From nobody Wed Jan 24 09:21:32 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TKdkP05vGz57sY6; Wed, 24 Jan 2024 09:21:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TKdkN6nVhz41P9; Wed, 24 Jan 2024 09:21:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706088093; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+bUh+rL/WPHMg4016Tsx0W1N4oHRFbyAW1269Mx4mnU=; b=eMWCkUtomBMZLH8TdyNIippjuoI2wNfwdiNCHzAIKmc6askfMtnE7oBsKBZLRc4jbyDJk0 529a6nQN3vGPa6UspBcShQ181VPEDgNsa0rCVS4JRJ7V73/D4VL/YVCp+hY3ZvKGGumVIQ D21L01B2d8ktPnZVGJp+ol9ykkMMKkzvOe6SDpiuSXttIWGPNAmbrpsiT+2VrDkx8cj31b bS8XnmQ6umhHEgnaA42eZuShlMdqf2epykCUAtYx2jTBnzNXVwR+joZSH/4w6+X+A6/L1l V1ux3abigvsEfU8/kZXMxuDlj3V52frBQP34mhCKFX9xx/tdoguVOWmAL7OUOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706088092; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+bUh+rL/WPHMg4016Tsx0W1N4oHRFbyAW1269Mx4mnU=; b=KtGcrIOJfSLD45X2lcZrsEg8JfIttOIbkCIk4pBY7ez+zM1iOhrjylFib9Uq9UoSUDCKZG rb6sB4uUObwLs0Xqz1nN4KLZSx0VwM504pcXFhj33SH4ym0BnohDivmExppM0oFHm2mwx9 Ost2Dgj3/KO2CpSmuEzHC1etCU+gTFSG5NomUohyrcESTEMyiUIOiSKT1zfw6MJdwUkZ4L j8gsjyjqliQ6lmTzprkvklEmWm5mS6v7nG5teFXOzWxXN1ojNHOwVorWDZbqiFk8WqfUqu YUSvrlkF7Hd/7FlHVrMqUgumarZSntIb3Zp21kaekuvvUC+zhVUO4sHZwH4bwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706088092; a=rsa-sha256; cv=none; b=ccHa3j/4lfb7yDvVsLziTChiukmKDs3ZX0RWdVN8WPUIX+Qq4i4nSYmW/j8++InXCPSEyn Vj2f1mZGD8MGi10KhhAZTlWp171zYFOHrrxR+SdEoSnY0pqeLH0YZS8ZEH204l69ONImGM 66oA8rPgTPpBpGd2nkbHcLGoheVKq4HMUn/YGljr3TYqBicWrcKwR4sEoHoUFO9WdppkiF enxwato/etmGB6AYk2kCE431zhzEve11yOTCXrh/lt1F7dPspoX8sfWr7tuFSaotx7GHYl cQl0d8U8W3+iAvxOiaMVMFbLvZHMiN3LYb5/ne8kiSlLh0PMGH39v0v+Zsq2uw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TKdkN5sTVz17Bv; Wed, 24 Jan 2024 09:21:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40O9LWG0055835; Wed, 24 Jan 2024 09:21:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40O9LWY6055832; Wed, 24 Jan 2024 09:21:32 GMT (envelope-from git) Date: Wed, 24 Jan 2024 09:21:32 GMT Message-Id: <202401240921.40O9LWY6055832@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Alexey Dokuchaev Subject: git: a22f7c00b773 - main - games/quake2max: fix known security and "missing return" issues List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: danfe X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a22f7c00b773628dff7a20a2b0fceb544d4fd9e3 Auto-Submitted: auto-generated The branch main has been updated by danfe: URL: https://cgit.FreeBSD.org/ports/commit/?id=a22f7c00b773628dff7a20a2b0fceb544d4fd9e3 commit a22f7c00b773628dff7a20a2b0fceb544d4fd9e3 Author: Alexey Dokuchaev AuthorDate: 2024-01-24 09:20:26 +0000 Commit: Alexey Dokuchaev CommitDate: 2024-01-24 09:20:26 +0000 games/quake2max: fix known security and "missing return" issues - Backport modified security patch from `games/quake2lnx' port - Fix several -Werror=return-type bugs, the most important being the one in R_Init() function which prevented correct graphics initialization, causing the game to segfault during start-up - For strlwr() function, just change it to `void' as its return value is never used anyway - While here, add some places of interest to the WWW line Reported by: Sergey V. Dyatko --- games/quake2max/Makefile | 4 +- games/quake2max/files/patch-missing-return | 32 ++++++ games/quake2max/files/patch-security | 157 +++++++++++++++++++++++++++++ 3 files changed, 192 insertions(+), 1 deletion(-) diff --git a/games/quake2max/Makefile b/games/quake2max/Makefile index 19e66c02015e..9c26d62a4d35 100644 --- a/games/quake2max/Makefile +++ b/games/quake2max/Makefile @@ -1,6 +1,6 @@ PORTNAME= quake2max PORTVERSION= 0.45 -PORTREVISION= 15 +PORTREVISION= 16 CATEGORIES= games MASTER_SITES= http://freebsd.nsu.ru/distfiles/ LOCAL/danfe DISTNAME= Quake2maX_${PORTVERSION}-src_unix @@ -9,6 +9,8 @@ EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= danfe@FreeBSD.org COMMENT= OpenGL-only Quake II engine modification +WWW= https://icculus.org/~ravage/quake2/ \ + http://web.archive.org/web/20060104020511/http://www.planetquake.com/quake2max/ LICENSE= GPLv2+ LICENSE_FILE= ${WRKSRC}/gnu.txt diff --git a/games/quake2max/files/patch-missing-return b/games/quake2max/files/patch-missing-return new file mode 100644 index 000000000000..b312e5a188d7 --- /dev/null +++ b/games/quake2max/files/patch-missing-return @@ -0,0 +1,32 @@ +--- ref_gl/gl_rmain.c.orig 2006-01-12 15:58:43 UTC ++++ ref_gl/gl_rmain.c +@@ -3683,6 +3683,8 @@ int R_Init( void *hinstance, void *hWnd ) + err = qglGetError(); + if ( err != GL_NO_ERROR ) + ri.Con_Printf (PRINT_ALL, "glGetError() = 0x%x\n", err); ++ ++ return 0; + } + + /* +--- unix/net_udp.c.orig 2002-12-13 11:59:20 UTC ++++ unix/net_udp.c +@@ -125,6 +125,7 @@ qboolean NET_CompareBaseAdr (netadr_t a, netadr_t b) + return true; + return false; + } ++ return false; + } + + char *NET_AdrToString (netadr_t a) +--- unix/qsh_unix.c.orig 2006-01-11 13:05:49 UTC ++++ unix/qsh_unix.c +@@ -150,7 +150,7 @@ void Sys_Mkdir (char *path) + mkdir (path, 0777); + } + +-char *strlwr (char *s) ++void strlwr (char *s) + { + while (*s) { + *s = tolower(*s); diff --git a/games/quake2max/files/patch-security b/games/quake2max/files/patch-security new file mode 100644 index 000000000000..f82d754ec0c3 --- /dev/null +++ b/games/quake2max/files/patch-security @@ -0,0 +1,157 @@ +--- client/cl_parse.c.orig 2002-10-10 09:40:17 UTC ++++ client/cl_parse.c +@@ -474,6 +474,9 @@ void CL_LoadClientinfo (clientinfo_t *ci, char *s) + strncpy(ci->cinfo, s, sizeof(ci->cinfo)); + ci->cinfo[sizeof(ci->cinfo)-1] = 0; + ++ // sku - avoid potential buffer overflow vulnerability ++ s = ci->cinfo; ++ + // isolate the player's name + strncpy(ci->name, s, sizeof(ci->name)); + ci->name[sizeof(ci->name)-1] = 0; +@@ -602,6 +605,7 @@ void CL_ParseConfigString (void) + int i; + char *s; + char olds[MAX_QPATH]; ++ int length; + + i = MSG_ReadShort (&net_message); + if (i < 0 || i >= MAX_CONFIGSTRINGS) +@@ -610,6 +614,12 @@ void CL_ParseConfigString (void) + + strncpy (olds, cl.configstrings[i], sizeof(olds)); + olds[sizeof(olds) - 1] = 0; ++ ++ // sku - avoid potential buffer overflow vulnerability ++ length = strlen (s); ++ if (length > sizeof cl.configstrings - sizeof cl.configstrings[0] * i - 1) { ++ Com_Error (ERR_DROP, "CL_ParseConfigString: oversize configstring"); ++ } + + strcpy (cl.configstrings[i], s); + +--- qcommon/cmd.c.orig 2002-12-12 08:44:37 UTC ++++ qcommon/cmd.c +@@ -217,6 +217,10 @@ void Cbuf_Execute (void) + } + + ++ // sku - remove potential buffer overflow vulnerability ++ if (i > sizeof line - 1) { ++ i = sizeof line - 1; ++ } + memcpy (line, text, i); + line[i] = 