diff options
author | swills <swills@FreeBSD.org> | 2012-02-26 05:16:22 +0800 |
---|---|---|
committer | swills <swills@FreeBSD.org> | 2012-02-26 05:16:22 +0800 |
commit | 690f5f63cf999aaf5d0d4da502e21429bde65766 (patch) | |
tree | d139abf3606d2a63b21bea542813558482fef18c /irc | |
parent | 3adfd585bbc2b273a9a4313cd38542614f12ee71 (diff) | |
download | freebsd-ports-gnome-690f5f63cf999aaf5d0d4da502e21429bde65766.tar.gz freebsd-ports-gnome-690f5f63cf999aaf5d0d4da502e21429bde65766.tar.zst freebsd-ports-gnome-690f5f63cf999aaf5d0d4da502e21429bde65766.zip |
- Add patch to fix CVE-2012-0806
PR: ports/164719
Submitted by: swills (myself)
Approved by: maintainer timeout (sylvio, > 3 weeks)
Diffstat (limited to 'irc')
-rw-r--r-- | irc/bip/Makefile | 3 | ||||
-rw-r--r-- | irc/bip/files/patch-bip-269 | 139 |
2 files changed, 142 insertions, 0 deletions
diff --git a/irc/bip/Makefile b/irc/bip/Makefile index 583c052cf902..a7f723e308cd 100644 --- a/irc/bip/Makefile +++ b/irc/bip/Makefile @@ -7,6 +7,7 @@ PORTNAME= bip PORTVERSION= 0.8.8 +PORTREVISION= 1 CATEGORIES= irc MASTER_SITES= https://projects.duckcorp.org/attachments/download/39/ @@ -14,6 +15,7 @@ MAINTAINER= sylvio@FreeBSD.org COMMENT= A simple IRC proxy with SSL support LICENSE= GPLv2 + GNU_CONFIGURE= yes LDFLAGS+= -L${LOCALBASE}/lib USE_GMAKE= yes @@ -21,6 +23,7 @@ INSTALL_TARGET= SUBDIR=src install-exec USE_OPENSSL= yes +PATCH_STRIP= -p1 PLIST_FILES= bin/bip bin/bipmkpw SUB_FILES= pkg-message MAN1= bip.1 bipmkpw.1 diff --git a/irc/bip/files/patch-bip-269 b/irc/bip/files/patch-bip-269 new file mode 100644 index 000000000000..053583dd4174 --- /dev/null +++ b/irc/bip/files/patch-bip-269 @@ -0,0 +1,139 @@ +commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c +Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr> +Date: Sat Jan 7 11:41:02 2012 +0100 + + Buffer Overflow: check against the implicit size of select() arrays + + Reported by Julien Tinnes (Fix #269) + exit is called when the listening socket can not be created + +diff --git a/src/bip.c b/src/bip.c +index d46ee2b..b4ac706 100644 +--- a/src/bip.c ++++ b/src/bip.c +@@ -1311,7 +1311,7 @@ int main(int argc, char **argv) + close(fd); + + bip.listener = listen_new(conf_ip, conf_port, conf_css); +- if (!bip.listener) ++ if (!bip.listener || bip.listener->connected == CONN_ERROR) + fatal("Could not create listening socket"); + + for (;;) { +commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c +Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr> +Date: Sat Jan 7 11:41:02 2012 +0100 + + Buffer Overflow: check against the implicit size of select() arrays + + Reported by Julien Tinnes (Fix #269) + exit is called when the listening socket can not be created + +diff --git a/src/connection.c b/src/connection.c +index 07ab431..5c4c24a 100644 +--- a/src/connection.c ++++ b/src/connection.c +@@ -124,6 +124,18 @@ static void connect_trynext(connection_t *cn) + continue; + } + ++ if (cn->handle >= FD_SETSIZE) { ++ mylog(LOG_WARN, "too many fd used, close socket %d", ++ cn->handle); ++ ++ if (close(cn->handle) == -1) ++ mylog(LOG_WARN, "Error on socket close: %s", ++ strerror(errno)); ++ ++ cn->handle = -1; ++ break; ++ } ++ + socket_set_nonblock(cn->handle); + + if (cn->connecting_data->src) { +@@ -789,13 +801,8 @@ list_t *wait_event(list_t *cn_list, int *msec, int *nc) + /* + * This shouldn't happen ! just in case... + */ +- if (cn->handle < 0) { +- mylog(LOG_WARN, "wait_event invalid socket %d", +- cn->handle); +- if (cn_is_connected(cn)) +- cn->connected = CONN_ERROR; +- continue; +- } ++ if (cn->handle < 0 || cn->handle >= FD_SETSIZE) ++ fatal("wait_event invalid socket %d", cn->handle); + + /* exceptions are OOB and disconnections */ + FD_SET(cn->handle, &fds_except); +@@ -966,6 +973,18 @@ static void create_listening_socket(char *hostname, char *port, + continue; + } + ++ if (cn->handle >= FD_SETSIZE) { ++ mylog(LOG_WARN, "too many fd used, close listening socket %d", ++ cn->handle); ++ ++ if (close(cn->handle) == -1) ++ mylog(LOG_WARN, "Error on socket close: %s", ++ strerror(errno)); ++ ++ cn->handle = -1; ++ break; ++ } ++ + if (setsockopt(cn->handle, SOL_SOCKET, SO_REUSEADDR, + (char *)&multi_client, + sizeof(multi_client)) < 0) { +@@ -1113,10 +1132,21 @@ connection_t *accept_new(connection_t *cn) + + mylog(LOG_DEBUG, "Trying to accept new client on %d", cn->handle); + err = accept(cn->handle, &sa, &sa_len); ++ + if (err < 0) { +- mylog(LOG_ERROR, "accept failed: %s", strerror(errno)); ++ fatal("accept failed: %s", strerror(errno)); ++ } ++ ++ if (err >= FD_SETSIZE) { ++ mylog(LOG_WARN, "too many client connected, close %d", err); ++ ++ if (close(err) == -1) ++ mylog(LOG_WARN, "Error on socket close: %s", ++ strerror(errno)); ++ + return NULL; + } ++ + socket_set_nonblock(err); + + conn = connection_init(cn->anti_flood, cn->ssl, cn->timeout, 0); +commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c +Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr> +Date: Sat Jan 7 11:41:02 2012 +0100 + + Buffer Overflow: check against the implicit size of select() arrays + + Reported by Julien Tinnes (Fix #269) + exit is called when the listening socket can not be created + +diff --git a/src/irc.c b/src/irc.c +index ebc1b34..147a315 100644 +--- a/src/irc.c ++++ b/src/irc.c +@@ -2439,9 +2439,10 @@ void bip_on_event(bip_t *bip, connection_t *conn) + + if (conn == bip->listener) { + struct link_client *n = irc_accept_new(conn); +- assert(n); +- list_add_last(&bip->conn_list, CONN(n)); +- list_add_last(&bip->connecting_client_list, n); ++ if (n) { ++ list_add_last(&bip->conn_list, CONN(n)); ++ list_add_last(&bip->connecting_client_list, n); ++ } + return; + } + |