Date: Mon, 22 Oct 2012 12:20:29 +0200 From: Jilles Tjoelker <jilles@stack.nl> To: Eitan Adler <eadler@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r241830 - in head/usr.sbin/pkg_install: add create delete info lib updating version Message-ID: <20121022102028.GA11437@stack.nl> In-Reply-To: <201210220212.q9M2CKKP008069@svn.freebsd.org> References: <201210220212.q9M2CKKP008069@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 22, 2012 at 02:12:20AM +0000, Eitan Adler wrote: > Author: eadler > Date: Mon Oct 22 02:12:20 2012 > New Revision: 241830 > URL: http://svn.freebsd.org/changeset/base/241830 > Added: head/usr.sbin/pkg_install/lib/pkgng.c > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/usr.sbin/pkg_install/lib/pkgng.c Mon Oct 22 02:12:20 2012 (r241830) > @@ -0,0 +1,38 @@ > +/* > + * FreeBSD install - a package for the installation and maintenance > + * of non-core utilities. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + * notice, this list of conditions and the following disclaimer in the > + * documentation and/or other materials provided with the distribution. > + * > + * Eitan Adler > + * > + * detect pkgng's existence and warn > + * > + */ > + > +#include <sys/cdefs.h> > +__FBSDID("$FreeBSD$"); > + > +#include "lib.h" > +#include <err.h> > + > +void warnpkgng(void) { Style bug, the brace should be on a line by itself. > + char pkgngpath[MAXPATHLEN]; > + char *pkgngdir; > + > + pkgngdir = getenv("PKG_DBDIR"); > + if (pkgngdir == NULL) > + pkgngdir = "/var/db/pkg"; > + strcpy(pkgngpath, pkgngdir); > + strcat(pkgngpath, "/local.sqlite"); > + > + if (access(pkgngpath, F_OK) == 0) > + warnx("Don't use the pkg_ tools if you are using pkgng"); > +} There is a buffer overflow if $PKG_DBDIR is too long. Although the environment should be safe in pkg_*, I still don't like it. The easiest fix is to use asprintf(3), which also avoids hard-coding MAXPATHLEN or PATH_MAX. -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121022102028.GA11437>