Date: Wed, 20 Feb 2002 13:39:33 +0200 From: Peter Pentchev <roam@ringlet.net> To: Maxim Sobolev <sobomax@FreeBSD.org> Cc: audit@FreeBSD.org Subject: [CFR] pkg_install/pkg_create fixes Message-ID: <20020220133933.D334@straylight.oblivion.bg>
next in thread | raw e-mail | index | archive | help
--da4uJneut+ArUgXk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Today, while debugging a ftp/curl port install problem, I got the crazy idea of trying a 'make -dl' to see exactly what and why was executed. Of course, this was stupid, since make -dl outputs all the debug info on stdout, which kind of messes up the output of the package-depends and similar targets :) However, in the meantime, this uncovered two minor problems with pkg_create(1). The first one was a skipped pointer initialization, possibly resulting later in an uninitialized pointer dereference. When the depedencies' list is built, empty strings are skipped - but space for them is still allocated, and the corresponding pointers are not changed at all. This leads straight into a segfault when sortdeps() tries to 'sort' those uninitialized strings. The second one is a minor sortdeps() problem - an off-by-one in looping over the dependencies' list. Fortunately, the resulting null pointer dereference is done in chkifdepends()'s snprintf(), which does not blow up, but simply produces a nonexistent package dir name, so the situation here is somewhat mitigated. Still, I don't think it would hurt to fix the off-by-one :) How to repeat? Simple: cd /usr/ports/ftp/curl && make -dl clean all install You will easily notice the first problem, when sortdeps() hits the uninit'd pointer resulting from `make -dl package-depends` containing two spaces in a row. The second problem was the result of my misplacing the fault for the first one. Thanks for reading this far :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This inert sentence is my body, but my soul is alive, dancing in the sparks= of your brain. Index: src/usr.sbin/pkg_install/create/perform.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/usr.sbin/pkg_install/create/perform.c,v retrieving revision 1.62 diff -u -r1.62 perform.c --- src/usr.sbin/pkg_install/create/perform.c 17 Jan 2002 10:51:39 -0000 1.= 62 +++ src/usr.sbin/pkg_install/create/perform.c 20 Feb 2002 11:31:58 -0000 @@ -130,7 +130,10 @@ cp =3D strsep(&Pkgdeps, " \t\n"); if (*cp) deps[i] =3D cp; + else + i--; } + ndeps =3D i; deps[ndeps] =3D NULL; =20 sortdeps(deps); Index: src/usr.sbin/pkg_install/lib/deps.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/usr.sbin/pkg_install/lib/deps.c,v retrieving revision 1.5 diff -u -r1.5 deps.c --- src/usr.sbin/pkg_install/lib/deps.c 10 Oct 2001 06:58:42 -0000 1.5 +++ src/usr.sbin/pkg_install/lib/deps.c 20 Feb 2002 11:16:15 -0000 @@ -41,7 +41,10 @@ int i, j, loop_cnt; int err_cnt =3D 0; =20 - for (i =3D 0; pkgs[i]; i++) { + if (pkgs[0] =3D=3D NULL) + return (0); + + for (i =3D 0; pkgs[i + 1] !=3D NULL; i++) { /* * Check to see if any other package in pkgs[i+1:] depends * on pkgs[i] and swap those two packages if so. --da4uJneut+ArUgXk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjxzivUACgkQ7Ri2jRYZRVOlWwCeLLMMO6aoFlAyuou7uxxrOBr7 7QQAnRqsFi10uAPBRG3VZdryJ5f+Qrgm =eWi7 -----END PGP SIGNATURE----- --da4uJneut+ArUgXk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020220133933.D334>