diff options
author | prlw1 <prlw1> | 2016-04-20 13:52:24 +0000 |
---|---|---|
committer | prlw1 <prlw1> | 2016-04-20 13:52:24 +0000 |
commit | 19d1f0462e0b79f7aef093e77f08e326b70738a7 (patch) | |
tree | 3b84e8ec4fc1646a402ce0c03a2faee826e77831 /www/dansguardian | |
parent | f734456e62227a4da419227c73b37af8c3aa2081 (diff) | |
download | pkgsrc-19d1f0462e0b79f7aef093e77f08e326b70738a7.tar.gz |
Defend against calling select() with nfds >= FD_SETSIZE.
PR pkg/50995
Diffstat (limited to 'www/dansguardian')
-rw-r--r-- | www/dansguardian/Makefile | 5 | ||||
-rw-r--r-- | www/dansguardian/distinfo | 6 | ||||
-rw-r--r-- | www/dansguardian/patches/patch-src_BaseSocket.cpp | 55 | ||||
-rw-r--r-- | www/dansguardian/patches/patch-src_ConnectionHandler.cpp | 26 | ||||
-rw-r--r-- | www/dansguardian/patches/patch-src_FatController.cpp | 35 |
5 files changed, 119 insertions, 8 deletions
diff --git a/www/dansguardian/Makefile b/www/dansguardian/Makefile index d2459a67ef6..7994850522c 100644 --- a/www/dansguardian/Makefile +++ b/www/dansguardian/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.23 2015/09/03 11:55:40 sborrill Exp $ +# $NetBSD: Makefile,v 1.24 2016/04/20 13:52:24 prlw1 Exp $ DISTNAME= dansguardian-2.12.0.3 -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=dansguardian/} EXTRACT_SUFX= .tar.bz2 @@ -45,6 +45,7 @@ CONFIGURE_ARGS+= --with-proxyuser=${DANSGUARDIAN_USER} CONFIGURE_ARGS+= --with-proxygroup=${DANSGUARDIAN_GROUP} CONFIGURE_ARGS+= --with-piddir=${VARBASE}/run CONFIGURE_ARGS+= --with-logdir=${VARBASE}/log/dansguardian +CONFIGURE_ARGS+= CPPFLAGS=-DFD_SETSIZE=512 .include "options.mk" diff --git a/www/dansguardian/distinfo b/www/dansguardian/distinfo index 6f64db6f9d5..04e670715ab 100644 --- a/www/dansguardian/distinfo +++ b/www/dansguardian/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.12 2015/11/04 02:46:52 agc Exp $ +$NetBSD: distinfo,v 1.13 2016/04/20 13:52:24 prlw1 Exp $ SHA1 (dansguardian-2.12.0.3.tar.bz2) = c5d8175910310f9a03efc2e6cb440ea418adb896 RMD160 (dansguardian-2.12.0.3.tar.bz2) = 312db0ce2db9d1b2ed537807f9b2eca5d76a4123 @@ -7,9 +7,11 @@ Size (dansguardian-2.12.0.3.tar.bz2) = 577701 bytes SHA1 (patch-configs_dansguardian.conf.in) = 8707f9506ea7d93b3ff2caca3612054d1b0724e7 SHA1 (patch-configs_dansguardianf1.conf.in) = 777e1b3a463d7619d937ff193ee94a7a44410c7a SHA1 (patch-configure) = be2ccff5ecd42994cf8727843372e5997004e5e4 -SHA1 (patch-src_ConnectionHandler.cpp) = c7d9ed8f825a3d1d74c3e2612169e8ad11d7fd44 +SHA1 (patch-src_BaseSocket.cpp) = 6dc031deba326ab3e1e0db19482dd416f75ad988 +SHA1 (patch-src_ConnectionHandler.cpp) = 8bab3959f18b08702bc9af250c5e09803e21e716 SHA1 (patch-src_FOptionContainer.cpp) = 09ed12353ea4622e5b78dc8d0a12cacd65283ea4 SHA1 (patch-src_FOptionContainer.hpp) = bbb939f9c862a2564eec05bd9259d57b274e9777 +SHA1 (patch-src_FatController.cpp) = af08248a063884df29bbc9c5261f07f3ea11147e SHA1 (patch-src_ImageContainer.cpp) = b1296ac496a699d2089255b61841f607eba9d084 SHA1 (patch-src_OptionContainer.cpp) = d94a851522751b53c61a2b96e335170db0e1f86e SHA1 (patch-src_SocketArray.cpp) = 393bb901cf090b543a16da27f16c1bc99db8f155 diff --git a/www/dansguardian/patches/patch-src_BaseSocket.cpp b/www/dansguardian/patches/patch-src_BaseSocket.cpp new file mode 100644 index 00000000000..d43f5e1829c --- /dev/null +++ b/www/dansguardian/patches/patch-src_BaseSocket.cpp @@ -0,0 +1,55 @@ +$NetBSD: patch-src_BaseSocket.cpp,v 1.1 2016/04/20 13:52:24 prlw1 Exp $ + +Defend against calling select() with nfds >= FD_SETSIZE. PR pkg/50995 +https://github.com/e2guardian/e2guardian/issues/119 + +--- src/BaseSocket.cpp.orig 2012-09-29 20:06:45.000000000 +0000 ++++ src/BaseSocket.cpp +@@ -61,6 +61,12 @@ int selectEINTR(int numfds, fd_set * rea + timeval exittime; + timeval elapsedtime; + timeval timeoutcopy; ++ ++ if (numfds >= FD_SETSIZE) { ++ syslog(LOG_ERR, "selectEINTR called with numfds (%d) >= FD_SETSIZE (%d)", numfds, FD_SETSIZE); ++ errno = EBADF; ++ return -1; ++ } + while (true) { // using the while as a restart point with continue + if (timeout != NULL) { + gettimeofday(&entrytime, NULL); +@@ -313,6 +319,9 @@ int BaseSocket::getLine(char *buff, int + #endif + //if there was a socket error + if (bufflen < 0) { ++#ifdef DGDEBUG ++ syslog(LOG_ERR, "getLine recv returned error = %d (%m)\n", errno); ++#endif + if (errno == EINTR && (honour_reloadconfig ? !reloadconfig : true)) { + continue; + } +@@ -423,6 +432,9 @@ int BaseSocket::readFromSocketn(char *bu + } + rc = recv(sck, buff, cnt, flags); + if (rc < 0) { ++#ifdef DGDEBUG ++ syslog(LOG_ERR, "readFromSocketn recv returned error = %d (%m)\n", errno); ++#endif + if (errno == EINTR) { + continue; + } +@@ -473,9 +485,14 @@ int BaseSocket::readFromSocket(char *buf + while (true) { + rc = recv(sck, buff, cnt, flags); + if (rc < 0) { ++#ifdef DGDEBUG ++ syslog(LOG_ERR, "readFromSocket recv returned unhandled? error = %d (%m)\n", errno); ++#endif + if (errno == EINTR && (honour_reloadconfig ? !reloadconfig : true)) { + continue; + } ++ sleep(1); ++ continue; + } + + break; diff --git a/www/dansguardian/patches/patch-src_ConnectionHandler.cpp b/www/dansguardian/patches/patch-src_ConnectionHandler.cpp index a1fba6d4413..53641966ab9 100644 --- a/www/dansguardian/patches/patch-src_ConnectionHandler.cpp +++ b/www/dansguardian/patches/patch-src_ConnectionHandler.cpp @@ -1,9 +1,27 @@ -$NetBSD: patch-src_ConnectionHandler.cpp,v 1.1 2015/09/03 11:55:40 sborrill Exp $ +$NetBSD: patch-src_ConnectionHandler.cpp,v 1.2 2016/04/20 13:52:24 prlw1 Exp $ + maxuploadsize is a filtergroup setting +informative error messages ---- src/ConnectionHandler.cpp.orig 2015-09-03 12:05:59.000000000 +0100 -+++ src/ConnectionHandler.cpp 2015-09-03 12:06:56.000000000 +0100 -@@ -1598,14 +1598,14 @@ +--- src/ConnectionHandler.cpp.orig 2012-09-29 20:06:45.000000000 +0000 ++++ src/ConnectionHandler.cpp +@@ -555,12 +555,14 @@ void ConnectionHandler::handleConnection + #ifdef DGDEBUG + std::cerr << dbgPeerPort << " -Error connecting to proxy" << std::endl; + #endif +- syslog(LOG_ERR, "Error connecting to proxy"); ++ syslog(LOG_ERR, "Error %d (%m) connecting to proxy %s:%d by client %s", errno, o.proxy_ip.c_str(), o.proxy_port, clientip.c_str()); ++ + return; + } + } + catch(std::exception & e) { + #ifdef DGDEBUG ++ syslog(LOG_ERR, "Exception while creating proxysock to proxy %s:%d by client %s", o.proxy_ip.c_str(), o.proxy_port, clientip.c_str()); + std::cerr << dbgPeerPort << " -exception while creating proxysock: " << e.what() << std::endl; + #endif + } +@@ -1598,14 +1600,14 @@ void ConnectionHandler::handleConnection // Check for POST upload size blocking, unless request is an exception // MIME type test is just an approximation, but probably good enough if (!isbypass && !isexception diff --git a/www/dansguardian/patches/patch-src_FatController.cpp b/www/dansguardian/patches/patch-src_FatController.cpp new file mode 100644 index 00000000000..206a27ad1a1 --- /dev/null +++ b/www/dansguardian/patches/patch-src_FatController.cpp @@ -0,0 +1,35 @@ +$NetBSD: patch-src_FatController.cpp,v 1.1 2016/04/20 13:52:24 prlw1 Exp $ + +Defend against calling select() with nfds >= FD_SETSIZE. +PR pkg/50995 + +--- src/FatController.cpp.orig 2012-09-29 20:06:45.000000000 +0000 ++++ src/FatController.cpp +@@ -1473,6 +1473,13 @@ int url_list_listener(bool logconerror) + std::cout << "url ipcsockfd:" << ipcsockfd << std::endl; + #endif + ++ if (ipcsockfd + 1 >= FD_SETSIZE) { ++ syslog(LOG_ERR, "ipcsockfd+1 (%d) >= FD_SETSIZE (%d)", ipcsockfd+1, FD_SETSIZE); ++ delete[]logline; ++ urllistsock.close(); ++ return 1; ++ } ++ + fd_set fdSet; // our set of fds (only 1) that select monitors for us + fd_set fdcpy; // select modifes the set so we need to use a copy + FD_ZERO(&fdSet); // clear the set +@@ -1597,6 +1604,13 @@ int ip_list_listener(std::string stat_lo + + ipcsockfd = iplistsock.getFD(); + ++ if (ipcsockfd + 1 >= FD_SETSIZE) { ++ syslog(LOG_ERR, "ipcsockfd+1 (%d) >= FD_SETSIZE (%d)", ipcsockfd+1, FD_SETSIZE); ++ delete[]inbuff; ++ urllistsock.close(); ++ return 1; ++ } ++ + unsigned long int ip; + char reply; + struct in_addr inaddr; |