Date: Sun, 22 Nov 2020 22:08:38 +0000 (UTC) From: Joe Marcus Clarke <marcus@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r556076 - in head/net/netatalk3: . files Message-ID: <202011222208.0AMM8cWi086558@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: marcus Date: Sun Nov 22 22:08:38 2020 New Revision: 556076 URL: https://svnweb.freebsd.org/changeset/ports/556076 Log: Fix two memory corruption crashes. * Use-after-free in afpd's Time Machine Code [1] * Memory overrun in extended attributes [2] PR: 251203 [1] 244191 [2] Submitted by: Jose Quinteiro <freebsd@quinteiro.org> Added: head/net/netatalk3/files/patch-etc_afpd_volume.c (contents, props changed) head/net/netatalk3/files/patch-libatalk_vfs_extattr.c (contents, props changed) Modified: head/net/netatalk3/Makefile Modified: head/net/netatalk3/Makefile ============================================================================== --- head/net/netatalk3/Makefile Sun Nov 22 22:04:31 2020 (r556075) +++ head/net/netatalk3/Makefile Sun Nov 22 22:08:38 2020 (r556076) @@ -3,7 +3,7 @@ PORTNAME= netatalk PORTVERSION= 3.1.12 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= net MASTER_SITES= SF Added: head/net/netatalk3/files/patch-etc_afpd_volume.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/netatalk3/files/patch-etc_afpd_volume.c Sun Nov 22 22:08:38 2020 (r556076) @@ -0,0 +1,20 @@ +--- etc/afpd/volume.c.orig 2020-11-17 04:41:20 UTC ++++ etc/afpd/volume.c +@@ -183,6 +183,7 @@ static int get_tm_used(struct vol * restrict vol) + + if ((bandsize = get_tm_bandsize(cfrombstr(infoplist))) == -1) { + bdestroy(infoplist); ++ infoplist = NULL; + continue; + } + +@@ -190,7 +191,9 @@ static int get_tm_used(struct vol * restrict vol) + + if ((links = get_tm_bands(cfrombstr(bandsdir))) == -1) { + bdestroy(infoplist); ++ infoplist = NULL; + bdestroy(bandsdir); ++ bandsdir = NULL; + continue; + } + Added: head/net/netatalk3/files/patch-libatalk_vfs_extattr.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/netatalk3/files/patch-libatalk_vfs_extattr.c Sun Nov 22 22:08:38 2020 (r556076) @@ -0,0 +1,19 @@ +--- libatalk/vfs/extattr.c 2020-11-17 04:20:13 UTC ++++ libatalk/vfs/extattr.c +@@ -353,13 +353,13 @@ static ssize_t bsd_attr_list (int type, extattr_arg ar + } + + /* Convert from pascal strings to C strings */ +- len = list[0]; +- memmove(list, list + 1, list_size); ++ len = (unsigned char)list[0]; ++ memmove(list, list + 1, list_size - 1); + + for(i = len; i < list_size; ) { + LOG(log_maxdebug, logtype_afpd, "len: %d, i: %d", len, i); + +- len = list[i]; ++ len = (unsigned char)list[i]; + list[i] = '\0'; + i += len + 1; + }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202011222208.0AMM8cWi086558>