security/sshguard: Fix memset() off-by-one

This bug causes a stack overflow (and crash due to failed stack check) when certain IPv6 addresses are whitelisted on i386. PR: 258179 Reported by: John Marshall <john@jmarshall.id.au> MFH: 2021Q4
2021-08-31 22:07:43 -07:00 · 2021-08-31 22:07:43 -07:00 · c3381bf4d9
parent 9fae75d16c
commit c3381bf4d9
2 changed files with 12 additions and 0 deletions
--- a/security/sshguard/Makefile
+++ b/security/sshguard/Makefile
@ -2,6 +2,7 @@

 PORTNAME=	sshguard
 PORTVERSION=	2.4.2
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}
--- a/security/sshguard/files/patch-src_blocker_sshguard__whitelist.c
+++ b/security/sshguard/files/patch-src_blocker_sshguard__whitelist.c
@ -0,0 +1,11 @@
+--- src/blocker/sshguard_whitelist.c.orig	2020-12-31 17:06:03 UTC
+++ src/blocker/sshguard_whitelist.c
+@@ -275,7 +275,7 @@ int whitelist_add_block6(const char *restrict address,
+     bitlen = masklen % 8;
+     bitmask = 0xFF << (8 - bitlen);
+     ab.address.ip6.mask.s6_addr[bytelen] = bitmask;
+-    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, sizeof(ab.address.ip6.mask.s6_addr) - bytelen);
+    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, sizeof(ab.address.ip6.mask.s6_addr) - bytelen - 1);
+ 
+     if (! list_contains(& whitelist, &ab)) {
+         list_append(& whitelist, &ab);