Fri Dec 29 17:55:13 2017 UTC ()

pkg_select: fix buffer overflow

expanding the macro with ++len for size meant our memset to zero was
one bigger than the above allocated size.

while here simplify the problematic macro - malloc+memset zero is calloc.

bump pkgrevision


(maya)

diff -r1.25 -r1.26 pkgsrc/pkgtools/pkg_select/Makefile
diff -r1.11 -r1.12 pkgsrc/pkgtools/pkg_select/distinfo
diff -r0 -r1.1 pkgsrc/pkgtools/pkg_select/patches/patch-file.c
diff -r0 -r1.1 pkgsrc/pkgtools/pkg_select/patches/patch-tools.h

--- pkgsrc/pkgtools/pkg_select/Makefile 2017/12/29 11:59:13 1.25
+++ pkgsrc/pkgtools/pkg_select/Makefile 2017/12/29 17:55:13 1.26

 @@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.25 2017/12/29 11:59:13 plunky Exp $
+# $NetBSD: Makefile,v 1.26 2017/12/29 17:55:13 maya Exp $
+#
 DISTNAME=	pkg_select-20090308
-PKGREVISION=	7
+PKGREVISION=	8
 CATEGORIES=	pkgtools
 MASTER_SITES=	ftp://ftp.NetBSD.org/pub/NetBSD/misc/imil/
 MAINTAINER=	imil@gcu.info
 COMMENT=	Curses based pkgsrc system browser / manager
 LICENSE=	original-bsd
 USE_FEATURES=		cdefs
 INSTALLATION_DIRS=	bin ${PKGMANDIR}/man1
 INSTALLATION_DIRS+=	${EXAMPLEDIR} share/pkg_select
 EXAMPLEDIR=	${PREFIX}/share/examples/${PKGBASE}

--- pkgsrc/pkgtools/pkg_select/distinfo 2017/12/29 11:59:13 1.11
+++ pkgsrc/pkgtools/pkg_select/distinfo 2017/12/29 17:55:13 1.12

 @@ -1,14 +1,16 @@
-$NetBSD: distinfo,v 1.11 2017/12/29 11:59:13 plunky Exp $
+$NetBSD: distinfo,v 1.12 2017/12/29 17:55:13 maya Exp $
 SHA1 (pkg_select-20090308.tar.gz) = f4a4f40927631d16ee563671ce98e69843382c93
 RMD160 (pkg_select-20090308.tar.gz) = d265f8e18ee4500e2ac34ba2d105acff28cc7e91
 SHA512 (pkg_select-20090308.tar.gz) = 77ebda4cb6032d980682b7c4c9745982cd49d1683476fa8e16e345385651150576b252c0a4c1a6318e263c11ebc13bffa04393687db914011dfafe52d651125c
 Size (pkg_select-20090308.tar.gz) = 54637 bytes
 SHA1 (patch-curses__helpers.c) = fa30914f4a9b147c433fcb32249d2b773a5e2604
 SHA1 (patch-extern.h) = e1248f7180a76ec8f623719037cf5306b8de573b
 SHA1 (patch-file.c) = ad32f135386b8c4be140305ccade97f6220f168d
 SHA1 (patch-install__many.c) = 24a39faaab697a84103311f0fc28c2670e201bbe
 SHA1 (patch-listmgt.c) = d27477fd0ce46a9c8ad6a86818dd9f018557459a
 SHA1 (patch-live.c) = b821986e8da22cd53b6c95975cd36abafbeda453
 SHA1 (patch-more.c) = 0a8c4440a085edfae7f8f4832cdbb7878e3bf85b
 SHA1 (patch-pkg__info.c) = d6c1f93461c91cfe44a9659d7197406c9c47d890
 SHA1 (patch-pkgsrc.c) = df0b6c9633e75bc784ec34e88ec4201426d66464
 SHA1 (patch-tools.h) = add83ba82a5aa96c0805348e767bc0fffc2f9e0b

$NetBSD: patch-file.c,v 1.1 2017/12/29 17:55:13 maya Exp $

Avoid buffer overflow from magical side effecting macro expansion

--- file.c.orig	2009-03-08 14:25:53.000000000 +0000
+++ file.c
@@ -156,7 +156,9 @@ loadfile(const char *path)
 	if (len == 0)
 		return(NULL);
 
-	XMALLOC(lfile, ++len * sizeof(char *));
+	++len;
+
+	XMALLOC(lfile, len * sizeof(char *));
 
 	for (i = 0; i < len; i++)
 		lfile[i] = NULL;

$NetBSD: patch-tools.h,v 1.1 2017/12/29 17:55:13 maya Exp $

malloc+memset to calloc

--- tools.h.orig	2009-03-08 14:25:53.000000000 +0000
+++ tools.h
@@ -74,10 +74,9 @@
 
 #define XMALLOC(elm, size)						\
 	do {								\
-		elm = malloc(size);					\
+		elm = calloc(1, size);					\
 		if (elm == NULL)					\
 			err(1, "can't allocate memory\n");		\
-		memset(elm, 0, size);					\
 	} while (/* CONSTCOND */ 0)
 
 #define XSTRDUP(dest, src)						\