ports/142711: ciso port incorrectly assumes a 32-bit architecture

Jonathan Jacobs jonathan+freebsd at jsphere.com
Mon Jan 11 09:20:06 UTC 2010 

>Number:         142711
>Category:       ports
>Synopsis:       ciso port incorrectly assumes a 32-bit architecture
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 11 09:20:05 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Jonathan Jacobs
>Release:        8.0
>Organization:
>Environment:
FreeBSD atlas 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan  5 21:11:58 UTC 2010     root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
When attempting to decompress a compressed ISO file the sysutils/ciso port attempts to read a file header directly into a structure that assumes "unsigned long" to mean "unsigned 32-bit integer", specifically into fields that are later used to allocate memory. On a 64-bit system this results in attempts to allocate incorrectly huge amounts of memory.
>How-To-Repeat:
Attempt to decompress a compressed ISO file on a 64-bit platform such as amd64.
>Fix:
Explicitly declare structure members as 32-bit integers.

Patch attached with submission follows:

--- ciso.h.orig 2010-01-11 10:59:27.658243564 +0200
+++ ciso.h      2010-01-11 10:50:32.882342532 +0200
@@ -19,6 +19,8 @@
     Copyright 2005 BOOSTER
 */

+#include <stdint.h>
+

 #ifndef __CISO_H__
 #define __CISO_H__
@@ -28,9 +30,9 @@
 typedef struct ciso_header
 {
        unsigned char magic[4];                 /* +00 : 'C','I','S','O'                 */
-       unsigned long header_size;              /* +04 : header size (==0x18)            */
+       uint32_t header_size;           /* +04 : header size (==0x18)            */
        unsigned long long total_bytes; /* +08 : number of original data size    */
-       unsigned long block_size;               /* +10 : number of compressed block size */
+       uint32_t block_size;            /* +10 : number of compressed block size */
        unsigned char ver;                              /* +14 : version 01                      */
        unsigned char align;                    /* +15 : align of index value            */
        unsigned char rsv_06[2];                /* +16 : reserved                        */


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list