cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SECURITY UPDATE of memcached to 1.4.3

Browse Source 
* resolves the DoS in CVE-2010-1152

ok MAINTAINER
This commit is contained in:
jasper 2010-04-21 12:23:37 +00:00
parent 3062358825
commit f404475a24
8 changed files with 9 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
misc/memcached/Makefile
View File

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.9 2009/08/07 10:46:41 jasper Exp $
# $OpenBSD: Makefile,v 1.10 2010/04/21 12:23:37 jasper Exp $
COMMENT= distributed memory object caching system
DISTNAME= memcached-1.4.0
DISTNAME= memcached-1.4.3
CATEGORIES= misc
HOMEPAGE= http://www.danga.com/memcached/

10
misc/memcached/distinfo
View File

@ -1,5 +1,5 @@
MD5 (memcached-1.4.0.tar.gz) = 12Uey4vzRRRMsXkA2aRshQ==
RMD160 (memcached-1.4.0.tar.gz) = C/KBxpS6JGcsQoXF9lE3svuz9IQ=
SHA1 (memcached-1.4.0.tar.gz) = hIgZd8w0oQOc5hkif/KRDY4ePls=
SHA256 (memcached-1.4.0.tar.gz) = smSPtRT7NvoizetGi46KjUn++Gos+8dzj2MOCbSXfTU=
SIZE (memcached-1.4.0.tar.gz) = 267420
MD5 (memcached-1.4.3.tar.gz) = g8bMa62WElNrWsu73as+sw==
RMD160 (memcached-1.4.3.tar.gz) = UgcVi7EMdzyAPXBfzMKGmi2UGsU=
SHA1 (memcached-1.4.3.tar.gz) = 1ELtJCm2Vctjn+ws+z4EYb3uzd8=
SHA256 (memcached-1.4.3.tar.gz) = RcdlqYoGQJGo0wwxjgYvTz0wZnbvq+EUIgDVlxbXHFw=
SIZE (memcached-1.4.3.tar.gz) = 297067

21
misc/memcached/patches/patch-items_c
View File

@ -1,21 +0,0 @@
$OpenBSD: patch-items_c,v 1.3 2009/08/07 10:46:41 jasper Exp $
--- items.c.orig Thu Jul 9 12:43:42 2009
+++ items.c Sat Jul 11 10:54:34 2009
@@ -379,7 +379,7 @@ char *do_item_cachedump(const unsigned int slabs_clsid
(unsigned long)it->exptime + process_started);
if (bufcurr + len + 6 > memlimit) /* 6 is END\r\n\0 */
break;
- strcpy(buffer + bufcurr, temp);
+ strlcpy(buffer + bufcurr, temp, sizeof(buffer) - bufcurr);
bufcurr += len;
shown++;
it = it->next;
@@ -446,7 +446,7 @@ void do_item_stats_sizes(ADD_STAT add_stats, void *c)
if (histogram[i] != 0) {
char key[8];
int klen = 0;
- klen = sprintf(key, "%d", i * 32);
+ klen = snprintf(key, 8, "%d", i * 32);
assert(klen < sizeof(key));
APPEND_STAT(key, "%u", histogram[i]);
}

