diff options
| author | Dimitry Andric <dim@FreeBSD.org> | 2021-01-30 13:22:39 +0000 |
|---|---|---|
| committer | Dimitry Andric <dim@FreeBSD.org> | 2021-01-30 13:22:39 +0000 |
| commit | ddfe6ae2fc81d893b3e979f4e67b4897440f0cc1 (patch) | |
| tree | 66053a5dbeebbc3c574ca871e47cd9fff60cafe2 /net/samba412 | |
| parent | d528b067d5a4fa3a6f7f6e40e875e3f54f6bfeb4 (diff) | |
| download | ports-ddfe6ae2fc81d893b3e979f4e67b4897440f0cc1.tar.gz ports-ddfe6ae2fc81d893b3e979f4e67b4897440f0cc1.zip | |
net/samba411 net/samba412 net/samba413: Fix zero-sized VLAs
With recent versions of clang, samba could dump core shortly after
startup, terminating with either SIGILL or SIGSEGV.
Investigation showed that samba is using C99 variable length arrays
(VLAs), and in some cases the length of these arrays would become zero.
Since this is undefined behavior, various interesting things would
happen, often ending in segfaults.
Fix this by avoiding to use zero as the length for these VLA
declarations.
A similar patch was also sent upstream, and was accepted and included in
subsequent samba releases.
See also: https://bugzilla.samba.org/show_bug.cgi?id=14605
Reported by: Dries Michiels <driesm.michiels@gmail.com>
PR: 252157
MFH: 2021Q1
Notes
Notes:
svn path=/head/; revision=563405
Diffstat (limited to 'net/samba412')
| -rw-r--r-- | net/samba412/Makefile | 2 | ||||
| -rw-r--r-- | net/samba412/files/patch-source3_lib_messages.c | 29 |
2 files changed, 30 insertions, 1 deletions
diff --git a/net/samba412/Makefile b/net/samba412/Makefile index f5d1434ba4d6..8b2e336f81d4 100644 --- a/net/samba412/Makefile +++ b/net/samba412/Makefile @@ -3,7 +3,7 @@ PORTNAME= ${SAMBA4_BASENAME}412 PORTVERSION= ${SAMBA4_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= net MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc DISTNAME= ${SAMBA4_DISTNAME} diff --git a/net/samba412/files/patch-source3_lib_messages.c b/net/samba412/files/patch-source3_lib_messages.c new file mode 100644 index 000000000000..2b6a06139fcb --- /dev/null +++ b/net/samba412/files/patch-source3_lib_messages.c @@ -0,0 +1,29 @@ +--- source3/lib/messages.c.orig 2020-02-28 08:59:35 UTC ++++ source3/lib/messages.c +@@ -157,7 +157,7 @@ struct messaging_rec *messaging_rec_create( + + { + struct messaging_rec rec; +- int64_t fds64[num_fds]; ++ int64_t fds64[MAX(1, num_fds)]; + size_t i; + + for (i=0; i<num_fds; i++) { +@@ -391,7 +391,7 @@ static void messaging_recv_cb(struct tevent_context *e + private_data, struct messaging_context); + struct server_id_buf idbuf; + struct messaging_rec rec; +- int64_t fds64[MIN(num_fds, INT8_MAX)]; ++ int64_t fds64[MAX(1, MIN(num_fds, INT8_MAX))]; + size_t i; + + if (msg_len < MESSAGE_HDR_LENGTH) { +@@ -1375,7 +1375,7 @@ static void messaging_dispatch_rec(struct messaging_co + + if (ev != msg_ctx->event_ctx) { + struct iovec iov; +- int fds[rec->num_fds]; ++ int fds[MAX(1, rec->num_fds)]; + int ret; + + /* |