From nobody Sun May 08 20:54:09 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C598B1AB9915; Sun, 8 May 2022 20:54:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KxGkT5B6Fz4dRp; Sun, 8 May 2022 20:54:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1652043249; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gS3Hhi9BmPBac/YLq1IWSGCkHOcv2nMsBtLG0zJojgk=; b=B8ye8LLr6wmq+XDIs6RnoQU2T0sW7MT4Sc7TjB8lqTRBoB9fqpq2VovLsj30aHtGZQ47lF c3H+XQDOOi3GrmKMvnKMCMaidNlGR8L2hlMSFXxBQKd1dOrYCfHewQaOou/Q4FrBjLcrkS FgAR8iPyrCDtJQ4J+OM0e3G3Lhktkgj78rEHRyjRhiIpWO8/2uL2RrRuH407zUqtDU9+IX ohijzA7F9qOQs4VbLfajXqaDtmnG5Kb4SQLKRp9F5p52d5SplZn8uGpzvTW7T5GNlc3tV+ 7EuJeWwSUNJgICfZpCvm1OISA7VKjg78jl5KVTOcygTa8uYcwJNFRvx96t3WRQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9204E2BADD; Sun, 8 May 2022 20:54:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 248Ks99C063340; Sun, 8 May 2022 20:54:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 248Ks9UG063338; Sun, 8 May 2022 20:54:09 GMT (envelope-from git) Date: Sun, 8 May 2022 20:54:09 GMT Message-Id: <202205082054.248Ks9UG063338@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Joe Marcus Clarke Subject: git: ad0b2e636d9e - main - net/netatalk3: Fix more crashes due to overly tight checks List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: marcus X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ad0b2e636d9ebf0bdcfdb30933fa0658fa657b17 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1652043249; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gS3Hhi9BmPBac/YLq1IWSGCkHOcv2nMsBtLG0zJojgk=; b=aBroheyvrdEnx1dTxhb5Bh8DsQO+c+RX5uUv4ynFYTlnextFkQhA5cY6toH/szSFgEbpXI i10ogCPyNk5LFtsFZBEe0nUjGH/WKmbK8p+9z5G/S1+WzoVazNrdkltApPShDFGzgyEE61 6n7ylBVdoTXyexAAKsWN+mGHODtgGfHHC+/PGjupb5aGsaouBjB+u1q1Og+s8FE1nf6t85 o1pF5hNbIPDVtBdipRz/iV+tY2ZGoTSHOttemeNKdaTALoIGHT+S2Oi3eWcQ7WiHFUvhWk dum+9YRG3FlU+NzwjSyVz3lU9JJ3qHVHBp2pRwjnU5HVgIFc/gHmmjFQrgFa3A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1652043249; a=rsa-sha256; cv=none; b=i2ZwA2Xm4Lg/jGeojkjWaX3jQnLqpnvVviTBHY9jPn7bWh1ZcPfKfPXJnG6wrSLji2JoDI xjVO3BtYjJcTRhHNOefpJkWM2dFZpXZfyr9q7skoj1OaHynSxaX+iaVkbBljWA8O6XKKqF qM0H9TwqrufYX9SMJXa3A3Yg23kf1YIaRp2N1t05DKT+R8yzjH7GNCjIXPVQKv1qi/HUfw uDFIv3UNeyBw/jPOcJ+jXjIx/WSbHOZTOm7rcZf+rUn8GOQk4fe0aPEO6/U7uGji4Sgehx qeEGszZSJkD83rTTUz+DGSoBM0xVOkQe39bQEFYdcLU3ptTjEDhdfjsYC2zYew== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by marcus: URL: https://cgit.FreeBSD.org/ports/commit/?id=ad0b2e636d9ebf0bdcfdb30933fa0658fa657b17 commit ad0b2e636d9ebf0bdcfdb30933fa0658fa657b17 Author: Joe Marcus Clarke AuthorDate: 2022-05-08 20:52:28 +0000 Commit: Joe Marcus Clarke CommitDate: 2022-05-08 20:52:28 +0000 net/netatalk3: Fix more crashes due to overly tight checks The check for off/len equal to 0 seems incorrect since both should be allowed in general. The main validity check will ensure that all types are correctly handled. In addition, add more logging to it's easier to spot conditions that could be breaking things. PR: 263743 --- net/netatalk3/Makefile | 2 +- .../files/patch-libatalk_adouble_ad__open.c | 75 +++++++++++++++++++++- 2 files changed, 74 insertions(+), 3 deletions(-) diff --git a/net/netatalk3/Makefile b/net/netatalk3/Makefile index