From owner-freebsd-audit  Wed Feb 20  4: 0:16 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from straylight.ringlet.net (discworld.nanolink.com [217.75.135.248])
	by hub.freebsd.org (Postfix) with SMTP id 690D537B404
	for <audit@FreeBSD.org>; Wed, 20 Feb 2002 04:00:04 -0800 (PST)
Received: (qmail 88308 invoked by uid 1000); 20 Feb 2002 11:39:33 -0000
Date: Wed, 20 Feb 2002 13:39:33 +0200
From: Peter Pentchev <roam@ringlet.net>
To: Maxim Sobolev <sobomax@FreeBSD.org>
Cc: audit@FreeBSD.org
Subject: [CFR] pkg_install/pkg_create fixes
Message-ID: <20020220133933.D334@straylight.oblivion.bg>
Mail-Followup-To: Maxim Sobolev <sobomax@FreeBSD.org>,
	audit@FreeBSD.org
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="da4uJneut+ArUgXk"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG


--da4uJneut+ArUgXk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

Today, while debugging a ftp/curl port install problem, I got the crazy
idea of trying a 'make -dl' to see exactly what and why was executed.
Of course, this was stupid, since make -dl outputs all the debug info
on stdout, which kind of messes up the output of the package-depends
and similar targets :)  However, in the meantime, this uncovered two
minor problems with pkg_create(1).

The first one was a skipped pointer initialization, possibly resulting
later in an uninitialized pointer dereference.  When the depedencies' list
is built, empty strings are skipped - but space for them is still allocated,
and the corresponding pointers are not changed at all.  This leads straight
into a segfault when sortdeps() tries to 'sort' those uninitialized strings.

The second one is a minor sortdeps() problem - an off-by-one in looping over
the dependencies' list.  Fortunately, the resulting null pointer dereference
is done in chkifdepends()'s snprintf(), which does not blow up, but simply
produces a nonexistent package dir name, so the situation here is somewhat
mitigated.  Still, I don't think it would hurt to fix the off-by-one :)

How to repeat?  Simple: cd /usr/ports/ftp/curl && make -dl clean all install
You will easily notice the first problem, when sortdeps() hits the uninit'd
pointer resulting from `make -dl package-depends` containing two spaces
in a row.  The second problem was the result of my misplacing the fault
for the first one.

Thanks for reading this far :)

G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This inert sentence is my body, but my soul is alive, dancing in the sparks=
 of your brain.

Index: src/usr.sbin/pkg_install/create/perform.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/usr.sbin/pkg_install/create/perform.c,v
retrieving revision 1.62
diff -u -r1.62 perform.c
--- src/usr.sbin/pkg_install/create/perform.c	17 Jan 2002 10:51:39 -0000	1.=
62
+++ src/usr.sbin/pkg_install/create/perform.c	20 Feb 2002 11:31:58 -0000
@@ -130,7 +130,10 @@
 		cp =3D strsep(&Pkgdeps, " \t\n");
 		if (*cp)
 		    deps[i] =3D cp;
+		else
+		    i--;
 	    }
+	    ndeps =3D i;
 	    deps[ndeps] =3D NULL;
=20
 	    sortdeps(deps);
Index: src/usr.sbin/pkg_install/lib/deps.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/usr.sbin/pkg_install/lib/deps.c,v
retrieving revision 1.5
diff -u -r1.5 deps.c
--- src/usr.sbin/pkg_install/lib/deps.c	10 Oct 2001 06:58:42 -0000	1.5
+++ src/usr.sbin/pkg_install/lib/deps.c	20 Feb 2002 11:16:15 -0000
@@ -41,7 +41,10 @@
     int i, j, loop_cnt;
     int err_cnt =3D 0;
=20
-    for (i =3D 0; pkgs[i]; i++) {
+    if (pkgs[0] =3D=3D NULL)
+	    return (0);
+
+    for (i =3D 0; pkgs[i + 1] !=3D NULL; i++) {
 	/*
 	 * Check to see if any other package in pkgs[i+1:] depends
 	 * on pkgs[i] and swap those two packages if so.

--da4uJneut+ArUgXk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjxzivUACgkQ7Ri2jRYZRVOlWwCeLLMMO6aoFlAyuou7uxxrOBr7
7QQAnRqsFi10uAPBRG3VZdryJ5f+Qrgm
=eWi7
-----END PGP SIGNATURE-----

--da4uJneut+ArUgXk--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message