On Fri, 07 Jun 2013, Joseph Walsh wrote: > Hello, > > Recently we did a static code analysis of the IGMP proxy > code, and we believe we've found a bug in one of the modules. We'd like to > send the fix upstream; please find attached our patch for the bug. > > The bug is a problem with memory management on line 244 of the config.c > module. A buffer is allocated that is always one byte too small for the data > that is placed in it. > > Thanks for your work with the IGMP proxy. > > Regards, > > Joe Walsh > > -- > genua > Gesellschaft fuer Netzwerk- und Unix-Administration mbH > Domagkstrasse 7, 85551 Kirchheim bei Muenchen > tel +49 89 991950-0, fax -999, www.genua.de > Geschaeftsfuehrer: Dr. Magnus Harlander, Dr. Michaela Harlander, > Bernhard Schneck. Amtsgericht Muenchen HRB 98238
> --- config.c Mon Jun 3 16:16:30 2013 > +++ config.c Mon Jun 3 18:44:21 2013 > @@ -241,11 +241,10 @@ > tmpPtr->allowednets = NULL; > > // Make a copy of the token to store the IF name > - tmpPtr->name = (char *)malloc( sizeof(char) * strlen(token) ); > + tmpPtr->name = strdup(token); > if(tmpPtr->name == NULL) { > log(LOG_ERR, 0, "Out of memory."); > } > - strcpy(tmpPtr->name, token); > > // Set the altnet pointer to the allowednets pointer. > anetPtr = &tmpPtr->allowednets; Thanks. Here's the port diff: Index: Makefile =================================================================== RCS file: /cvs/ports/net/igmpproxy/Makefile,v retrieving revision 1.8 diff -u -p -u -p -r1.8 Makefile --- Makefile 11 Mar 2013 11:35:47 -0000 1.8 +++ Makefile 7 Jun 2013 14:10:53 -0000 @@ -5,7 +5,7 @@ COMMENT = Multicast router utilizing IGM VERSION = 0.1-beta2 DISTNAME = igmpproxy-src-${VERSION} PKGNAME = igmpproxy-${VERSION:S/-beta/b/} -REVISION = 3 +REVISION = 4 CATEGORIES = net MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=igmpproxy/} Index: patches/patch-config_c =================================================================== RCS file: /cvs/ports/net/igmpproxy/patches/patch-config_c,v retrieving revision 1.1.1.1 diff -u -p -u -p -r1.1.1.1 patch-config_c --- patches/patch-config_c 8 Feb 2008 19:30:52 -0000 1.1.1.1 +++ patches/patch-config_c 7 Jun 2013 14:10:53 -0000 @@ -1,7 +1,20 @@ $OpenBSD: patch-config_c,v 1.1.1.1 2008/02/08 19:30:52 sthen Exp $ ---- config.c.orig Tue May 24 16:49:29 2005 -+++ config.c Fri Jan 25 14:05:44 2008 -@@ -328,29 +328,18 @@ struct vifconfig *parsePhyintToken() { +--- config.c.orig Tue May 24 17:49:29 2005 ++++ config.c Fri Jun 7 16:08:11 2013 +@@ -241,11 +241,10 @@ struct vifconfig *parsePhyintToken() { + tmpPtr->allowednets = NULL; + + // Make a copy of the token to store the IF name +- tmpPtr->name = (char *)malloc( sizeof(char) * strlen(token) ); ++ tmpPtr->name = strdup(token); + if(tmpPtr->name == NULL) { + log(LOG_ERR, 0, "Out of memory."); + } +- strcpy(tmpPtr->name, token); + + // Set the altnet pointer to the allowednets pointer. + anetPtr = &tmpPtr->allowednets; +@@ -328,29 +327,18 @@ struct vifconfig *parsePhyintToken() { */ struct SubnetList *parseSubnetAddress(char *addrstr) { struct SubnetList *tmpSubnet;