b9392a94e855..1f2ac85e3b76 100644 --- a/net/netatalk3/Makefile +++ b/net/netatalk3/Makefile @@ -2,7 +2,7 @@ PORTNAME= netatalk PORTVERSION= 3.1.13 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= net MASTER_SITES= SF diff --git a/net/netatalk3/files/patch-libatalk_adouble_ad__open.c b/net/netatalk3/files/patch-libatalk_adouble_ad__open.c index 086594859f40..9a704469a6de 100644 --- a/net/netatalk3/files/patch-libatalk_adouble_ad__open.c +++ b/net/netatalk3/files/patch-libatalk_adouble_ad__open.c @@ -1,6 +1,64 @@ ---- libatalk/adouble/ad_open.c.orig 2022-05-01 19:20:45 UTC +--- libatalk/adouble/ad_open.c.orig 2022-03-22 04:44:25 UTC +++ libatalk/adouble/ad_open.c -@@ -1637,6 +1637,10 @@ void *ad_entry(const struct adouble *ad, int eid) +@@ -1574,6 +1574,8 @@ static bool ad_entry_check_size(uint32_t eid, + uint32_t required_len; + + if (eid >= ADEID_MAX) { ++ LOG(log_error, logtype_ad, "ad_entry_check_size %d is greater than %d", ++ eid, ADEID_MAX); + return false; + } + if (got_len == 0) { +@@ -1585,6 +1587,7 @@ static bool ad_entry_check_size(uint32_t eid, + * Shouldn't happen: implicitly initialized to zero because + * explicit initializer missing. + */ ++ LOG(log_error, logtype_ad, "ad_entry_check_size explicit initializer missing"); + return false; + } + if (ad_checks[eid].expected_len == -1) { +@@ -1594,6 +1597,8 @@ static bool ad_entry_check_size(uint32_t eid, + if (ad_checks[eid].fixed_size) { + if (ad_checks[eid].expected_len != got_len) { + /* Wrong size fo fixed size entry. */ ++ LOG(log_error, logtype_ad, "ad_entry_check_size wrong size to fixed size entry (%d != %d)", ++ ad_checks[eid].expected_len, got_len); + return false; + } + required_len = got_len; +@@ -1604,12 +1609,16 @@ static bool ad_entry_check_size(uint32_t eid, + * Too small for variable sized entry with + * minimum size. + */ ++ LOG(log_error, logtype_ad, "ad_entry_check_size too small for variable sized entry (%d < %d)", ++ got_len, ad_checks[eid].expected_len); + return false; + } + required_len = got_len; + } else { + if (got_len > ad_checks[eid].expected_len) { + /* Too big for variable sized entry. */ ++ LOG(log_error, logtype_ad, "ad_entry_check_size too big for variable sized entry (%d > %d)", ++ got_len, ad_checks[eid].expected_len); + return false; + } + /* +@@ -1621,10 +1630,14 @@ static bool ad_entry_check_size(uint32_t eid, + } + if (off + required_len < off) { + /* wrap around */ ++ LOG(log_error, logtype_ad, "ad_entry_check_size wrap around (%d + %d < %d)", ++ off, required_len, off); + return false; + } + if (off + required_len > bufsize) { + /* overflow */ ++ LOG(log_error, logtype_ad, "ad_entry_check_size overflow (%d + %d > %d)", ++ off, required_len, bufsize); + return false; + } + return true; +@@ -1637,14 +1650,21 @@ void *ad_entry(const struct adouble *ad, int eid) size_t len = ad_getentrylen(ad, eid); bool valid; @@ -10,4 +68,17 @@ + valid = ad_entry_check_size(eid, bufsize, off, len); if (!valid) { ++ LOG(log_error, logtype_ad, "ad_entry: not valid"); + return NULL; + } + +- if (off == 0 || len == 0) { ++ /*if (off == 0 || len == 0) { ++ LOG(log_error, logtype_ad, "ad_entry: off or len is 0 (off: %d, len: %d)", ++ off, len); return NULL; +- } ++ }*/ + + return ((struct adouble *)ad)->ad_data + off; + }