pkg_select: fix buffer overflow expanding the macro with ++len for size meant our memset to zero was one bigger than the above allocated size. while here simplify the problematic macro - malloc+memset zero is calloc. bump pkgrevisiondiff -r1.25 -r1.26 pkgsrc/pkgtools/pkg_select/Makefile
(maya)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.25 2017/12/29 11:59:13 plunky Exp $ | 1 | # $NetBSD: Makefile,v 1.26 2017/12/29 17:55:13 maya Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= pkg_select-20090308 | 4 | DISTNAME= pkg_select-20090308 | |
5 | PKGREVISION= 7 | 5 | PKGREVISION= 8 | |
6 | CATEGORIES= pkgtools | 6 | CATEGORIES= pkgtools | |
7 | MASTER_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/misc/imil/ | 7 | MASTER_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/misc/imil/ | |
8 | 8 | |||
9 | MAINTAINER= imil@gcu.info | 9 | MAINTAINER= imil@gcu.info | |
10 | COMMENT= Curses based pkgsrc system browser / manager | 10 | COMMENT= Curses based pkgsrc system browser / manager | |
11 | LICENSE= original-bsd | 11 | LICENSE= original-bsd | |
12 | 12 | |||
13 | USE_FEATURES= cdefs | 13 | USE_FEATURES= cdefs | |
14 | 14 | |||
15 | INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 | 15 | INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 | |
16 | INSTALLATION_DIRS+= ${EXAMPLEDIR} share/pkg_select | 16 | INSTALLATION_DIRS+= ${EXAMPLEDIR} share/pkg_select | |
17 | 17 | |||
18 | EXAMPLEDIR= ${PREFIX}/share/examples/${PKGBASE} | 18 | EXAMPLEDIR= ${PREFIX}/share/examples/${PKGBASE} |
@@ -1,14 +1,16 @@ | @@ -1,14 +1,16 @@ | |||
1 | $NetBSD: distinfo,v 1.11 2017/12/29 11:59:13 plunky Exp $ | 1 | $NetBSD: distinfo,v 1.12 2017/12/29 17:55:13 maya Exp $ | |
2 | 2 | |||
3 | SHA1 (pkg_select-20090308.tar.gz) = f4a4f40927631d16ee563671ce98e69843382c93 | 3 | SHA1 (pkg_select-20090308.tar.gz) = f4a4f40927631d16ee563671ce98e69843382c93 | |
4 | RMD160 (pkg_select-20090308.tar.gz) = d265f8e18ee4500e2ac34ba2d105acff28cc7e91 | 4 | RMD160 (pkg_select-20090308.tar.gz) = d265f8e18ee4500e2ac34ba2d105acff28cc7e91 | |
5 | SHA512 (pkg_select-20090308.tar.gz) = 77ebda4cb6032d980682b7c4c9745982cd49d1683476fa8e16e345385651150576b252c0a4c1a6318e263c11ebc13bffa04393687db914011dfafe52d651125c | 5 | SHA512 (pkg_select-20090308.tar.gz) = 77ebda4cb6032d980682b7c4c9745982cd49d1683476fa8e16e345385651150576b252c0a4c1a6318e263c11ebc13bffa04393687db914011dfafe52d651125c | |
6 | Size (pkg_select-20090308.tar.gz) = 54637 bytes | 6 | Size (pkg_select-20090308.tar.gz) = 54637 bytes | |
7 | SHA1 (patch-curses__helpers.c) = fa30914f4a9b147c433fcb32249d2b773a5e2604 | 7 | SHA1 (patch-curses__helpers.c) = fa30914f4a9b147c433fcb32249d2b773a5e2604 | |
8 | SHA1 (patch-extern.h) = e1248f7180a76ec8f623719037cf5306b8de573b | 8 | SHA1 (patch-extern.h) = e1248f7180a76ec8f623719037cf5306b8de573b | |
9 | SHA1 (patch-file.c) = ad32f135386b8c4be140305ccade97f6220f168d | |||
9 | SHA1 (patch-install__many.c) = 24a39faaab697a84103311f0fc28c2670e201bbe | 10 | SHA1 (patch-install__many.c) = 24a39faaab697a84103311f0fc28c2670e201bbe | |
10 | SHA1 (patch-listmgt.c) = d27477fd0ce46a9c8ad6a86818dd9f018557459a | 11 | SHA1 (patch-listmgt.c) = d27477fd0ce46a9c8ad6a86818dd9f018557459a | |
11 | SHA1 (patch-live.c) = b821986e8da22cd53b6c95975cd36abafbeda453 | 12 | SHA1 (patch-live.c) = b821986e8da22cd53b6c95975cd36abafbeda453 | |
12 | SHA1 (patch-more.c) = 0a8c4440a085edfae7f8f4832cdbb7878e3bf85b | 13 | SHA1 (patch-more.c) = 0a8c4440a085edfae7f8f4832cdbb7878e3bf85b | |
13 | SHA1 (patch-pkg__info.c) = d6c1f93461c91cfe44a9659d7197406c9c47d890 | 14 | SHA1 (patch-pkg__info.c) = d6c1f93461c91cfe44a9659d7197406c9c47d890 | |
14 | SHA1 (patch-pkgsrc.c) = df0b6c9633e75bc784ec34e88ec4201426d66464 | 15 | SHA1 (patch-pkgsrc.c) = df0b6c9633e75bc784ec34e88ec4201426d66464 | |
16 | SHA1 (patch-tools.h) = add83ba82a5aa96c0805348e767bc0fffc2f9e0b |
$NetBSD: patch-file.c,v 1.1 2017/12/29 17:55:13 maya Exp $
Avoid buffer overflow from magical side effecting macro expansion
--- file.c.orig 2009-03-08 14:25:53.000000000 +0000
+++ file.c
@@ -156,7 +156,9 @@ loadfile(const char *path)
if (len == 0)
return(NULL);
- XMALLOC(lfile, ++len * sizeof(char *));
+ ++len;
+
+ XMALLOC(lfile, len * sizeof(char *));
for (i = 0; i < len; i++)
lfile[i] = NULL;
$NetBSD: patch-tools.h,v 1.1 2017/12/29 17:55:13 maya Exp $
malloc+memset to calloc
--- tools.h.orig 2009-03-08 14:25:53.000000000 +0000
+++ tools.h
@@ -74,10 +74,9 @@
#define XMALLOC(elm, size) \
do { \
- elm = malloc(size); \
+ elm = calloc(1, size); \
if (elm == NULL) \
err(1, "can't allocate memory\n"); \
- memset(elm, 0, size); \
} while (/* CONSTCOND */ 0)
#define XSTRDUP(dest, src) \