From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Nov 6 10:40:01 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7DEE41065678; Thu, 6 Nov 2008 10:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 59E5E8FC18; Thu, 6 Nov 2008 10:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mA6Ae1H3036222; Thu, 6 Nov 2008 10:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mA6Ae1Va036221; Thu, 6 Nov 2008 10:40:01 GMT (envelope-from gnats) Resent-Date: Thu, 6 Nov 2008 10:40:01 GMT Resent-Message-Id: <200811061040.mA6Ae1Va036221@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Cc: miwi@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Eygene Ryabinkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B98410656A9 for ; Thu, 6 Nov 2008 10:39:36 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 2D9A18FC24 for ; Thu, 6 Nov 2008 10:39:36 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from amnesiac.at.no.dns (dns.ccsem.infn.it [192.135.15.3]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1Ky2H0-0000yb-H7 for FreeBSD-gnats-submit@freebsd.org; Thu, 06 Nov 2008 13:39:34 +0300 Received: by amnesiac.at.no.dns (Postfix, from userid 1001) id 5607C17112; Thu, 6 Nov 2008 13:39:33 +0300 (MSK) Message-Id: <20081106103933.5607C17112@amnesiac.at.no.dns> Date: Thu, 6 Nov 2008 13:39:33 +0300 (MSK) From: Eygene Ryabinkin To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 X-GNATS-Notify: miwi@FreeBSD.org Cc: Subject: ports/128640: [patch] x11/xfce4-datetime-plugin: fix use-after-free issue X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2008 10:40:01 -0000 >Number: 128640 >Category: ports >Synopsis: [patch] x11/xfce4-datetime-plugin: fix use-after-free issue >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 06 10:40:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: Code Labs >Environment: System: FreeBSD XXX 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #17: Thu Nov 6 12:14:18 MSK 2008 root@XXX:/usr/obj/usr/src/sys/XXX amd64 >Description: There is use-after-free issue for the xfce-datetime-plugin 0.6.0: http://bugzilla.xfce.org/show_bug.cgi?id=4562 It was already fixed in the trunk, but it is unknown when the release will happen: developer said "I'll do a new release when I have the time". Since the issue makes the plugin fairly unusable, I think it is worth to patch the FreeBSD port just now, not waiting for the release itself. >How-To-Repeat: The problem shows up only on my 7.1/amd64 (for 7.1/i386) all is fine. Just spawn the plugin when configuration was already created and it will show 'Invalid format' as the date and time and line full of junk as the configuration items. >Fix: The following patch should do the trick: --- 0.6.0-fix-access-after-free.patch begins here --- diff -urN ./Makefile ../xfce4-datetime-plugin/Makefile --- ./Makefile 2008-11-06 13:29:15.000000000 +0300 +++ ../xfce4-datetime-plugin/Makefile 2008-11-06 13:29:44.000000000 +0300 @@ -7,6 +7,7 @@ PORTNAME= xfce4-datetime-plugin PORTVERSION= 0.6.0 +PORTREVISION= 1 CATEGORIES= x11-clocks xfce MASTER_SITES= http://goodies.xfce.org/releases/${PORTNAME}/ DIST_SUBDIR= xfce4 diff -urN ./files/patch-g_strdup-before-closing-rc ../xfce4-datetime-plugin/files/patch-g_strdup-before-closing-rc --- ./files/patch-g_strdup-before-closing-rc 1970-01-01 03:00:00.000000000 +0300 +++ ../xfce4-datetime-plugin/files/patch-g_strdup-before-closing-rc 2008-11-06 13:30:11.000000000 +0300 @@ -0,0 +1,35 @@ +Synopsis: Fix memory access after free +Index: datetime.c +Obtained via SVN from: http://svn.xfce.org/svn/goodies/xfce4-datetime-plugin/trunk/panel-plugin +See also: http://svn.xfce.org/index.cgi/xfce-goodies/diff/xfce4-datetime-plugin/trunk/panel-plugin/datetime.c?revs=5484&revs=5007 +=================================================================== +--- panel-plugin/datetime.c (revision 5483) ++++ panel-plugin/datetime.c (revision 5484) +@@ -595,7 +595,7 @@ + static void datetime_read_rc_file(XfcePanelPlugin *plugin, t_datetime *dt) + { + gchar *file; +- XfceRc *rc; ++ XfceRc *rc = NULL; + t_layout layout; + const gchar *date_font, *time_font, *date_format, *time_format; + +@@ -619,8 +619,6 @@ + time_font = xfce_rc_read_entry(rc, "time_font", time_font); + date_format = xfce_rc_read_entry(rc, "date_format", date_format); + time_format = xfce_rc_read_entry(rc, "time_format", time_format); +- +- xfce_rc_close(rc); + } + } + +@@ -629,6 +627,9 @@ + date_format = g_strdup(date_format); + time_format = g_strdup(time_format); + ++ if(rc != NULL) ++ xfce_rc_close(rc); ++ + /* set values in dt struct */ + datetime_apply_layout(dt, layout); + datetime_apply_font(dt, date_font, time_font); --- 0.6.0-fix-access-after-free.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: