diff options
| author | Joe Marcus Clarke <marcus@FreeBSD.org> | 2020-11-22 22:08:38 +0000 |
|---|---|---|
| committer | Joe Marcus Clarke <marcus@FreeBSD.org> | 2020-11-22 22:08:38 +0000 |
| commit | 0c1b18d2bd6211dd2c6cc3f3b9f85b2a9b60cb77 (patch) | |
| tree | f31af51c53f85682cf96750679a17e09d2c94bf6 | |
| parent | Update to 0.6.12 (diff) | |
Fix two memory corruption crashes.
* Use-after-free in afpd's Time Machine Code [1]
* Memory overrun in extended attributes [2]
PR: 251203 [1]
244191 [2]
Submitted by: Jose Quinteiro <freebsd@quinteiro.org>
| -rw-r--r-- | net/netatalk3/Makefile | 2 | ||||
| -rw-r--r-- | net/netatalk3/files/patch-etc_afpd_volume.c | 20 | ||||
| -rw-r--r-- | net/netatalk3/files/patch-libatalk_vfs_extattr.c | 19 |
3 files changed, 40 insertions, 1 deletions
diff --git a/net/netatalk3/Makefile b/net/netatalk3/Makefile index a1643800f52e..c3b1e6699be7 100644 --- a/net/netatalk3/Makefile +++ b/net/netatalk3/Makefile @@ -3,7 +3,7 @@ PORTNAME= netatalk PORTVERSION= 3.1.12 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= net MASTER_SITES= SF diff --git a/net/netatalk3/files/patch-etc_afpd_volume.c b/net/netatalk3/files/patch-etc_afpd_volume.c new file mode 100644 index 000000000000..cc13c172a9bd --- /dev/null +++ b/net/netatalk3/files/patch-etc_afpd_volume.c @@ -0,0 +1,20 @@ +--- etc/afpd/volume.c.orig 2020-11-17 04:41:20 UTC ++++ etc/afpd/volume.c +@@ -183,6 +183,7 @@ static int get_tm_used(struct vol * restrict vol) + + if ((bandsize = get_tm_bandsize(cfrombstr(infoplist))) == -1) { + bdestroy(infoplist); ++ infoplist = NULL; + continue; + } + +@@ -190,7 +191,9 @@ static int get_tm_used(struct vol * restrict vol) + + if ((links = get_tm_bands(cfrombstr(bandsdir))) == -1) { + bdestroy(infoplist); ++ infoplist = NULL; + bdestroy(bandsdir); ++ bandsdir = NULL; + continue; + } + diff --git a/net/netatalk3/files/patch-libatalk_vfs_extattr.c b/net/netatalk3/files/patch-libatalk_vfs_extattr.c new file mode 100644 index 000000000000..ec0a9937a1f6 --- /dev/null +++ b/net/netatalk3/files/patch-libatalk_vfs_extattr.c @@ -0,0 +1,19 @@ +--- libatalk/vfs/extattr.c 2020-11-17 04:20:13 UTC ++++ libatalk/vfs/extattr.c +@@ -353,13 +353,13 @@ static ssize_t bsd_attr_list (int type, extattr_arg ar + } + + /* Convert from pascal strings to C strings */ +- len = list[0]; +- memmove(list, list + 1, list_size); ++ len = (unsigned char)list[0]; ++ memmove(list, list + 1, list_size - 1); + + for(i = len; i < list_size; ) { + LOG(log_maxdebug, logtype_afpd, "len: %d, i: %d", len, i); + +- len = list[i]; ++ len = (unsigned char)list[i]; + list[i] = '\0'; + i += len + 1; + } |