diff options
| author | Guillem Jover <guillem@debian.org> | 2006-11-06 23:06:42 +0000 |
|---|---|---|
| committer | Guillem Jover <guillem@hadrons.org> | 2010-06-10 23:21:21 +0200 |
| commit | 9f769a4c2497c180f14c863155e866fae20c3707 (patch) | |
| tree | ffc7451c6e5df7f9908fd2ea34f8ec5c5e79f858 | |
| parent | 92ffb3769fac888fa3eddaf430ddebcac9d08af7 (diff) | |
| download | inetutils-9f769a4c2497c180f14c863155e866fae20c3707.tar.gz | |
Fix possible segfaults and descriptor leaks (from the Coverity reports)
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | debian/patches/40_ftpd_LOGCMD_NULL.patch | 35 | ||||
| -rw-r--r-- | debian/patches/41_gethostbyname_segfault.patch | 52 | ||||
| -rw-r--r-- | debian/patches/42_syslogd_leaks.patch | 25 | ||||
| -rw-r--r-- | debian/patches/series | 3 |
5 files changed, 120 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index b0a1d8c..5c644ea 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,11 @@ inetutils (2:1.5.dfsg.1-2) UNRELEASED; urgency=low * Fix FTBFS with automake >= 1.0 by adding the missing file config.rpath. - debian/patches/02_missing_config.rpath.patch: New file * Install a pam file for inetutils-ftpd. + * Fix possible segfaults (from the Coverity reports). + - debian/patches/40_ftpd_LOGCMD_NULL.patch: New file. + - debian/patches/41_gethostbyname_segfault.patch: Likewise. + * Fix file descriptor leaks (from the Coverity reports). + - debian/patches/42_syslogd_leaks.patch: New file. -- Guillem Jover <guillem@debian.org> Mon, 6 Nov 2006 07:23:09 +0200 diff --git a/debian/patches/40_ftpd_LOGCMD_NULL.patch b/debian/patches/40_ftpd_LOGCMD_NULL.patch new file mode 100644 index 0000000..7680379 --- /dev/null +++ b/debian/patches/40_ftpd_LOGCMD_NULL.patch @@ -0,0 +1,35 @@ +2006-10-21 Guillem Jover <guillem@hadrons.org> + + * ftpd/ftpd.c (store): Do not overwrite `name' with gunique's return + value, to avoid passing NULL to LOGCMD. + + +Index: ftpd/ftpd.c +=================================================================== +RCS file: /sources/inetutils/inetutils/ftpd/ftpd.c,v +retrieving revision 1.56 +diff -u -r1.56 ftpd.c +--- ftpd/ftpd.c 12 Oct 2006 09:57:27 -0000 1.56 ++++ ftpd/ftpd.c 21 Oct 2006 13:15:28 -0000 +@@ -934,11 +934,17 @@ + struct stat st; + int (*closefunc) (FILE *); + +- if (unique && stat (name, &st) == 0 +- && (name = gunique (name)) == NULL) ++ if (unique && stat (name, &st) == 0) + { +- LOGCMD (*mode == 'w' ? "put" : "append", name); +- return; ++ const char *name_unique = gunique (name); ++ ++ if (name_unique) ++ name = name_unique; ++ else ++ { ++ LOGCMD (*mode == 'w' ? "put" : "append", name); ++ return; ++ } + } + + if (restart_point) diff --git a/debian/patches/41_gethostbyname_segfault.patch b/debian/patches/41_gethostbyname_segfault.patch new file mode 100644 index 0000000..290df6b --- /dev/null +++ b/debian/patches/41_gethostbyname_segfault.patch @@ -0,0 +1,52 @@ +2006-10-21 Guillem Jover <guillem@hadrons.org> + + * libinetutils/localhost.c (localhost): Determine the FQDN only + if gethostname did not fail. + + +Index: libinetutils/localhost.c +=================================================================== +RCS file: /sources/inetutils/inetutils/libinetutils/localhost.c,v +retrieving revision 1.13 +diff -u -r1.13 localhost.c +--- libinetutils/localhost.c 2 Dec 2005 14:05:28 -0000 1.13 ++++ libinetutils/localhost.c 21 Oct 2006 13:32:06 -0000 +@@ -77,22 +77,23 @@ + free (buf); + buf = 0; + } ++ else ++ /* Determine FQDN */ ++ { ++ struct hostent *hp = gethostbyname(buf); + +- /* Determine FQDN */ +- { +- struct hostent *hp = gethostbyname(buf); ++ if (hp) ++ { ++ struct in_addr addr; ++ addr.s_addr = *(unsigned int*) hp->h_addr; ++ hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET); ++ if (hp) ++ { ++ free(buf); ++ buf = strdup(hp->h_name); ++ } ++ } ++ } + +- if (hp) +- { +- struct in_addr addr; +- addr.s_addr = *(unsigned int*) hp->h_addr; +- hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET); +- if (hp) +- { +- free(buf); +- buf = strdup(hp->h_name); +- } +- } +- } + return buf; + } diff --git a/debian/patches/42_syslogd_leaks.patch b/debian/patches/42_syslogd_leaks.patch new file mode 100644 index 0000000..f4b2635 --- /dev/null +++ b/debian/patches/42_syslogd_leaks.patch @@ -0,0 +1,25 @@ +2006-10-21 Guillem Jover <guillem@hadrons.org> + + * syslogd/syslogd.c (init): Close CF properly before returning. + + +Index: syslogd/syslogd.c +=================================================================== +--- syslogd/syslogd.c.orig 2006-10-21 15:11:57.000000000 +0300 ++++ syslogd/syslogd.c 2006-11-07 00:59:47.000000000 +0200 +@@ -1657,6 +1657,7 @@ init (int signo) + { + /* There is no graceful recovery here. */ + dbg_printf ("cannot allocate space for configuration\n"); ++ fclose (cf); + return; + } + cline = cbuf; +@@ -1696,6 +1697,7 @@ init (int signo) + { + /* Sigh ... */ + dbg_printf ("cannot allocate space configuration\n"); ++ fclose (cf); + free (cbuf); + return; + } diff --git a/debian/patches/series b/debian/patches/series index c9ac937..c54897c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,6 @@ 10_syslog_klog_doc.patch -p0 22_syslogd_conf.patch -p1 30_ping_suid_perms.patch -p0 +40_ftpd_LOGCMD_NULL.patch -p0 +41_gethostbyname_segfault.patch -p0 +42_syslogd_leaks.patch -p0 |