0; + +@@ -679,7 +683,8 @@ void Cmd_TokenizeString (char *text, qboolean macroExp + { + int l; + +- strcpy (cmd_args, text); ++ // sku - remove potential buffer overflow vulnerability ++ strncpy (cmd_args, text, sizeof cmd_args); + + // strip off any trailing whitespace + l = strlen(cmd_args) - 1; +--- qcommon/common.c.orig 2002-12-13 11:33:44 UTC ++++ qcommon/common.c +@@ -776,7 +776,9 @@ char *MSG_ReadString (sizebuf_t *msg_read) + l = 0; + do + { +- c = MSG_ReadChar (msg_read); ++ // sku - replaced MSG_ReadChar with MSG_ReadByte to avoid ++ // potential vulnerability ++ c = MSG_ReadByte (msg_read); + if (c == -1 || c == 0) + break; + string[l] = c; +@@ -796,7 +798,9 @@ char *MSG_ReadStringLine (sizebuf_t *msg_read) + l = 0; + do + { +- c = MSG_ReadChar (msg_read); ++ // sku - replaced MSG_ReadChar with MSG_ReadByte to avoid ++ // potential vulnerability ++ c = MSG_ReadByte (msg_read); + if (c == -1 || c == 0 || c == '\n') + break; + string[l] = c; +--- server/sv_main.c.orig 2003-05-07 07:19:06 UTC ++++ server/sv_main.c +@@ -314,8 +314,9 @@ void SVC_DirectConnect (void) + + challenge = atoi(Cmd_Argv(3)); + +- strncpy (userinfo, Cmd_Argv(4), sizeof(userinfo)-1); +- userinfo[sizeof(userinfo) - 1] = 0; ++ // sku - reserve 32 bytes for the IP address ++ strncpy (userinfo, Cmd_Argv(4), sizeof userinfo - 32); ++ userinfo[sizeof userinfo - 32] = 0; + + // force the IP key/value pair so the game can filter based on ip + Info_SetValueForKey (userinfo, "ip", NET_AdrToString(net_from)); +@@ -363,6 +364,11 @@ void SVC_DirectConnect (void) + && ( cl->netchan.qport == qport + || adr.port == cl->netchan.remote_address.port ) ) + { ++ // sku - avoid reusing slot of the client already connected ++ if (cl->state != cs_zombie) { ++ Netchan_OutOfBandPrint (NS_SERVER, adr, "print\nConnected client from this IP is already present.\n"); ++ return; ++ } + if (!NET_IsLocalAddress (adr) && (svs.realtime - cl->lastconnect) < ((int)sv_reconnect_limit->value * 1000)) + { + Com_DPrintf ("%s:reconnect rejected : too soon\n", NET_AdrToString (adr)); +--- server/sv_user.c.orig 2002-04-13 09:00:30 UTC ++++ server/sv_user.c +@@ -142,6 +142,9 @@ void SV_Configstrings_f (void) + } + + start = atoi(Cmd_Argv(2)); ++ if (start < 0) { ++ start = 0; // sku - catch negative offsets ++ } + + // write a packet full of data + +@@ -150,9 +153,18 @@ void SV_Configstrings_f (void) + { + if (sv.configstrings[start][0]) + { ++ int length; ++ ++ // sku - write configstrings that exceed MAX_QPATH in proper-sized chunks ++ length = strlen (sv.configstrings[start]); ++ if (length > MAX_QPATH) { ++ length = MAX_QPATH; ++ } ++ + MSG_WriteByte (&sv_client->netchan.message, svc_configstring); + MSG_WriteShort (&sv_client->netchan.message, start); +- MSG_WriteString (&sv_client->netchan.message, sv.configstrings[start]); ++ SZ_Write (&sv_client->netchan.message, sv.configstrings[start], length); ++ MSG_WriteByte (&sv_client->netchan.message, 0); + } + start++; + } +@@ -199,6 +211,9 @@ void SV_Baselines_f (void) + } + + start = atoi(Cmd_Argv(2)); ++ if (start < 0) { ++ start = 0; ++ } + + memset (&nullstate, 0, sizeof(nullstate)); + +@@ -398,7 +413,7 @@ Dumps the serverinfo info string + */ + void SV_ShowServerinfo_f (void) + { +- Info_Print (Cvar_Serverinfo()); ++// Info_Print (Cvar_Serverinfo()); + } + +