git: 371d21badc1c - 2021Q4 - security/sshguard: Fix memset() off-by-one

Philip Paeps philip at FreeBSD.org
Mon Oct 4 04:30:30 UTC 2021 

The branch 2021Q4 has been updated by philip:

URL: https://cgit.FreeBSD.org/ports/commit/?id=371d21badc1c56e48e307eb2f0a0ccf376a03cdb

commit 371d21badc1c56e48e307eb2f0a0ccf376a03cdb
Author:     Kevin Zheng <kevinz5000 at gmail.com>
AuthorDate: 2021-09-01 05:07:43 +0000
Commit:     Philip Paeps <philip at FreeBSD.org>
CommitDate: 2021-10-04 04:28:58 +0000

    security/sshguard: Fix memset() off-by-one
    
    This bug causes a stack overflow (and crash due to failed stack check)
    when certain IPv6 addresses are whitelisted on i386.
    
    PR:             258179
    Reported by:    John Marshall <john at jmarshall.id.au>
    MFH:            2021Q4
    
    (cherry picked from commit c3381bf4d961159f4903f573c7f01fae85ad5a18)
---
 security/sshguard/Makefile                                    |  1 +
 .../sshguard/files/patch-src_blocker_sshguard__whitelist.c    | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile
index ba84072408b4..48621f158097 100644
--- a/security/sshguard/Makefile
+++ b/security/sshguard/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	sshguard
 PORTVERSION=	2.4.2
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}
diff --git a/security/sshguard/files/patch-src_blocker_sshguard__whitelist.c b/security/sshguard/files/patch-src_blocker_sshguard__whitelist.c
new file mode 100644
index 000000000000..6e468872f458
--- /dev/null
+++ b/security/sshguard/files/patch-src_blocker_sshguard__whitelist.c
@@ -0,0 +1,11 @@
+--- src/blocker/sshguard_whitelist.c.orig	2020-12-31 17:06:03 UTC
++++ src/blocker/sshguard_whitelist.c
+@@ -275,7 +275,7 @@ int whitelist_add_block6(const char *restrict address,
+     bitlen = masklen % 8;
+     bitmask = 0xFF << (8 - bitlen);
+     ab.address.ip6.mask.s6_addr[bytelen] = bitmask;
+-    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, sizeof(ab.address.ip6.mask.s6_addr) - bytelen);
++    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, sizeof(ab.address.ip6.mask.s6_addr) - bytelen - 1);
+ 
+     if (! list_contains(& whitelist, &ab)) {
+         list_append(& whitelist, &ab);

More information about the dev-commits-ports-branches mailing list