partfile = fopen(buf, "r")) {
- if (fgets(buf, sizeof(buf), partfile)) {
- nparts = atoi(buf);
- if (nparts < 0) nparts = 0;
+ partfile = fopen(buf, "w");
+ if (!partfile) {
+ if (errno != EEXIST) {
+ os_perror(buf);
+ goto ignore;
}
+ onparts = nparts;
+ } else {
+ fprintf(partfile, "%d\n", nparts);
fclose(partfile);
}
}
+ else {
+ nparts = onparts;
+ }
/* Sanity check */
if (thispart <= 0 || (nparts && thispart > nparts)) {