Date: Thu, 29 Apr 2021 10:50:35 GMT From: Alexey Dokuchaev <danfe@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 92606b55b47c - main - net-mgmt/wmi-client: backport three fixes to nbtsocket.c from upstream to address some known issues with the port, namely: Message-ID: <202104291050.13TAoZT5059724@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by danfe: URL: https://cgit.FreeBSD.org/ports/commit/?id=92606b55b47cb4b6ad025638171123a4c0193565 commit 92606b55b47cb4b6ad025638171123a4c0193565 Author: Alexey Dokuchaev <danfe@FreeBSD.org> AuthorDate: 2021-04-29 10:48:02 +0000 Commit: Alexey Dokuchaev <danfe@FreeBSD.org> CommitDate: 2021-04-29 10:48:06 +0000 net-mgmt/wmi-client: backport three fixes to nbtsocket.c from upstream to address some known issues with the port, namely: - Prevent segmentation fault in certain scenarios - Fix busy loop on empty UDP packet (CVE-2020-14303) - Plug memory leak in nbt_name_request_destructor() While here, remove needless .include <bsd.port.options.mk> and vocalize the installation command. Commits: ebab6d6, 3cc0f1e Obtained from: https://git.samba.org/?p=samba.git;a=history;f=libcli/nbt/nbtsocket.c PR: 237038 --- net-mgmt/wmi-client/Makefile | 6 +- .../patch-Samba_source_libcli_nbt_nbtsocket.c | 82 ++++++++++++++++++++++ 2 files changed, 84 insertions(+), 4 deletions(-) diff --git a/net-mgmt/wmi-client/Makefile b/net-mgmt/wmi-client/Makefile index ea482fa4d359..2e8bca37b793 100644 --- a/net-mgmt/wmi-client/Makefile +++ b/net-mgmt/wmi-client/Makefile @@ -2,7 +2,7 @@ PORTNAME= wmi PORTVERSION= 1.3.16 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= net-mgmt MASTER_SITES= http://dev.zenoss.org/trac/export/26435/trunk/inst/externallibs/ \ http://www.openvas.org/download/wmi/ \ @@ -21,11 +21,9 @@ ALL_TARGET= build PROGS= bin/wmic bin/winexe -.include <bsd.port.options.mk> - do-install: .for x in ${PROGS} - @${INSTALL_PROGRAM} ${WRKSRC}/Samba/source/${x} ${STAGEDIR}${PREFIX}/${x} + ${INSTALL_PROGRAM} ${WRKSRC}/Samba/source/${x} ${STAGEDIR}${PREFIX}/${x} .endfor .include <bsd.port.mk> diff --git a/net-mgmt/wmi-client/files/patch-Samba_source_libcli_nbt_nbtsocket.c b/net-mgmt/wmi-client/files/patch-Samba_source_libcli_nbt_nbtsocket.c new file mode 100644 index 000000000000..524e57a2c437 --- /dev/null +++ b/net-mgmt/wmi-client/files/patch-Samba_source_libcli_nbt_nbtsocket.c @@ -0,0 +1,82 @@ +--- Samba/source/libcli/nbt/nbtsocket.c.orig 2011-11-22 22:40:25 UTC ++++ Samba/source/libcli/nbt/nbtsocket.c +@@ -45,6 +45,7 @@ static int nbt_name_request_destructor(struct nbt_name + req->name_trn_id = 0; + } + if (req->te) { ++ talloc_free(req->te); + req->te = NULL; + } + if (req->nbtsock->send_queue == NULL) { +@@ -168,8 +169,23 @@ static void nbt_name_socket_recv(struct nbt_name_socke + return; + } + ++ /* ++ * Given a zero length, data_blob_talloc() returns the ++ * NULL blob {NULL, 0}. ++ * ++ * We only want to error return here on a real out of memory condition ++ * (i.e. dsize != 0, so the UDP packet has data, but the return of the ++ * allocation failed, so blob.data==NULL). ++ * ++ * Given an actual zero length UDP packet having blob.data == NULL ++ * isn't an out of memory error condition, that's the defined semantics ++ * of data_blob_talloc() when asked for zero bytes. ++ * ++ * We still need to continue to do the zero-length socket_recvfrom() ++ * read in order to clear the "read pending" condition on the socket. ++ */ + blob = data_blob_talloc(tmp_ctx, NULL, dsize); +- if (blob.data == NULL) { ++ if (blob.data == NULL && dsize != 0) { + talloc_free(tmp_ctx); + return; + } +@@ -226,6 +242,16 @@ static void nbt_name_socket_recv(struct nbt_name_socke + return; + } + ++ talloc_steal(req, packet); ++ talloc_steal(req, src); ++ talloc_free(tmp_ctx); ++ nbt_name_socket_handle_response_packet(req, packet, src); ++} ++ ++void nbt_name_socket_handle_response_packet(struct nbt_name_request *req, ++ struct nbt_name_packet *packet, ++ struct socket_address *src) ++{ + /* if this is a WACK response, this we need to go back to waiting, + but perhaps increase the timeout */ + if ((packet->operation & NBT_OPCODE) == NBT_OPCODE_WACK) { +@@ -246,7 +272,6 @@ static void nbt_name_socket_recv(struct nbt_name_socke + req->te = event_add_timed(req->nbtsock->event_ctx, req, + timeval_current_ofs(req->timeout, 0), + nbt_name_socket_timeout, req); +- talloc_free(tmp_ctx); + return; + } + +@@ -268,7 +293,6 @@ static void nbt_name_socket_recv(struct nbt_name_socke + /* if we don't want multiple replies then we are done */ + if (req->allow_multiple_replies && + req->num_replies < NBT_MAX_REPLIES) { +- talloc_free(tmp_ctx); + return; + } + +@@ -278,13 +302,11 @@ static void nbt_name_socket_recv(struct nbt_name_socke + + done: + if (DEBUGLVL(9)) { +- talloc_report(tmp_ctx, stdout); + talloc_report(req, stdout); + } + if (req->async.fn) { + req->async.fn(req); + } +- talloc_free(tmp_ctx); + } + + /*home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104291050.13TAoZT5059724>