From owner-svn-src-head@FreeBSD.ORG Mon Oct 22 10:20:33 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 76054FAD; Mon, 22 Oct 2012 10:20:33 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (unknown [IPv6:2001:610:1108:5012::107]) by mx1.freebsd.org (Postfix) with ESMTP id D397E8FC14; Mon, 22 Oct 2012 10:20:32 +0000 (UTC) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mx1.stack.nl (Postfix) with ESMTP id 4918C1203E8; Mon, 22 Oct 2012 12:20:29 +0200 (CEST) Received: by snail.stack.nl (Postfix, from userid 1677) id 3422F2848C; Mon, 22 Oct 2012 12:20:29 +0200 (CEST) Date: Mon, 22 Oct 2012 12:20:29 +0200 From: Jilles Tjoelker To: Eitan Adler Subject: Re: svn commit: r241830 - in head/usr.sbin/pkg_install: add create delete info lib updating version Message-ID: <20121022102028.GA11437@stack.nl> References: <201210220212.q9M2CKKP008069@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201210220212.q9M2CKKP008069@svn.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Oct 2012 10:20:33 -0000 On Mon, Oct 22, 2012 at 02:12:20AM +0000, Eitan Adler wrote: > Author: eadler > Date: Mon Oct 22 02:12:20 2012 > New Revision: 241830 > URL: http://svn.freebsd.org/changeset/base/241830 > Added: head/usr.sbin/pkg_install/lib/pkgng.c > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/usr.sbin/pkg_install/lib/pkgng.c Mon Oct 22 02:12:20 2012 (r241830) > @@ -0,0 +1,38 @@ > +/* > + * FreeBSD install - a package for the installation and maintenance > + * of non-core utilities. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + * notice, this list of conditions and the following disclaimer in the > + * documentation and/or other materials provided with the distribution. > + * > + * Eitan Adler > + * > + * detect pkgng's existence and warn > + * > + */ > + > +#include > +__FBSDID("$FreeBSD$"); > + > +#include "lib.h" > +#include > + > +void warnpkgng(void) { Style bug, the brace should be on a line by itself. > + char pkgngpath[MAXPATHLEN]; > + char *pkgngdir; > + > + pkgngdir = getenv("PKG_DBDIR"); > + if (pkgngdir == NULL) > + pkgngdir = "/var/db/pkg"; > + strcpy(pkgngpath, pkgngdir); > + strcat(pkgngpath, "/local.sqlite"); > + > + if (access(pkgngpath, F_OK) == 0) > + warnx("Don't use the pkg_ tools if you are using pkgng"); > +} There is a buffer overflow if $PKG_DBDIR is too long. Although the environment should be safe in pkg_*, I still don't like it. The easiest fix is to use asprintf(3), which also avoids hard-coding MAXPATHLEN or PATH_MAX. -- Jilles Tjoelker