Re: net/btpd patch

Wed, 23 Dec 2009 18:58:56 -0800 

As discussed with NicM, here are two fixes to btpd port:
* make sure we don't pass NULL to freeaddrinfo()
* calculate offset before req->rbuf.buf is potentially reallocated, and
thus prevent from using a dangling pointer when making offset
calculation

the 2nd patch has been submitted to upstream mailing list, but no
response yet:
http://lists.stargirl.org/pipermail/btpd-users/2009-December/000570.html

If there are any users of btpd, please test


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/btpd/Makefile,v
retrieving revision 1.6
diff -u -p -r1.6 Makefile
--- Makefile    12 Feb 2009 12:27:35 -0000      1.6
+++ Makefile    24 Dec 2009 02:48:58 -0000
@@ -3,6 +3,7 @@
 COMMENT=               BitTorrent Protocol Daemon
 
 DISTNAME=              btpd-0.15
+PKGNAME=               ${DISTNAME}p0
 CATEGORIES=            net
 
 MAINTAINER=            Martin Cronier <[email protected]>
Index: patches/patch-btpd_addrinfo_c
===================================================================
RCS file: patches/patch-btpd_addrinfo_c
diff -N patches/patch-btpd_addrinfo_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-btpd_addrinfo_c       24 Dec 2009 02:48:58 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- btpd/addrinfo.c.orig       Wed Dec 23 18:45:51 2009
++++ btpd/addrinfo.c    Wed Dec 23 18:45:54 2009
+@@ -52,7 +52,7 @@ addrinfo_td_cb(void *arg)
+     struct ai_ctx *ctx = arg;
+     if (!ctx->cancel)
+         ctx->cb(ctx->arg, ctx->error, ctx->res);
+-    else if (ctx->error != 0)
++    else if (ctx->res != NULL)
+         freeaddrinfo(ctx->res);
+     free(ctx);
+ }
Index: patches/patch-misc_http_client_c
===================================================================
RCS file: patches/patch-misc_http_client_c
diff -N patches/patch-misc_http_client_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-misc_http_client_c    24 Dec 2009 02:48:58 -0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+--- misc/http_client.c.orig    Mon Jan 12 14:43:18 2009
++++ misc/http_client.c Tue Dec 22 23:19:29 2009
+@@ -230,6 +230,12 @@ again:
+             else
+                 goto error;
+         }
++
++        /* req->rbuf.buf may be reallocated inside iobuf_write()
++         * so we should calculate the offset before that happens
++         */
++        size_t consumed = end - (char *)req->rbuf.buf + dlen;
++
+         if (!iobuf_write(&req->rbuf, "", 1))
+             goto error;
+         req->rbuf.off--;
+@@ -237,7 +243,7 @@ again:
+             goto error;
+         if (req->cancel)
+             goto cancel;
+-        iobuf_consumed(&req->rbuf, end - (char *)req->rbuf.buf + dlen);
++        iobuf_consumed(&req->rbuf, consumed);
+         goto again;
+     case PS_CHUNK_SIZE:
+         assert(req->chunked);

Reply via email to