From ecb992de401460e6547986447fb1da1eb6c334041902ab5b6eaae5f8aa0082d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Mon, 12 Sep 2016 12:26:21 +0000 Subject: [PATCH] merge sles patches OBS-URL: https://build.opensuse.org/package/show/network:utilities/openslp?expand=0&rev=39 --- openslp.changes | 12 +++ openslp.doubleequal.diff | 42 ++++++++ openslp.noconvenience.diff | 177 ++++++++++++++++++++++++++++++++++ openslp.predicatestorage.diff | 48 +++++++++ openslp.spec | 8 +- 5 files changed, 286 insertions(+), 1 deletion(-) create mode 100644 openslp.doubleequal.diff create mode 100644 openslp.noconvenience.diff create mode 100644 openslp.predicatestorage.diff diff --git a/openslp.changes b/openslp.changes index d12f134..10673ff 100644 --- a/openslp.changes +++ b/openslp.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Sep 12 14:23:15 CEST 2016 - mls@suse.de + +- remove convenience code as changes bytes in the message + buffer breaking the verification code [bnc#994989] + new patch: openslp.noconvenience.diff +- fix storage handling in predicate code, it clashed with gcc's + fortify_source extension [bnc#909195] + new patch: openslp.predicatestorage.diff +- bring back allowDoubleEqualInPredicate option + new patch: openslp.doubleequal.diff + ------------------------------------------------------------------- Sun Mar 8 00:39:27 UTC 2015 - p.drouand@gmail.com diff --git a/openslp.doubleequal.diff b/openslp.doubleequal.diff new file mode 100644 index 0000000..a094570 --- /dev/null +++ b/openslp.doubleequal.diff @@ -0,0 +1,42 @@ +--- ./slpd/slpd_predicate.c.orig 2014-12-15 14:11:36.181812237 +0000 ++++ ./slpd/slpd_predicate.c 2014-12-15 14:20:00.441759165 +0000 +@@ -66,6 +66,7 @@ + #include "slp_xmalloc.h" + + #include "slpd_predicate.h" ++#include "slpd_property.h" + + /* Parse character definitions. */ + #define BRACKET_OPEN '(' +@@ -1633,6 +1634,11 @@ SLPDPredicateParseResult createPredicate + op = EQUAL; + } + ++ if (op == EQUAL && G_SlpdProperty.allowDoubleEqualInPredicate && operator[1] == '=') ++ { ++ val_start++; ++ } ++ + /***** Get operands. *****/ + /**** Left. ****/ + lhs_len = operator - cur; +--- ./slpd/slpd_property.c.orig 2014-12-15 14:09:49.294246247 +0000 ++++ ./slpd/slpd_property.c 2014-12-15 14:11:21.587871548 +0000 +@@ -250,6 +250,7 @@ void SLPDPropertyReinit(void) + G_SlpdProperty.myHostnameLen = strlen(G_SlpdProperty.myHostname); + + G_SlpdProperty.hardMTU = SLPPropertyAsBoolean("net.slp.hardMTU"); ++ G_SlpdProperty.allowDoubleEqualInPredicate = SLPPropertyAsBoolean("net.slp.allowDoubleEqualInPredicate"); + + G_SlpdProperty.DASyncReg = SLPPropertyAsBoolean("net.slp.DASyncReg"); + G_SlpdProperty.isDABackup = SLPPropertyAsBoolean("net.slp.isDABackup"); +--- ./slpd/slpd_property.h.orig 2014-12-15 14:09:43.647269171 +0000 ++++ ./slpd/slpd_property.h 2014-12-15 14:10:24.932101603 +0000 +@@ -118,6 +118,7 @@ typedef struct _SLPDProperty + int useDHCP; + int oversizedUDP; + int hardMTU; ++ int allowDoubleEqualInPredicate; + + int DASyncReg; + int isDABackup; diff --git a/openslp.noconvenience.diff b/openslp.noconvenience.diff new file mode 100644 index 0000000..53f3684 --- /dev/null +++ b/openslp.noconvenience.diff @@ -0,0 +1,177 @@ +--- ./common/slp_v2message.c.orig 2016-09-12 10:51:36.284400063 +0000 ++++ ./common/slp_v2message.c 2016-09-12 10:55:19.553648752 +0000 +@@ -150,13 +150,6 @@ static int v2ParseUrlEntry(SLPBuffer buf + } + urlentry->opaquelen = buffer->curpos - urlentry->opaque; + +- /* Terminate the URL string for caller convenience - we're overwriting +- * the first byte of the "# of URL auths" field, but it's okay because +- * we've already read and stored it away. +- */ +- if(urlentry->url) +- ((uint8_t *)urlentry->url)[urlentry->urllen] = 