97
misc/memcached/patches/patch-memcached_c
View File

@ -1,97 +0,0 @@
$OpenBSD: patch-memcached_c,v 1.6 2009/08/07 10:46:41 jasper Exp $
--- memcached.c.orig Thu Jul 9 13:16:24 2009
+++ memcached.c Sat Jul 11 11:01:39 2009
@@ -93,7 +93,11 @@ static void write_and_free(conn *c, char *buf, int byt
static int ensure_iov_space(conn *c);
static int add_iov(conn *c, const void *buf, int len);
static int add_msghdr(conn *c);
+
+/* OpenBSD has this in sys/types.h already. */
+#ifndef _SYS_ENDIAN_H_
static uint64_t swap64(uint64_t in);
+#endif /* !_SYS_ENDIAN_H_ */
/* time handling */
static void set_current_time(void); /* update the global variable holding
@@ -976,6 +980,7 @@ static void write_bin_response(conn *c, void *d, int h
}
}
+#ifndef _SYS_ENDIAN_H_
/* Byte swap a 64-bit number */
static uint64_t swap64(uint64_t in) {
#ifdef ENDIAN_LITTLE
@@ -991,8 +996,9 @@ static uint64_t swap64(uint64_t in) {
#else
/* big-endian machines don't need byte swapping */
return in;
-#endif
+#endif /* !ENDIAN_LITTLE */
}
+#endif /* !_SYS_ENDIAN_H_ */
static void complete_incr_bin(conn *c) {
item *it;
@@ -1278,12 +1284,14 @@ static void append_ascii_stats(const char *key, const
char *pos = c->stats.buffer + c->stats.offset;
uint32_t nbytes;
+ size_t s_pos = sizeof(pos);
+
if (klen == 0 && vlen == 0) {
- nbytes = sprintf(pos, "END\r\n");
+ nbytes = snprintf(pos, s_pos, "END\r\n");
} else if (vlen == 0) {
- nbytes = sprintf(pos, "STAT %s\r\n", key);
+ nbytes = snprintf(pos, s_pos, "STAT %s\r\n", key);
} else {
- nbytes = sprintf(pos, "STAT %s %s\r\n", key, val);
+ nbytes = snprintf(pos, s_pos, "STAT %s %s\r\n", key, val);
}
c->stats.offset += nbytes;
@@ -2248,6 +2256,7 @@ static inline void process_get_command(conn *c, token_
int stats_get_cmds = 0;
int stats_get_misses = 0;
int stats_get_hits[MAX_NUMBER_OF_SLAB_CLASSES];
+ size_t s_suffix;
assert(c != NULL);
memset(&stats_get_hits, 0, sizeof(stats_get_hits));
@@ -2326,7 +2335,9 @@ static inline void process_get_command(conn *c, token_
return;
}
*(c->suffixlist + i) = suffix;
- sprintf(suffix, " %llu\r\n", (unsigned long long)ITEM_get_cas(it));
+ s_suffix = sizeof(suffix);
+ snprintf(suffix, s_suffix,
+ " %llu\r\n", (unsigned long long)ITEM_get_cas(it));
if (add_iov(c, "VALUE ", 6) != 0 ||
add_iov(c, ITEM_key(it), it->nkey) != 0 ||
add_iov(c, ITEM_suffix(it), it->nsuffix - 2) != 0 ||
@@ -2559,6 +2570,7 @@ enum delta_result_type do_add_delta(conn *c, item *it,
char *ptr;
uint64_t value;
int res;
+ size_t s_buf = sizeof(buf);
ptr = ITEM_data(it);
@@ -2586,7 +2598,7 @@ enum delta_result_type do_add_delta(conn *c, item *it,
}
pthread_mutex_unlock(&c->thread->stats.mutex);
- sprintf(buf, "%llu", (unsigned long long)value);
+ snprintf(buf, s_buf, "%llu", (unsigned long long)value);
res = strlen(buf);
if (res + 2 > it->nbytes) { /* need to realloc */
item *new_it;
@@ -3672,7 +3684,7 @@ static int server_socket_unix(const char *path, int ac
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
- strcpy(addr.sun_path, path);
+ strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
old_umask = umask( ~(access_mask&0777));
if (bind(sfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
perror("bind()");

