Bug 211257 - net/xmlrpc-c: Fix overflow warning - update to 1.39.10
Summary: net/xmlrpc-c: Fix overflow warning - update to 1.39.10
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Renato Botelho
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2016-07-20 23:33 UTC by Walter Schwarzenfeld
Modified: 2016-09-06 16:54 UTC (History)
0 users

See Also:
garga: maintainer-feedback+
garga: merge-quarterly+


Attachments
svn-diff_net_xmlrpc-c (3.13 KB, patch)
2016-08-01 22:35 UTC, Walter Schwarzenfeld
no flags Details | Diff
svn-diff_xmlrpc-c-1.39.10 (328 bytes, patch)
2016-09-02 11:52 UTC, Walter Schwarzenfeld
no flags Details | Diff
svn-diff_xmlrpc-c-1.39.10 (807 bytes, patch)
2016-09-02 12:08 UTC, Walter Schwarzenfeld
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Walter Schwarzenfeld freebsd_triage 2016-07-20 23:33:11 UTC
Don't know if it is realy relevant, but:

xmlrpc_datetime.c:164:17: warning: the value of the size argument in 'strncat' is too large, might lead to a buffer overflow [-Wstrncat-size]
                STRSCAT(dtString, usecString);
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
blddir/include/xmlrpc-c/string_int.h:125:24: note: expanded from macro 'STRSCAT'

and

xmlrpc_serialize.c:308:13: warning: the value of the size argument in 'strncat' is too large, might lead to a buffer overflow [-Wstrncat-size]
            STRSCAT(dtString, usecString);
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
blddir/include/xmlrpc-c/string_int.h:125:24: note: expanded from macro 'STRSCAT'
--

macro is defined      in net/xmlrpc-c/work/xmlrpc-c-1.39.08/src/blddir/include/xmlrpc-c/string_int.h

124 #define STRSCAT(A,B) \
125     (strncat((A), (B), sizeof(A)-strlen(A)), *((A)+sizeof(A)-1) = '\0')
Comment 1 Walter Schwarzenfeld freebsd_triage 2016-08-01 22:33:12 UTC
I think this is the cause:

-#define STRSCAT(A,B) \
-    (strncat((A), (B), sizeof(A)-strlen(A)), *((A)+sizeof(A)-1) = '\0')
+#define STRNSCAT(A,B) \
    (strncat((A), (B), sizeof(A)-strlen(A)-1), *((A)+sizeof(A)-1) = '\0')

I renamed the STRSCAT macro to STRNSCAT, cause of an "redefined" error message.
It had to changed in include/xmlrpc-c/string_int.h and src/xmlrpc_serialize.c also.

I attached a svn-diff.
Comment 2 Walter Schwarzenfeld freebsd_triage 2016-08-01 22:35:01 UTC
Created attachment 173178 [details]
svn-diff_net_xmlrpc-c
Comment 3 Walter Schwarzenfeld freebsd_triage 2016-08-01 23:19:36 UTC
I mailed it Bryan Henderson from xmlrpc-c. He confirmed it is a wrong or bad code, and said he will change it, with next stable version in "a few" weeks. Tell me, if I should this PR keep open, or close it.
Comment 4 Walter Schwarzenfeld freebsd_triage 2016-09-02 11:52:29 UTC
Created attachment 174313 [details]
svn-diff_xmlrpc-c-1.39.10
Comment 5 Walter Schwarzenfeld freebsd_triage 2016-09-02 11:52:54 UTC
Fixed upstream with update to 1.39.10.
Comment 6 Walter Schwarzenfeld freebsd_triage 2016-09-02 11:57:44 UTC
ChangeLog:

    Fix possible buffer overrun. Introduced in Xmlrpc-c 1.15 (June 2008).
    Build: fix missing thread libraries in libutil++ link.
    Install: fix bug: xmlrpc_expat.pc not installed. 

portlint ok.
Comment 7 Walter Schwarzenfeld freebsd_triage 2016-09-02 12:08:08 UTC
Created attachment 174314 [details]
svn-diff_xmlrpc-c-1.39.10
Comment 8 Walter Schwarzenfeld freebsd_triage 2016-09-02 12:08:29 UTC
Overlooked distinfo.
Comment 9 Walter Schwarzenfeld freebsd_triage 2016-09-02 13:09:54 UTC
Testbuild with poudriere on 103amd64/i386 and 93amd64/i386 ok.
Comment 10 Walter Schwarzenfeld freebsd_triage 2016-09-02 14:34:52 UTC
Additional to the ChangeLog;
1.39.09
A release by this name was never properly released, but a copy of Release 1.39.08 was accidentally distributed with a filename indicating it was 1.39.09 between mid-July and August 23, 2016.
Comment 11 commit-hook freebsd_committer 2016-09-05 17:23:23 UTC
A commit references this bug:

Author: garga
Date: Mon Sep  5 17:23:11 UTC 2016
New revision: 421381
URL: https://svnweb.freebsd.org/changeset/ports/421381

Log:
  Update net/xmlrpc to 1.39.10

  This version if a buffer overflow in STRSCAT

  PR:		211257
  Submitted by:	w.schwarzenfeld@utanet.at
  MFH:		2016Q3

Changes:
  head/net/xmlrpc-c/Makefile
  head/net/xmlrpc-c/distinfo
Comment 12 commit-hook freebsd_committer 2016-09-06 16:52:46 UTC
A commit references this bug:

Author: garga
Date: Tue Sep  6 16:51:49 UTC 2016
New revision: 421442
URL: https://svnweb.freebsd.org/changeset/ports/421442

Log:
  MFH: r421381

  Update net/xmlrpc to 1.39.10

  This version if a buffer overflow in STRSCAT

  PR:		211257
  Submitted by:	w.schwarzenfeld@utanet.at
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/net/xmlrpc-c/Makefile
  branches/2016Q3/net/xmlrpc-c/distinfo