maintainer-feedback requested: [Bug 269433] ports-mgmt/pkg Segfault on malformed pkg.conf content (pkg_env)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 269433] ports-mgmt/pkg Segfault on malformed pkg.conf content (pkg_env)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 09 Feb 2023 10:38:25 UTC

Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-pkg (Nobody)
<pkg@FreeBSD.org> for maintainer-feedback:
Bug 269433: ports-mgmt/pkg Segfault on malformed pkg.conf content (pkg_env)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269433



--- Description ---
There seems to be a bug in the way pkg handles options in pkg.conf
(/usr/local/etc/pkg.conf).

Problem was initially detected on an HardenedBSD 13.1-STABLE, but was
reproduced on a fresh FreeBSD 13.1-RELEASE downloaded today:

- FreeBSD 13.1-RELEASE: uname -aKU = FreeBSD freebsd 13.1-RELEASE FreeBSD
13.1-RELEASE releng/13.1-n250148-fc952ac2212 GENERIC amd64 1301000 1301000

- pkg -vv:
Version 		: 1.19.0
PKG_DBDIR = "/var/db/pkg";
PKG_CACHEDIR = "/var/cache/pkg";
PORTSDIR = "/usr/ports";
INDEXDIR = "";
INDEXFILE = "INDEX-13";
HANDLE_RC_SCRIPTS = false;
DEFAULT_ALWAYS_YES = false;
ASSUME_ALWAYS_YES = false;
REPOS_DIR [
    "/etc/pkg/",
    "/usr/local/etc/pkg/repos/",
]
PLIST_KEYWORDS_DIR = "";
SYSLOG = true;
ABI = "FreeBSD:13:amd64";
ALTABI = "freebsd:13:x86:64";
DEVELOPER_MODE = false;
VULNXML_SITE = "http://vuxml.freebsd.org/freebsd/vuln.xml.xz";
FETCH_RETRY = 3;
PKG_PLUGINS_DIR = "/usr/local/lib/pkg/";
PKG_ENABLE_PLUGINS = true;
PLUGINS [
]
DEBUG_SCRIPTS = false;
PLUGINS_CONF_DIR = "/usr/local/etc/pkg/";
PERMISSIVE = false;
REPO_AUTOUPDATE = true;
NAMESERVER = "";
HTTP_USER_AGENT = "pkg/1.19.0";
EVENT_PIPE = "";
FETCH_TIMEOUT = 30;
UNSET_TIMESTAMP = false;
SSH_RESTRICT_DIR = "";
PKG_ENV {
}
ABI

Repositories:
  FreeBSD: { 
    url 	    : "pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/quarterly",
    enabled	    : yes,
    priority	    : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkg"
  }


How to reproduce:
- install pkg
- install some package (step likely not necessary)
- edit /usr/local/etc/pkg.conf and add the following lines (without the "-"'s):

---------------------------------------
pkg_env {}
PKG_ENV : {
 http_proxy: "http://10.0.0.1:3128"
 https_proxy: "http://10.0.0.1:3128"
 ftp_proxy: "http://10.0.0.1:3128"
}
---------------------------------------

- try doing a `pkg info`:
root@freebsd:~ # pkg info 
gettext-runtime-0.21.1	       GNU gettext runtime libraries and programs
indexinfo-0.3.1 	       Utility to regenerate the GNU info page index
libffi-3.4.4		       Foreign Function Interface
mpdecimal-2.5.1 	       C/C++ arbitrary precision decimal floating point
libraries
pkg-1.19.0		       Package manager
python39-3.9.16 	       Interpreted object-oriented programming language
readline-8.2.0		       Library for editing command lines as they are
typed
vim-9.0.0981		       Improved version of the vi editor (console
flavor)
Child process pid=1149 terminated abnormally: Segmentation fault
root@freebsd:~ # 



The configuration is obviously wrong, but pkg shouldn't segfault on this.
After some testing, it seems that:
- pkg doesn't fail if multiple lines with same case are in the file ('pkg_env
{}' plus 'pkg_env : {...}')
- pkg fails when multiple lines are present, with a different casing ('pkg_env
{}' plus 'PKG_ENV : {...}')

I don't know if this bug occurs only for the pkg_env option, or other
parameters as well.