Date: Wed, 20 Feb 2002 15:35:53 +0200 From: Maxim Sobolev <sobomax@FreeBSD.org> To: Peter Pentchev <roam@ringlet.net> Cc: audit@FreeBSD.org Subject: Re: [CFR] pkg_install/pkg_create fixes Message-ID: <3C73A639.11790DE9@FreeBSD.org> References: <20020220133933.D334@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Pentchev wrote: > > Hi, > > Today, while debugging a ftp/curl port install problem, I got the crazy > idea of trying a 'make -dl' to see exactly what and why was executed. > Of course, this was stupid, since make -dl outputs all the debug info > on stdout, which kind of messes up the output of the package-depends > and similar targets :) However, in the meantime, this uncovered two > minor problems with pkg_create(1). > > The first one was a skipped pointer initialization, possibly resulting > later in an uninitialized pointer dereference. When the depedencies' list > is built, empty strings are skipped - but space for them is still allocated, > and the corresponding pointers are not changed at all. This leads straight > into a segfault when sortdeps() tries to 'sort' those uninitialized strings. > > The second one is a minor sortdeps() problem - an off-by-one in looping over > the dependencies' list. Fortunately, the resulting null pointer dereference > is done in chkifdepends()'s snprintf(), which does not blow up, but simply > produces a nonexistent package dir name, so the situation here is somewhat > mitigated. Still, I don't think it would hurt to fix the off-by-one :) > > How to repeat? Simple: cd /usr/ports/ftp/curl && make -dl clean all install > You will easily notice the first problem, when sortdeps() hits the uninit'd > pointer resulting from `make -dl package-depends` containing two spaces > in a row. The second problem was the result of my misplacing the fault > for the first one. > > Thanks for reading this far :) The first patch is OK, but I do not see any point in the second one, because sortdeps() assumes that there are at least 2 packages in the **pkgs list, otherwise sorting is meaningless. However, if you feel like adding this anti foot shooting device - do it, though correct check at the beginning of the procedure should be as follows: if (pkgs[0] == NULL || pkgs[1] == NULL) return (0); -Maxim > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 > This inert sentence is my body, but my soul is alive, dancing in the sparks of your brain. > > Index: src/usr.sbin/pkg_install/create/perform.c > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/pkg_install/create/perform.c,v > retrieving revision 1.62 > diff -u -r1.62 perform.c > --- src/usr.sbin/pkg_install/create/perform.c 17 Jan 2002 10:51:39 -0000 1.62 > +++ src/usr.sbin/pkg_install/create/perform.c 20 Feb 2002 11:31:58 -0000 > @@ -130,7 +130,10 @@ > cp = strsep(&Pkgdeps, " \t\n"); > if (*cp) > deps[i] = cp; > + else > + i--; > } > + ndeps = i; > deps[ndeps] = NULL; > > sortdeps(deps); > Index: src/usr.sbin/pkg_install/lib/deps.c > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/pkg_install/lib/deps.c,v > retrieving revision 1.5 > diff -u -r1.5 deps.c > --- src/usr.sbin/pkg_install/lib/deps.c 10 Oct 2001 06:58:42 -0000 1.5 > +++ src/usr.sbin/pkg_install/lib/deps.c 20 Feb 2002 11:16:15 -0000 > @@ -41,7 +41,10 @@ > int i, j, loop_cnt; > int err_cnt = 0; > > - for (i = 0; pkgs[i]; i++) { > + if (pkgs[0] == NULL) > + return (0); > + > + for (i = 0; pkgs[i + 1] != NULL; i++) { > /* > * Check to see if any other package in pkgs[i+1:] depends > * on pkgs[i] and swap those two packages if so. > > ---------------------------------------------------------------------- > Part 1.2Type: application/pgp-signature To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C73A639.11790DE9>