summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorerwin <erwin@FreeBSD.org>2005-12-22 21:02:12 +0000
committererwin <erwin@FreeBSD.org>2005-12-22 21:02:12 +0000
commitd0e2ac9aeac155578eb7d4f9e1d0f91655989ccf (patch)
treef293014e1ac1e08f0240dc165b3a514a2d1bf6a9
parent0c8b4542e0ce4f684c11e17ea81e497c956ecf32 (diff)
downloadFreeBSD-ports-d0e2ac9aeac155578eb7d4f9e1d0f91655989ccf.zip
FreeBSD-ports-d0e2ac9aeac155578eb7d4f9e1d0f91655989ccf.tar.gz
The attached patch fixes a buffer overflow vulnerability and fixes building on
FreeBSD 7.0. Furthermore nbd.h has been updated to a version from a newer Linux kernel. Requested by: remko
-rw-r--r--net/nbd-server/Makefile9
-rw-r--r--net/nbd-server/files/nbd.h25
-rw-r--r--net/nbd-server/files/patch-nbd-server.c26
3 files changed, 41 insertions, 19 deletions
diff --git a/net/nbd-server/Makefile b/net/nbd-server/Makefile
index 9bcc6cd..7ae01e8 100644
--- a/net/nbd-server/Makefile
+++ b/net/nbd-server/Makefile
@@ -7,6 +7,7 @@
PORTNAME= nbd-server
PORTVERSION= 2.8.2
+PORTREVISION= 1
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= nbd
@@ -25,13 +26,7 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --enable-lfs --enable-syslog
PLIST_FILES= bin/nbd-server
MAN1= nbd-server.1
-.include <bsd.port.pre.mk>
-
-.if ${OSVERSION} >= 700000
-BROKEN= "GCC fails on FreeBSD >= 7.0"
-.endif
-
post-extract:
@${CP} ${FILESDIR}/nbd.h ${WRKSRC}
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/net/nbd-server/files/nbd.h b/net/nbd-server/files/nbd.h
index dcb0228..090e210 100644
--- a/net/nbd-server/files/nbd.h
+++ b/net/nbd-server/files/nbd.h
@@ -8,6 +8,8 @@
* 2003/06/24 Louis D. Langholtz <ldl@aros.net>
* Removed unneeded blksize_bits field from nbd_device struct.
* Cleanup PARANOIA usage & code.
+ * 2004/02/19 Paul Clements
+ * Removed PARANOIA, plus various cleanup and comments
*/
#ifndef LINUX_NBD_H
@@ -32,22 +34,19 @@ enum {
#define nbd_cmd(req) ((req)->cmd[0])
#define MAX_NBD 128
-/* Define PARANOIA to include extra sanity checking code in here & driver */
-#define PARANOIA
-
/* userspace doesn't need the nbd_device structure */
#ifdef __KERNEL__
+/* values for flags field */
+#define NBD_READ_ONLY 0x0001
+#define NBD_WRITE_NOCHK 0x0002
+
struct nbd_device {
int flags;
int harderror; /* Code of hard error */
-#define NBD_READ_ONLY 0x0001
-#define NBD_WRITE_NOCHK 0x0002
struct socket * sock;
struct file * file; /* If == NULL, device is not ready, yet */
-#ifdef PARANOIA
- int magic; /* FIXME: not if debugging is off */
-#endif
+ int magic;
spinlock_t queue_lock;
struct list_head queue_head;/* Requests are added here... */
struct semaphore tx_lock;
@@ -58,16 +57,14 @@ struct nbd_device {
#endif
-/* This now IS in some kind of include file... */
-
-/* These are send over network in request/reply magic field */
+/* These are sent over the network in the request/reply magic fields */
#define NBD_REQUEST_MAGIC 0x25609513
#define NBD_REPLY_MAGIC 0x67446698
/* Do *not* use magics: 0x12560953 0x96744668. */
/*
- * This is packet used for communication between client and
+ * This is the packet used for communication between client and
* server. All data are in network byte order.
*/
struct nbd_request {
@@ -82,6 +79,10 @@ struct nbd_request {
#endif
;
+/*
+ * This is the reply packet that nbd-server sends back to the client after
+ * it has completed an I/O request (or an error occurs).
+ */
struct nbd_reply {
u32 magic;
u32 error; /* 0 = ok, else error */
diff --git a/net/nbd-server/files/patch-nbd-server.c b/net/nbd-server/files/patch-nbd-server.c
new file mode 100644
index 0000000..383f896
--- /dev/null
+++ b/net/nbd-server/files/patch-nbd-server.c
@@ -0,0 +1,26 @@
+diff -urN nbd-2.8.2.orig/nbd-server.c nbd-2.8.2/nbd-server.c
+--- nbd-2.8.2.orig/nbd-server.c Wed Nov 9 22:38:44 2005
++++ nbd-server.c Thu Dec 22 16:04:47 2005
+@@ -363,11 +363,11 @@
+ * is severely wrong)
+ **/
+ void sigchld_handler(int s) {
+- int* status=NULL;
++ int status;
+ int* i;
+ pid_t pid;
+
+- while((pid=wait(status)) > 0) {
++ while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
+ if(WIFEXITED(status)) {
+ msg3(LOG_INFO, "Child exited with %d", WEXITSTATUS(status));
+ }
+@@ -684,7 +684,7 @@
+
+ if (request.magic != htonl(NBD_REQUEST_MAGIC))
+ err("Not enough magic.");
+- if (len > BUFSIZE)
++ if (len > (BUFSIZE-sizeof(struct nbd_reply)))
+ err("Request too big!");
+ #ifdef DODBG
+ printf("%s from %Lu (%Lu) len %d, ", request.type ? "WRITE" :
OpenPOWER on IntegriCloud