16
misc/memcached/patches/patch-memcached_h
View File

@ -1,16 +0,0 @@
$OpenBSD: patch-memcached_h,v 1.1 2009/08/07 10:46:41 jasper Exp $
--- memcached.h.orig Sat Jul 11 11:06:01 2009
+++ memcached.h Sat Jul 11 11:08:09 2009
@@ -99,9 +99,9 @@
/** Append an indexed stat with a stat name (with format), value format
and value */
-#define APPEND_NUM_FMT_STAT(name_fmt, num, name, fmt, val) \
- klen = sprintf(key_str, name_fmt, num, name); \
- vlen = sprintf(val_str, fmt, val); \
+#define APPEND_NUM_FMT_STAT(name_fmt, num, name, fmt, val) \
+ klen = snprintf(key_str, 128, name_fmt, num, name); \
+ vlen = snprintf(val_str, 128, fmt, val); \
add_stats(key_str, klen, val_str, vlen, c);
/** Common APPEND_NUM_FMT_STAT format. */

26
misc/memcached/patches/patch-stats_c
View File

@ -1,26 +0,0 @@
$OpenBSD: patch-stats_c,v 1.1 2009/08/07 10:46:41 jasper Exp $
--- stats.c.orig Sat Jul 11 11:03:25 2009
+++ stats.c Sat Jul 11 11:03:54 2009
@@ -322,16 +322,17 @@ static void test_prefix_dump() {
/* Find a key that hashes to the same bucket as "abc" */
for (keynum = 0; keynum < PREFIX_HASH_SIZE * 100; keynum++) {
- sprintf(tmp, "%d", keynum);
+ snprintf(tmp, 500, "%d", keynum);
if (hashval == hash(tmp, strlen(tmp), 0) % PREFIX_HASH_SIZE) {
break;
}
}
stats_prefix_record_set(tmp);
- sprintf(tmp, "PREFIX %d get 0 hit 0 set 1 del 0\r\n"
- "PREFIX abc get 2 hit 1 set 1 del 1\r\n"
- "PREFIX def get 0 hit 0 set 0 del 1\r\n"
- "END\r\n", keynum);
+ snprintf(tmp, 500,
+ "PREFIX %d get 0 hit 0 set 1 del 0\r\n"
+ "PREFIX abc get 2 hit 1 set 1 del 1\r\n"
+ "PREFIX def get 0 hit 0 set 0 del 1\r\n"
+ "END\r\n", keynum);
test_equals_str("stats with two stats in one bucket",
tmp, stats_prefix_dump(&length));
test_equals_int("stats length with two stats in one bucket",

14
misc/memcached/patches/patch-testapp_c
View File

@ -1,14 +0,0 @@
$OpenBSD: patch-testapp_c,v 1.1 2009/08/07 10:46:41 jasper Exp $
--- testapp.c.orig Sat Jul 11 11:05:13 2009
+++ testapp.c Sat Jul 11 11:05:23 2009
@@ -233,8 +233,8 @@ static enum test_return test_safe_strtol(void) {
static enum test_return test_issue_44(void) {
char pidfile[80];
char buffer[256];
- sprintf(pidfile, "/tmp/memcached.%d", getpid());
- sprintf(buffer, "./memcached-debug -p 0 -P %s -d", pidfile);
+ snprintf(pidfile, 80, "/tmp/memcached.%d", getpid());
+ snprintf(buffer, 256, "./memcached-debug -p 0 -P %s -d", pidfile);
assert(system(buffer) == 0);
sleep(1);
FILE *fp = fopen(pidfile, "r");

5
misc/memcached/pkg/PLIST
View File

@ -1,12 +1,11 @@
@comment $OpenBSD: PLIST,v 1.4 2009/08/07 10:46:41 jasper Exp $
@comment $OpenBSD: PLIST,v 1.5 2010/04/21 12:23:37 jasper Exp $
@newgroup _memcached:637
@newuser _memcached:637:_memcached:daemon:memcache daemon:/var/empty:/sbin/nologin
@bin bin/memcached
@man man/man1/memcached.1
include/memcached/
include/memcached/protocol_binary.h
@man man/man1/memcached.1
share/doc/memcached/
share/doc/memcached/memory_management.txt
share/doc/memcached/protocol.txt
share/doc/memcached/readme.txt
share/doc/memcached/threads.txt