ports/164719: [PATCH] irc/bip: update to fix CVE-2012-0806
Steve Wills
swills at FreeBSD.org
Thu Feb 2 20:50:10 UTC 2012
>Number: 164719
>Category: ports
>Synopsis: [PATCH] irc/bip: update to fix CVE-2012-0806
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 02 20:50:10 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Steve Wills
>Release: FreeBSD 10.0-CURRENT amd64
>Organization:
>Environment:
System: FreeBSD meatwad.mouf.net 10.0-CURRENT FreeBSD 10.0-CURRENT #8: Mon Dec 19 15:53:28 EST 2011
>Description:
see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0806
patch from: https://projects.duckcorp.org/projects/bip/repository/revisions/222a33cb84a2e52ad55a88900b7895bf9dd0262c
(I just concatenated the 3 patches)
Added file(s):
- files/patch-bip-269
Port maintainer (sylvio at FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:
--- bip-0.8.8_1.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/irc/bip/Makefile,v
retrieving revision 1.19
diff -u -u -r1.19 Makefile
--- Makefile 23 Sep 2011 22:23:32 -0000 1.19
+++ Makefile 2 Feb 2012 20:40:30 -0000
@@ -7,6 +7,7 @@
PORTNAME= bip
PORTVERSION= 0.8.8
+PORTREVISION= 1
CATEGORIES= irc
MASTER_SITES= https://projects.duckcorp.org/attachments/download/39/
@@ -14,6 +15,7 @@
COMMENT= A simple IRC proxy with SSL support
LICENSE= GPLv2
+
GNU_CONFIGURE= yes
LDFLAGS+= -L${LOCALBASE}/lib
USE_GMAKE= yes
@@ -21,6 +23,7 @@
USE_OPENSSL= yes
+PATCH_STRIP= -p1
PLIST_FILES= bin/bip bin/bipmkpw
SUB_FILES= pkg-message
MAN1= bip.1 bipmkpw.1
Index: files/patch-bip-269
===================================================================
RCS file: files/patch-bip-269
diff -N files/patch-bip-269
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-bip-269 2 Feb 2012 20:40:30 -0000
@@ -0,0 +1,139 @@
+commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c
+Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli at gmx.fr>
+Date: Sat Jan 7 11:41:02 2012 +0100
+
+ Buffer Overflow: check against the implicit size of select() arrays
+
+ Reported by Julien Tinnes (Fix #269)
+ exit is called when the listening socket can not be created
+
+diff --git a/src/bip.c b/src/bip.c
+index d46ee2b..b4ac706 100644
+--- a/src/bip.c
++++ b/src/bip.c
+@@ -1311,7 +1311,7 @@ int main(int argc, char **argv)
+ close(fd);
+
+ bip.listener = listen_new(conf_ip, conf_port, conf_css);
+- if (!bip.listener)
++ if (!bip.listener || bip.listener->connected == CONN_ERROR)
+ fatal("Could not create listening socket");
+
+ for (;;) {
+commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c
+Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli at gmx.fr>
+Date: Sat Jan 7 11:41:02 2012 +0100
+
+ Buffer Overflow: check against the implicit size of select() arrays
+
+ Reported by Julien Tinnes (Fix #269)
+ exit is called when the listening socket can not be created
+
+diff --git a/src/connection.c b/src/connection.c
+index 07ab431..5c4c24a 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -124,6 +124,18 @@ static void connect_trynext(connection_t *cn)
+ continue;
+ }
+
++ if (cn->handle >= FD_SETSIZE) {
++ mylog(LOG_WARN, "too many fd used, close socket %d",
++ cn->handle);
++
++ if (close(cn->handle) == -1)
++ mylog(LOG_WARN, "Error on socket close: %s",
++ strerror(errno));
++
++ cn->handle = -1;
++ break;
++ }
++
+ socket_set_nonblock(cn->handle);
+
+ if (cn->connecting_data->src) {
+@@ -789,13 +801,8 @@ list_t *wait_event(list_t *cn_list, int *msec, int *nc)
+ /*
+ * This shouldn't happen ! just in case...
+ */
+- if (cn->handle < 0) {
+- mylog(LOG_WARN, "wait_event invalid socket %d",
+- cn->handle);
+- if (cn_is_connected(cn))
+- cn->connected = CONN_ERROR;
+- continue;
+- }
++ if (cn->handle < 0 || cn->handle >= FD_SETSIZE)
++ fatal("wait_event invalid socket %d", cn->handle);
+
+ /* exceptions are OOB and disconnections */
+ FD_SET(cn->handle, &fds_except);
+@@ -966,6 +973,18 @@ static void create_listening_socket(char *hostname, char *port,
+ continue;
+ }
+
++ if (cn->handle >= FD_SETSIZE) {
++ mylog(LOG_WARN, "too many fd used, close listening socket %d",
++ cn->handle);
++
++ if (close(cn->handle) == -1)
++ mylog(LOG_WARN, "Error on socket close: %s",
++ strerror(errno));
++
++ cn->handle = -1;
++ break;
++ }
++
+ if (setsockopt(cn->handle, SOL_SOCKET, SO_REUSEADDR,
+ (char *)&multi_client,
+ sizeof(multi_client)) < 0) {
+@@ -1113,10 +1132,21 @@ connection_t *accept_new(connection_t *cn)
+
+ mylog(LOG_DEBUG, "Trying to accept new client on %d", cn->handle);
+ err = accept(cn->handle, &sa, &sa_len);
++
+ if (err < 0) {
+- mylog(LOG_ERROR, "accept failed: %s", strerror(errno));
++ fatal("accept failed: %s", strerror(errno));
++ }
++
++ if (err >= FD_SETSIZE) {
++ mylog(LOG_WARN, "too many client connected, close %d", err);
++
++ if (close(err) == -1)
++ mylog(LOG_WARN, "Error on socket close: %s",
++ strerror(errno));
++
+ return NULL;
+ }
++
+ socket_set_nonblock(err);
+
+ conn = connection_init(cn->anti_flood, cn->ssl, cn->timeout, 0);
+commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c
+Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli at gmx.fr>
+Date: Sat Jan 7 11:41:02 2012 +0100
+
+ Buffer Overflow: check against the implicit size of select() arrays
+
+ Reported by Julien Tinnes (Fix #269)
+ exit is called when the listening socket can not be created
+
+diff --git a/src/irc.c b/src/irc.c
+index ebc1b34..147a315 100644
+--- a/src/irc.c
++++ b/src/irc.c
+@@ -2439,9 +2439,10 @@ void bip_on_event(bip_t *bip, connection_t *conn)
+
+ if (conn == bip->listener) {
+ struct link_client *n = irc_accept_new(conn);
+- assert(n);
+- list_add_last(&bip->conn_list, CONN(n));
+- list_add_last(&bip->connecting_client_list, n);
++ if (n) {
++ list_add_last(&bip->conn_list, CONN(n));
++ list_add_last(&bip->connecting_client_list, n);
++ }
+ return;
+ }
+
--- bip-0.8.8_1.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list