aboutsummaryrefslogtreecommitdiffstats
path: root/irc
diff options
context:
space:
mode:
authorswills <swills@FreeBSD.org>2012-02-26 05:16:22 +0800
committerswills <swills@FreeBSD.org>2012-02-26 05:16:22 +0800
commit690f5f63cf999aaf5d0d4da502e21429bde65766 (patch)
treed139abf3606d2a63b21bea542813558482fef18c /irc
parent3adfd585bbc2b273a9a4313cd38542614f12ee71 (diff)
downloadfreebsd-ports-gnome-690f5f63cf999aaf5d0d4da502e21429bde65766.tar.gz
freebsd-ports-gnome-690f5f63cf999aaf5d0d4da502e21429bde65766.tar.zst
freebsd-ports-gnome-690f5f63cf999aaf5d0d4da502e21429bde65766.zip
- Add patch to fix CVE-2012-0806
PR: ports/164719 Submitted by: swills (myself) Approved by: maintainer timeout (sylvio, > 3 weeks)
Diffstat (limited to 'irc')
-rw-r--r--irc/bip/Makefile3
-rw-r--r--irc/bip/files/patch-bip-269139
2 files changed, 142 insertions, 0 deletions
diff --git a/irc/bip/Makefile b/irc/bip/Makefile
index 583c052cf902..a7f723e308cd 100644
--- a/irc/bip/Makefile
+++ b/irc/bip/Makefile
@@ -7,6 +7,7 @@
PORTNAME= bip
PORTVERSION= 0.8.8
+PORTREVISION= 1
CATEGORIES= irc
MASTER_SITES= https://projects.duckcorp.org/attachments/download/39/
@@ -14,6 +15,7 @@ MAINTAINER= sylvio@FreeBSD.org
COMMENT= A simple IRC proxy with SSL support
LICENSE= GPLv2
+
GNU_CONFIGURE= yes
LDFLAGS+= -L${LOCALBASE}/lib
USE_GMAKE= yes
@@ -21,6 +23,7 @@ INSTALL_TARGET= SUBDIR=src install-exec
USE_OPENSSL= yes
+PATCH_STRIP= -p1
PLIST_FILES= bin/bip bin/bipmkpw
SUB_FILES= pkg-message
MAN1= bip.1 bipmkpw.1
diff --git a/irc/bip/files/patch-bip-269 b/irc/bip/files/patch-bip-269
new file mode 100644
index 000000000000..053583dd4174
--- /dev/null
+++ b/irc/bip/files/patch-bip-269
@@ -0,0 +1,139 @@
+commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c
+Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
+Date: Sat Jan 7 11:41:02 2012 +0100
+
+ Buffer Overflow: check against the implicit size of select() arrays
+
+ Reported by Julien Tinnes (Fix #269)
+ exit is called when the listening socket can not be created
+
+diff --git a/src/bip.c b/src/bip.c
+index d46ee2b..b4ac706 100644
+--- a/src/bip.c
++++ b/src/bip.c
+@@ -1311,7 +1311,7 @@ int main(int argc, char **argv)
+ close(fd);
+
+ bip.listener = listen_new(conf_ip, conf_port, conf_css);
+- if (!bip.listener)
++ if (!bip.listener || bip.listener->connected == CONN_ERROR)
+ fatal("Could not create listening socket");
+
+ for (;;) {
+commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c
+Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
+Date: Sat Jan 7 11:41:02 2012 +0100
+
+ Buffer Overflow: check against the implicit size of select() arrays
+
+ Reported by Julien Tinnes (Fix #269)
+ exit is called when the listening socket can not be created
+
+diff --git a/src/connection.c b/src/connection.c
+index 07ab431..5c4c24a 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -124,6 +124,18 @@ static void connect_trynext(connection_t *cn)
+ continue;
+ }
+
++ if (cn->handle >= FD_SETSIZE) {
++ mylog(LOG_WARN, "too many fd used, close socket %d",
++ cn->handle);
++
++ if (close(cn->handle) == -1)
++ mylog(LOG_WARN, "Error on socket close: %s",
++ strerror(errno));
++
++ cn->handle = -1;
++ break;
++ }
++
+ socket_set_nonblock(cn->handle);
+
+ if (cn->connecting_data->src) {
+@@ -789,13 +801,8 @@ list_t *wait_event(list_t *cn_list, int *msec, int *nc)
+ /*
+ * This shouldn't happen ! just in case...
+ */
+- if (cn->handle < 0) {
+- mylog(LOG_WARN, "wait_event invalid socket %d",
+- cn->handle);
+- if (cn_is_connected(cn))
+- cn->connected = CONN_ERROR;
+- continue;
+- }
++ if (cn->handle < 0 || cn->handle >= FD_SETSIZE)
++ fatal("wait_event invalid socket %d", cn->handle);
+
+ /* exceptions are OOB and disconnections */
+ FD_SET(cn->handle, &fds_except);
+@@ -966,6 +973,18 @@ static void create_listening_socket(char *hostname, char *port,
+ continue;
+ }
+
++ if (cn->handle >= FD_SETSIZE) {
++ mylog(LOG_WARN, "too many fd used, close listening socket %d",
++ cn->handle);
++
++ if (close(cn->handle) == -1)
++ mylog(LOG_WARN, "Error on socket close: %s",
++ strerror(errno));
++
++ cn->handle = -1;
++ break;
++ }
++
+ if (setsockopt(cn->handle, SOL_SOCKET, SO_REUSEADDR,
+ (char *)&multi_client,
+ sizeof(multi_client)) < 0) {
+@@ -1113,10 +1132,21 @@ connection_t *accept_new(connection_t *cn)
+
+ mylog(LOG_DEBUG, "Trying to accept new client on %d", cn->handle);
+ err = accept(cn->handle, &sa, &sa_len);
++
+ if (err < 0) {
+- mylog(LOG_ERROR, "accept failed: %s", strerror(errno));
++ fatal("accept failed: %s", strerror(errno));
++ }
++
++ if (err >= FD_SETSIZE) {
++ mylog(LOG_WARN, "too many client connected, close %d", err);
++
++ if (close(err) == -1)
++ mylog(LOG_WARN, "Error on socket close: %s",
++ strerror(errno));
++
+ return NULL;
+ }
++
+ socket_set_nonblock(err);
+
+ conn = connection_init(cn->anti_flood, cn->ssl, cn->timeout, 0);
+commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c
+Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
+Date: Sat Jan 7 11:41:02 2012 +0100
+
+ Buffer Overflow: check against the implicit size of select() arrays
+
+ Reported by Julien Tinnes (Fix #269)
+ exit is called when the listening socket can not be created
+
+diff --git a/src/irc.c b/src/irc.c
+index ebc1b34..147a315 100644
+--- a/src/irc.c
++++ b/src/irc.c
+@@ -2439,9 +2439,10 @@ void bip_on_event(bip_t *bip, connection_t *conn)
+
+ if (conn == bip->listener) {
+ struct link_client *n = irc_accept_new(conn);
+- assert(n);
+- list_add_last(&bip->conn_list, CONN(n));
+- list_add_last(&bip->connecting_client_list, n);
++ if (n) {
++ list_add_last(&bip->conn_list, CONN(n));
++ list_add_last(&bip->connecting_client_list, n);
++ }
+ return;
+ }
+