From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Jan 26 20:20:09 2012
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F25FF1065672
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 26 Jan 2012 20:20:09 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id CA8C38FC12
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 26 Jan 2012 20:20:09 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q0QKK9dg038456
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 26 Jan 2012 20:20:09 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q0QKK9S9038455;
	Thu, 26 Jan 2012 20:20:09 GMT (envelope-from gnats)
Resent-Date: Thu, 26 Jan 2012 20:20:09 GMT
Resent-Message-Id: <201201262020.q0QKK9S9038455@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Michael Scheidell <scheidell@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 06910106564A
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 26 Jan 2012 20:13:48 +0000 (UTC)
	(envelope-from scheidell@secnap.net)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net
	[204.89.241.253])
	by mx1.freebsd.org (Postfix) with ESMTP id B98B18FC14
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 26 Jan 2012 20:13:47 +0000 (UTC)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net
	[10.70.1.253])
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 2C061621C46
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 26 Jan 2012 15:13:47 -0500 (EST)
Received: from scanner.secnap.net (unknown [10.70.1.4])
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 0E6D5621C45
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 26 Jan 2012 15:13:46 -0500 (EST)
Received: by scanner.secnap.net (Postfix, from userid 1001)
	id 0933E1D3E7; Thu, 26 Jan 2012 15:13:46 -0500 (EST)
Message-Id: <20120126201346.0933E1D3E7@scanner.secnap.net>
Date: Thu, 26 Jan 2012 15:13:46 -0500 (EST)
From: Michael Scheidell <scheidell@FreeBSD.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/164529: [PATCH] security/swatch doesn't always find running
	process
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2012 20:20:10 -0000


>Number:         164529
>Category:       ports
>Synopsis:       [PATCH] security/swatch doesn't always find running process
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 26 20:20:09 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        FreeBSD 7.4-RELEASE-p3 i386
>Organization:
SECNAP Network Security Corp
>Environment:

amd7.4, amd7.3, i386 7.3
>Description:
	1) service swatch status won't always show status, which means it won't always stop, restart, etc.
	if swatch_x_flags is greater than 222 bytes, then you need procname=/usr/local/bin/perl
        if < 222, you don't.  This is due to the $0 limit in perl:  "

http://perldoc.perl.org/perlvar.html
"Note that there are platform-specific limitations on the maximum length of $0 . In the most extreme case it may be limited 
to the space occupied by the original $0 ."


	2) swatch would LIKE to have p5-File-Tail as a dependency: (if you don't use the default tail command)
	"Checking if your kit is complete...
Looks good
Warning: prerequisite File::Tail 0 not found.
Writing Makefile for swatch:
>How-To-Repeat:
	1) have a very long log file name (so that swatch_1_flags is > 222 bytes), have multiple files, same
	2) pkg_delete p5-File-Tail\* and reinstall swatch. look for error.
>Fix:
	1) this patch takes the $command $swatch_x_flags and the 'suffex' (perl), two byte padding and compares it to 255
if swatch worked for you before (service swatch (status|stop|restart) then this should work.
if it didn't work before, and you had lots of little swatches running, this should fix it.

I asked in ports@ and perl@ and didn't really get any good answers to this ugly hack.

(note: two options, instead of setting procname, you could 'err 1 swatch_${i}_flags too long' in rc. or you could patch 
swatch to fail if cmdarg > (too long)

2) this patch will bring in File-Tail, and allow for both smaller swatch_x_flags lens and larger ones.

- patch swatch.rc to check for buffer overflow in cmdarg with long _flags lines
- add p5-File-Tail dependency


--- swatch.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/security/swatch/Makefile,v
retrieving revision 1.31
diff -u -r1.31 Makefile
--- Makefile	21 Jan 2012 17:40:12 -0000	1.31
+++ Makefile	26 Jan 2012 19:55:30 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	swatch
 PORTVERSION=	3.2.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security sysutils
 MASTER_SITES=	SF
 
@@ -17,7 +17,8 @@
 BUILD_DEPENDS=	\
 	${SITE_PERL}/Date/Format.pm:${PORTSDIR}/devel/p5-TimeDate \
 	${SITE_PERL}/Date/Manip.pm:${PORTSDIR}/devel/p5-Date-Manip \
-	${SITE_PERL}/Date/Calc.pm:${PORTSDIR}/devel/p5-Date-Calc
+	${SITE_PERL}/Date/Calc.pm:${PORTSDIR}/devel/p5-Date-Calc \
+	${SITE_PERL}/File/Tail.pm:${PORTSDIR}/devel/p5-File-Tail
 RUN_DEPENDS:=	${BUILD_DEPENDS}
 
 PERL_CONFIGURE=	yes
Index: files/swatch.in
===================================================================
RCS file: /home/pcvs/ports/security/swatch/files/swatch.in,v
retrieving revision 1.7
diff -u -r1.7 swatch.in
--- files/swatch.in	14 Jan 2012 08:56:53 -0000	1.7
+++ files/swatch.in	26 Jan 2012 19:55:30 -0000
@@ -21,15 +21,20 @@
 
 name=swatch
 rcvar=swatch_enable
+# set some defaults
+: ${swatch_enable="NO"}
 
 command=%%PREFIX%%/bin/swatch
-procname=%%LOCALBASE%%/bin/perl
 
 load_rc_config ${name}
 
 if [ -n "${swatch_rules}" ]; then
     for i in ${swatch_rules}; do
 	eval swatch_flags=\$swatch_${i}_flags
+	len=`echo "0${command} ${swatch_flags} (perl)0" | wc -c`
+	if [ $len -ge 255 ];then
+	   procname=%%LOCALBASE%%/bin/perl
+	fi
 	eval swatch_user=\$swatch_${i}_user
 	eval swatch_chdir=\$swatch_${i}_chdir
 	eval pidfile=\$swatch_${i}_pidfile
--- swatch.patch ends here ---


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________  
  
>Release-Note:
>Audit-Trail:
>Unformatted: