On Fri, 07 Jun 2013, Joseph Walsh wrote:
> Hello,
>
> Recently we did a static code analysis of the IGMP proxy
> code, and we believe we've found a bug in one of the modules. We'd like to
> send the fix upstream; please find attached our patch for the bug.
>
> The bug is a problem with memory management on line 244 of the config.c
> module. A buffer is allocated that is always one byte too small for the data
> that is placed in it.
>
> Thanks for your work with the IGMP proxy.
>
> Regards,
>
> Joe Walsh
>
> --
> genua
> Gesellschaft fuer Netzwerk- und Unix-Administration mbH
> Domagkstrasse 7, 85551 Kirchheim bei Muenchen
> tel +49 89 991950-0, fax -999, www.genua.de
> Geschaeftsfuehrer: Dr. Magnus Harlander, Dr. Michaela Harlander,
> Bernhard Schneck. Amtsgericht Muenchen HRB 98238
> --- config.c Mon Jun 3 16:16:30 2013
> +++ config.c Mon Jun 3 18:44:21 2013
> @@ -241,11 +241,10 @@
> tmpPtr->allowednets = NULL;
>
> // Make a copy of the token to store the IF name
> - tmpPtr->name = (char *)malloc( sizeof(char) * strlen(token) );
> + tmpPtr->name = strdup(token);
> if(tmpPtr->name == NULL) {
> log(LOG_ERR, 0, "Out of memory.");
> }
> - strcpy(tmpPtr->name, token);
>
> // Set the altnet pointer to the allowednets pointer.
> anetPtr = &tmpPtr->allowednets;
Thanks.
Here's the port diff:
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/igmpproxy/Makefile,v
retrieving revision 1.8
diff -u -p -u -p -r1.8 Makefile
--- Makefile 11 Mar 2013 11:35:47 -0000 1.8
+++ Makefile 7 Jun 2013 14:10:53 -0000
@@ -5,7 +5,7 @@ COMMENT = Multicast router utilizing IGM
VERSION = 0.1-beta2
DISTNAME = igmpproxy-src-${VERSION}
PKGNAME = igmpproxy-${VERSION:S/-beta/b/}
-REVISION = 3
+REVISION = 4
CATEGORIES = net
MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=igmpproxy/}
Index: patches/patch-config_c
===================================================================
RCS file: /cvs/ports/net/igmpproxy/patches/patch-config_c,v
retrieving revision 1.1.1.1
diff -u -p -u -p -r1.1.1.1 patch-config_c
--- patches/patch-config_c 8 Feb 2008 19:30:52 -0000 1.1.1.1
+++ patches/patch-config_c 7 Jun 2013 14:10:53 -0000
@@ -1,7 +1,20 @@
$OpenBSD: patch-config_c,v 1.1.1.1 2008/02/08 19:30:52 sthen Exp $
---- config.c.orig Tue May 24 16:49:29 2005
-+++ config.c Fri Jan 25 14:05:44 2008
-@@ -328,29 +328,18 @@ struct vifconfig *parsePhyintToken() {
+--- config.c.orig Tue May 24 17:49:29 2005
++++ config.c Fri Jun 7 16:08:11 2013
+@@ -241,11 +241,10 @@ struct vifconfig *parsePhyintToken() {
+ tmpPtr->allowednets = NULL;
+
+ // Make a copy of the token to store the IF name
+- tmpPtr->name = (char *)malloc( sizeof(char) * strlen(token) );
++ tmpPtr->name = strdup(token);
+ if(tmpPtr->name == NULL) {
+ log(LOG_ERR, 0, "Out of memory.");
+ }
+- strcpy(tmpPtr->name, token);
+
+ // Set the altnet pointer to the allowednets pointer.
+ anetPtr = &tmpPtr->allowednets;
+@@ -328,29 +327,18 @@ struct vifconfig *parsePhyintToken() {
*/
struct SubnetList *parseSubnetAddress(char *addrstr) {
struct SubnetList *tmpSubnet;
