From owner-freebsd-audit Wed Feb 20 5:36:38 2002 Delivered-To: freebsd-audit@freebsd.org Received: from alcatraz.iptelecom.net.ua (alcatraz.iptelecom.net.ua [212.9.224.15]) by hub.freebsd.org (Postfix) with ESMTP id 7954D37B404 for ; Wed, 20 Feb 2002 05:36:31 -0800 (PST) Received: from ipcard.iptcom.net (ipcard.iptcom.net [212.9.224.5]) by alcatraz.iptelecom.net.ua (8.9.3/8.9.3) with ESMTP id PAA65877; Wed, 20 Feb 2002 15:36:05 +0200 (EET) (envelope-from sobomax@FreeBSD.org) Received: from vega.vega.com (h93.229.dialup.iptcom.net [212.9.229.93]) by ipcard.iptcom.net (8.9.3/8.9.3) with ESMTP id PAA60856; Wed, 20 Feb 2002 15:35:58 +0200 (EET) (envelope-from sobomax@FreeBSD.org) Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vega.vega.com (8.11.6/8.11.3) with ESMTP id g1KDZOX25438; Wed, 20 Feb 2002 15:35:24 +0200 (EET) (envelope-from sobomax@FreeBSD.org) Message-ID: <3C73A639.11790DE9@FreeBSD.org> Date: Wed, 20 Feb 2002 15:35:53 +0200 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en,uk,ru MIME-Version: 1.0 To: Peter Pentchev Cc: audit@FreeBSD.org Subject: Re: [CFR] pkg_install/pkg_create fixes References: <20020220133933.D334@straylight.oblivion.bg> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Peter Pentchev wrote: > > Hi, > > Today, while debugging a ftp/curl port install problem, I got the crazy > idea of trying a 'make -dl' to see exactly what and why was executed. > Of course, this was stupid, since make -dl outputs all the debug info > on stdout, which kind of messes up the output of the package-depends > and similar targets :) However, in the meantime, this uncovered two > minor problems with pkg_create(1). > > The first one was a skipped pointer initialization, possibly resulting > later in an uninitialized pointer dereference. When the depedencies' list > is built, empty strings are skipped - but space for them is still allocated, > and the corresponding pointers are not changed at all. This leads straight > into a segfault when sortdeps() tries to 'sort' those uninitialized strings. > > The second one is a minor sortdeps() problem - an off-by-one in looping over > the dependencies' list. Fortunately, the resulting null pointer dereference > is done in chkifdepends()'s snprintf(), which does not blow up, but simply > produces a nonexistent package dir name, so the situation here is somewhat > mitigated. Still, I don't think it would hurt to fix the off-by-one :) > > How to repeat? Simple: cd /usr/ports/ftp/curl && make -dl clean all install > You will easily notice the first problem, when sortdeps() hits the uninit'd > pointer resulting from `make -dl package-depends` containing two spaces > in a row. The second problem was the result of my misplacing the fault > for the first one. > > Thanks for reading this far :) The first patch is OK, but I do not see any point in the second one, because sortdeps() assumes that there are at least 2 packages in the **pkgs list, otherwise sorting is meaningless. However, if you feel like adding this anti foot shooting device - do it, though correct check at the beginning of the procedure should be as follows: if (pkgs[0] == NULL || pkgs[1] == NULL) return (0); -Maxim > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 > This inert sentence is my body, but my soul is alive, dancing in the sparks of your brain. > > Index: src/usr.sbin/pkg_install/create/perform.c > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/pkg_install/create/perform.c,v > retrieving revision 1.62 > diff -u -r1.62 perform.c > --- src/usr.sbin/pkg_install/create/perform.c 17 Jan 2002 10:51:39 -0000 1.62 > +++ src/usr.sbin/pkg_install/create/perform.c 20 Feb 2002 11:31:58 -0000 > @@ -130,7 +130,10 @@ > cp = strsep(&Pkgdeps, " \t\n"); > if (*cp) > deps[i] = cp; > + else > + i--; > } > + ndeps = i; > deps[ndeps] = NULL; > > sortdeps(deps); > Index: src/usr.sbin/pkg_install/lib/deps.c > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/pkg_install/lib/deps.c,v > retrieving revision 1.5 > diff -u -r1.5 deps.c > --- src/usr.sbin/pkg_install/lib/deps.c 10 Oct 2001 06:58:42 -0000 1.5 > +++ src/usr.sbin/pkg_install/lib/deps.c 20 Feb 2002 11:16:15 -0000 > @@ -41,7 +41,10 @@ > int i, j, loop_cnt; > int err_cnt = 0; > > - for (i = 0; pkgs[i]; i++) { > + if (pkgs[0] == NULL) > + return (0); > + > + for (i = 0; pkgs[i + 1] != NULL; i++) { > /* > * Check to see if any other package in pkgs[i+1:] depends > * on pkgs[i] and swap those two packages if so. > > ---------------------------------------------------------------------- > Part 1.2Type: application/pgp-signature To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message