On Tue, Apr 22, 2025 at 09:39:46AM +0200, Jan Klemkow wrote: > Hi, > > This diff adds local patches to fix a known buffer overflow [1] and a > use after free[2]. Upstream is not very responsive. Thus, we have to > patch this here for now. > > ok?
ok You could also consider growing the unknown[20] array to 32 in addition to switching to snprintf(). > > bye, > jan > > [1]: https://github.com/pali/igmpproxy/issues/97 > [2]: https://github.com/pali/igmpproxy/pull/98 > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/net/igmpproxy/Makefile,v > diff -u -p -r1.26 Makefile > --- Makefile 27 Sep 2023 14:18:09 -0000 1.26 > +++ Makefile 22 Apr 2025 07:31:02 -0000 > @@ -2,7 +2,7 @@ COMMENT = multicast router utilizing IGM > > V = 0.4 > DISTNAME = igmpproxy-${V} > -REVISION = 0 > +REVISION = 1 > > CATEGORIES = net > > Index: patches/patch-src_igmp_c > =================================================================== > RCS file: /cvs/ports/net/igmpproxy/patches/patch-src_igmp_c,v > diff -u -p -r1.3 patch-src_igmp_c > --- patches/patch-src_igmp_c 30 Oct 2022 10:07:56 -0000 1.3 > +++ patches/patch-src_igmp_c 22 Apr 2025 07:31:02 -0000 > @@ -1,6 +1,15 @@ > Index: src/igmp.c > --- src/igmp.c.orig > +++ src/igmp.c > +@@ -94,7 +94,7 @@ static const char *igmpPacketKind(unsigned int type, u > + case IGMP_V2_LEAVE_GROUP: return "Leave message "; > + > + default: > +- sprintf(unknown, "unk: 0x%02x/0x%02x ", type, code); > ++ snprintf(unknown, sizeof unknown, "unk: 0x%02x/0x%02x ", type, > code); > + return unknown; > + } > + } > @@ -132,6 +132,7 @@ void acceptIgmp(int recvlen) { > } > else { > Index: patches/patch-src_rttable_c > =================================================================== > RCS file: /cvs/ports/net/igmpproxy/patches/patch-src_rttable_c,v > diff -u -p -r1.3 patch-src_rttable_c > --- patches/patch-src_rttable_c 30 Oct 2022 10:07:56 -0000 1.3 > +++ patches/patch-src_rttable_c 22 Apr 2025 07:31:02 -0000 > @@ -404,7 +404,24 @@ Index: src/rttable.c > > // We append the activity counter to the age, and continue... > croute->ageValue = croute->ageActivity; > -@@ -718,39 +704,61 @@ int internAgeRoute(struct RouteTable* croute) { > +@@ -704,13 +690,15 @@ int internAgeRoute(struct RouteTable* croute) { > + > + // No activity was registered within the timelimit, so remove > the route. > + removeRoute(croute); > ++ croute = NULL; > + } > + // Tell that the route was updated... > + result = 1; > + } > + > + // The aging vif bits must be reset for each round... > +- BIT_ZERO(croute->ageVifBits); > ++ if (croute != NULL) > ++ BIT_ZERO(croute->ageVifBits); > + > + return result; > + } > +@@ -718,39 +706,61 @@ int internAgeRoute(struct RouteTable* croute) { > /** > * Updates the Kernel routing table. If activate is 1, the route > * is (re-)activated. If activate is false, the route is removed. > @@ -480,7 +497,7 @@ Index: src/rttable.c > } > > // Do the actual Kernel route update... > -@@ -772,7 +780,7 @@ int internUpdateKernelRoute(struct RouteTable *route, > +@@ -772,7 +782,7 @@ int internUpdateKernelRoute(struct RouteTable *route, > */ > void logRouteTable(const char *header) { > struct Config *conf = getCommonConfig(); > @@ -489,7 +506,7 @@ Index: src/rttable.c > unsigned rcount = 0; > > my_log(LOG_DEBUG, 0, ""); > -@@ -781,30 +789,22 @@ void logRouteTable(const char *header) { > +@@ -781,30 +791,22 @@ void logRouteTable(const char *header) { > if(croute==NULL) { > my_log(LOG_DEBUG, 0, "No routes in table..."); > } else { >
