Date: Mon, 13 Jun 2005 20:05:07 +0300 From: Vasil Dimov <vd@datamax.bg> To: FreeBSD-gnats-submit@FreeBSD.org Cc: roam@FreeBSD.org Subject: ports/82202: [patch] solve security/stunnel's ucontext(3) issue Message-ID: <20050613170507.GA50676@sinanica.bg.datamax> Resent-Message-ID: <200506131710.j5DHANea097728@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 82202 >Category: ports >Synopsis: [patch] solve security/stunnel's ucontext(3) issue >Confidential: no >Severity: non-critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 13 17:10:23 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Vasil Dimov >Release: FreeBSD 5.4-STABLE i386 >Organization: DataMax >Environment: >Description: This patch fixes the ucontext(3) issue in security/stunnel, described and discussed in: http://lists.FreeBSD.org/pipermail/freebsd-ports/2005-May/023344.html http://www.FreeBSD.org/cgi/query-pr.cgi?pr=81001 http://www.FreeBSD.org/cgi/query-pr.cgi?pr=81162 http://www.FreeBSD.org/cgi/query-pr.cgi?pr=81289 The actual problem is that stunnel tries to reuse its initially prepared cleanup context. This technique does not work with FreeBSD. The fix introduced in this patch reinitializes the cleanup context every time it is going to be used. >How-To-Repeat: >Fix: --- stunnel_ucontext.diff begins here --- diff -urN stunnel.orig/Makefile stunnel/Makefile --- stunnel.orig/Makefile Mon Jun 13 19:45:30 2005 +++ stunnel/Makefile Mon Jun 13 19:31:55 2005 @@ -7,7 +7,7 @@ PORTNAME= stunnel PORTVERSION= 4.10 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \ ftp://stunnel.mirt.net/stunnel/OBSOLETE/ \ diff -urN stunnel.orig/files/patch-ucontext_src::network.c.diff stunnel/files/patch-ucontext_src::network.c.diff --- stunnel.orig/files/patch-ucontext_src::network.c.diff Thu Jan 1 02:00:00 1970 +++ stunnel/files/patch-ucontext_src::network.c.diff Mon Jun 13 19:13:34 2005 @@ -0,0 +1,10 @@ +--- src/network.c.orig Mon Jun 13 18:57:42 2005 ++++ src/network.c Mon Jun 13 19:10:55 2005 +@@ -209,6 +209,7 @@ + + /* switch the context */ + if(fds) { /* swap the context */ ++ rewind_ctx_cleanup(ready_head); + swapcontext(&ctx->ctx, &ready_head->ctx); + return ready_head->ready; + } else { /* drop the context */ diff -urN stunnel.orig/files/patch-ucontext_src::prototypes.h.diff stunnel/files/patch-ucontext_src::prototypes.h.diff --- stunnel.orig/files/patch-ucontext_src::prototypes.h.diff Thu Jan 1 02:00:00 1970 +++ stunnel/files/patch-ucontext_src::prototypes.h.diff Mon Jun 13 19:14:23 2005 @@ -0,0 +1,10 @@ +--- src/prototypes.h.orig Mon Jun 13 18:57:23 2005 ++++ src/prototypes.h Mon Jun 13 19:09:59 2005 +@@ -327,6 +327,7 @@ + } CONTEXT; + extern CONTEXT *ready_head, *ready_tail; + extern CONTEXT *waiting_head, *waiting_tail; ++void rewind_ctx_cleanup(CONTEXT *ctx); + #endif + #ifdef DEBUG_STACK_SIZE + void stack_info(int); diff -urN stunnel.orig/files/patch-ucontext_src::sthreads.c.diff stunnel/files/patch-ucontext_src::sthreads.c.diff --- stunnel.orig/files/patch-ucontext_src::sthreads.c.diff Thu Jan 1 02:00:00 1970 +++ stunnel/files/patch-ucontext_src::sthreads.c.diff Mon Jun 13 19:17:08 2005 @@ -0,0 +1,18 @@ +--- src/sthreads.c.orig Mon Jun 13 18:57:08 2005 ++++ src/sthreads.c Mon Jun 13 19:17:04 2005 +@@ -66,6 +66,15 @@ + s_poll_wait(NULL, 0); /* wait on poll() */ + } + ++/* ++ * Reinitialize cleanup context to make it reusable ++ * This is necessary at least on FreeBSD 5.4 ++ */ ++void rewind_ctx_cleanup(CONTEXT *ctx) { ++ if (ctx->ctx.uc_link == &ctx_cleanup) ++ makecontext(&ctx_cleanup, ctx_cleanup_func, 0); ++} ++ + static CONTEXT *new_context(void) { + CONTEXT *ctx; + --- stunnel_ucontext.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050613170507.GA50676>