pkg_select: fix buffer overflow

expanding the macro with ++len for size meant our memset to zero was
one bigger than the above allocated size.

while here simplify the problematic macro - malloc+memset zero is calloc.

bump pkgrevision

4 files changed, 40 insertions, 3 deletions

diff --git a/pkgtools/pkg_select/Makefile b/pkgtools/pkg_select/Makefile
index fe7d86fe457..94b4d04b2be 100644
--- a/pkgtools/pkg_select/Makefile
+++ b/pkgtools/pkg_select/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2017/12/29 11:59:13 plunky Exp $
+# $NetBSD: Makefile,v 1.26 2017/12/29 17:55:13 maya Exp $
 #
 
 DISTNAME=	pkg_select-20090308
-PKGREVISION=	7
+PKGREVISION=	8
 CATEGORIES=	pkgtools
 MASTER_SITES=	ftp://ftp.NetBSD.org/pub/NetBSD/misc/imil/
 
diff --git a/pkgtools/pkg_select/distinfo b/pkgtools/pkg_select/distinfo
index 86097abca9c..354dbdbe723 100644
--- a/pkgtools/pkg_select/distinfo
+++ b/pkgtools/pkg_select/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2017/12/29 11:59:13 plunky Exp $
+$NetBSD: distinfo,v 1.12 2017/12/29 17:55:13 maya Exp $
 
 SHA1 (pkg_select-20090308.tar.gz) = f4a4f40927631d16ee563671ce98e69843382c93
 RMD160 (pkg_select-20090308.tar.gz) = d265f8e18ee4500e2ac34ba2d105acff28cc7e91
@@ -6,9 +6,11 @@ SHA512 (pkg_select-20090308.tar.gz) = 77ebda4cb6032d980682b7c4c9745982cd49d16834
 Size (pkg_select-20090308.tar.gz) = 54637 bytes
 SHA1 (patch-curses__helpers.c) = fa30914f4a9b147c433fcb32249d2b773a5e2604
 SHA1 (patch-extern.h) = e1248f7180a76ec8f623719037cf5306b8de573b
+SHA1 (patch-file.c) = ad32f135386b8c4be140305ccade97f6220f168d
 SHA1 (patch-install__many.c) = 24a39faaab697a84103311f0fc28c2670e201bbe
 SHA1 (patch-listmgt.c) = d27477fd0ce46a9c8ad6a86818dd9f018557459a
 SHA1 (patch-live.c) = b821986e8da22cd53b6c95975cd36abafbeda453
 SHA1 (patch-more.c) = 0a8c4440a085edfae7f8f4832cdbb7878e3bf85b
 SHA1 (patch-pkg__info.c) = d6c1f93461c91cfe44a9659d7197406c9c47d890
 SHA1 (patch-pkgsrc.c) = df0b6c9633e75bc784ec34e88ec4201426d66464
+SHA1 (patch-tools.h) = add83ba82a5aa96c0805348e767bc0fffc2f9e0b
diff --git a/pkgtools/pkg_select/patches/patch-file.c b/pkgtools/pkg_select/patches/patch-file.c
new file mode 100644
index 00000000000..de4aa23b0f0
--- /dev/null
+++ b/pkgtools/pkg_select/patches/patch-file.c
@@ -0,0 +1,17 @@
+$NetBSD: patch-file.c,v 1.1 2017/12/29 17:55:13 maya Exp $
+
+Avoid buffer overflow from magical side effecting macro expansion
+
+--- file.c.orig	2009-03-08 14:25:53.000000000 +0000
++++ file.c
+@@ -156,7 +156,9 @@ loadfile(const char *path)
+ 	if (len == 0)
+ 		return(NULL);
+ 
+-	XMALLOC(lfile, ++len * sizeof(char *));
++	++len;
++
++	XMALLOC(lfile, len * sizeof(char *));
+ 
+ 	for (i = 0; i < len; i++)
+ 		lfile[i] = NULL;
diff --git a/pkgtools/pkg_select/patches/patch-tools.h b/pkgtools/pkg_select/patches/patch-tools.h
new file mode 100644
index 00000000000..7f0270338fc
--- /dev/null
+++ b/pkgtools/pkg_select/patches/patch-tools.h
@@ -0,0 +1,18 @@
+$NetBSD: patch-tools.h,v 1.1 2017/12/29 17:55:13 maya Exp $
+
+malloc+memset to calloc
+
+--- tools.h.orig	2009-03-08 14:25:53.000000000 +0000
++++ tools.h
+@@ -74,10 +74,9 @@
+ 
+ #define XMALLOC(elm, size)						\
+ 	do {								\
+-		elm = malloc(size);					\
++		elm = calloc(1, size);					\
+ 		if (elm == NULL)					\
+ 			err(1, "can't allocate memory\n");		\
+-		memset(elm, 0, size);					\
+ 	} while (/* CONSTCOND */ 0)
+ 
+ #define XSTRDUP(dest, src)						\