Mailing List Archive | ports@openbsd.org

Hi, This diff adds local patches to fix a known buffer overflow [1] and a use after free[2]. Upstream is not very responsive. Thus, we have to patch this here for now. ok? bye, jan [1]: https://github.com/pali/igmpproxy/issues/97 [2]: https://github.com/pali/igmpproxy/pull/98 Index: Makefile =================================================================== RCS file: /cvs/ports/net/igmpproxy/Makefile,v diff -u -p -r1.26 Makefile --- Makefile 27 Sep 2023 14:18:09 -0000 1.26 +++ Makefile 22 Apr 2025 07:31:02 -0000 @@ -2,7 +2,7 @@ COMMENT = multicast router utilizing IGM V = 0.4 DISTNAME = igmpproxy-${V} -REVISION = 0 +REVISION = 1 CATEGORIES = net Index: patches/patch-src_igmp_c =================================================================== RCS file: /cvs/ports/net/igmpproxy/patches/patch-src_igmp_c,v diff -u -p -r1.3 patch-src_igmp_c --- patches/patch-src_igmp_c 30 Oct 2022 10:07:56 -0000 1.3 +++ patches/patch-src_igmp_c 22 Apr 2025 07:31:02 -0000 @@ -1,6 +1,15 @@ Index: src/igmp.c --- src/igmp.c.orig +++ src/igmp.c +@@ -94,7 +94,7 @@ static const char *igmpPacketKind(unsigned int type, u + case IGMP_V2_LEAVE_GROUP: return "Leave message "; + + default: +- sprintf(unknown, "unk: 0x%02x/0x%02x ", type, code); ++ snprintf(unknown, sizeof unknown, "unk: 0x%02x/0x%02x ", type, code); + return unknown; + } + } @@ -132,6 +132,7 @@ void acceptIgmp(int recvlen) { } else { Index: patches/patch-src_rttable_c =================================================================== RCS file: /cvs/ports/net/igmpproxy/patches/patch-src_rttable_c,v diff -u -p -r1.3 patch-src_rttable_c --- patches/patch-src_rttable_c 30 Oct 2022 10:07:56 -0000 1.3 +++ patches/patch-src_rttable_c 22 Apr 2025 07:31:02 -0000 @@ -404,7 +404,24 @@ Index: src/rttable.c // We append the activity counter to the age, and continue... croute->ageValue = croute->ageActivity; -@@ -718,39 +704,61 @@ int internAgeRoute(struct RouteTable* croute) { +@@ -704,13 +690,15 @@ int internAgeRoute(struct RouteTable* croute) { + + // No activity was registered within the timelimit, so remove the route. + removeRoute(croute); ++ croute = NULL; + } + // Tell that the route was updated... + result = 1; + } + + // The aging vif bits must be reset for each round... +- BIT_ZERO(croute->ageVifBits); ++ if (croute != NULL) ++ BIT_ZERO(croute->ageVifBits); + + return result; + } +@@ -718,39 +706,61 @@ int internAgeRoute(struct RouteTable* croute) { /** * Updates the Kernel routing table. If activate is 1, the route * is (re-)activated. If activate is false, the route is removed. @@ -480,7 +497,7 @@ Index: src/rttable.c } // Do the actual Kernel route update... -@@ -772,7 +780,7 @@ int internUpdateKernelRoute(struct RouteTable *route, +@@ -772,7 +782,7 @@ int internUpdateKernelRoute(struct RouteTable *route, */ void logRouteTable(const char *header) { struct Config *conf = getCommonConfig(); @@ -489,7 +506,7 @@ Index: src/rttable.c unsigned rcount = 0; my_log(LOG_DEBUG, 0, ""); -@@ -781,30 +789,22 @@ void logRouteTable(const char *header) { +@@ -781,30 +791,22 @@ void logRouteTable(const char *header) { if(croute==NULL) { my_log(LOG_DEBUG, 0, "No routes in table..."); } else {

2025-04-22 07:39 Jan Klemkow:
net/igmpproxy: Fix buf. overflow and use after free
- 2025-04-22 07:47 Theo Buehler:
  net/igmpproxy: Fix buf. overflow and use after free