0; +- + return 0; + } + +@@ -543,12 +536,6 @@ static int v2ParseAttrRply(SLPBuffer buf + } + } + +- /* Terminate the attr list for caller convenience - overwrites the +- * first byte of the "# of AttrAuths" field, but we've processed it. +- */ +- if(attrrply->attrlist) +- ((uint8_t *)attrrply->attrlist)[attrrply->attrlistlen] = 0; +- + return 0; + } + +@@ -643,13 +630,6 @@ static int v2ParseDAAdvert(SLPBuffer buf + } + } + +- /* Terminate the URL string for caller convenience - we're overwriting +- * the first byte of the "Length of " field, but it's okay +- * because we've already read and stored it away. +- */ +- if(daadvert->url) +- ((uint8_t *)daadvert->url)[daadvert->urllen] = 0; +- + return 0; + } + +@@ -749,14 +729,6 @@ static int v2ParseSrvTypeRply(SLPBuffer + if (buffer->curpos > buffer->end) + return SLP_ERROR_PARSE_ERROR; + +- /* Terminate the service type list string for caller convenience - while +- * it appears that we're writing one byte past the end of the buffer here, +- * it's not so - message buffers are always allocated one byte larger than +- * requested for just this reason. +- */ +- if(srvtyperply->srvtypelist) +- ((uint8_t *)srvtyperply->srvtypelist)[srvtyperply->srvtypelistlen] = 0; +- + return 0; + } + +@@ -825,13 +797,6 @@ static int v2ParseSAAdvert(SLPBuffer buf + } + } + +- /* Terminate the URL string for caller convenience - we're overwriting +- * the first byte of the "Length of " field, but it's okay +- * because we've already read and stored it away. +- */ +- if(saadvert->url) +- ((uint8_t *)saadvert->url)[saadvert->urllen] = 0; +- + return 0; + } + +--- ./libslp/libslp_findattrs.c.orig 2016-09-12 10:57:02.363303412 +0000 ++++ ./libslp/libslp_findattrs.c 2016-09-12 10:58:41.416970996 +0000 +@@ -98,6 +98,9 @@ static SLPBoolean ProcessAttrRplyCallbac + return SLP_TRUE; /* Authentication failure. */ + } + #endif ++ /* TRICKY: null terminate the attrlist by setting the authcount to 0 */ ++ ((char*)(attrrply->attrlist))[attrrply->attrlistlen] = 0; ++ + /* Call the user's callback function. */ + result = handle->params.findattrs.callback(handle, + attrrply->attrlist, (SLPError)(-attrrply->errorcode), +--- ./libslp/libslp_findsrvs.c.orig 2016-09-12 10:57:07.995284521 +0000 ++++ ./libslp/libslp_findsrvs.c 2016-09-12 11:26:08.220430148 +0000 +@@ -227,6 +227,9 @@ static SLPBoolean ProcessSrvRplyCallback + && SLPAuthVerifyUrl(handle->hspi, 1, &urlentry[i])) + continue; /* Authentication failed, skip this URLEntry. */ + #endif ++ /* TRICKY: null terminate the url by setting the authcount to 0 */ ++ ((char*)(urlentry[i].url))[urlentry[i].urllen] = 0; ++ + result = CollateToSLPSrvURLCallback(handle, urlentry[i].url, + (unsigned short)urlentry[i].lifetime, SLP_OK, peeraddr); + if (result == SLP_FALSE) +@@ -245,6 +248,9 @@ static SLPBoolean ProcessSrvRplyCallback + return SLP_TRUE; + } + #endif ++ /* TRICKY: null terminate the url by setting the scope list length to 0 */ ++ ((char *)replymsg->body.daadvert.url)[replymsg->body.daadvert.urllen] = 0; ++ + result = CollateToSLPSrvURLCallback(handle, + replymsg->body.daadvert.url, SLP_LIFETIME_MAXIMUM, + SLP_OK, peeraddr); +@@ -260,6 +266,9 @@ static SLPBoolean ProcessSrvRplyCallback + return SLP_TRUE; + } + #endif ++ /* TRICKY: null terminate the url by setting the scope list length to 0 */ ++ ((char *)replymsg->body.saadvert.url)[replymsg->body.saadvert.urllen] = 0; ++ + result = CollateToSLPSrvURLCallback(handle, + replymsg->body.saadvert.url, SLP_LIFETIME_MAXIMUM, + SLP_OK, peeraddr); +--- ./libslp/libslp_findsrvtypes.c.orig 2016-09-12 10:57:15.275260063 +0000 ++++ ./libslp/libslp_findsrvtypes.c 2016-09-12 11:03:41.863964662 +0000 +@@ -175,8 +175,13 @@ static SLPBoolean ProcessSrvTypeRplyCall + { + SLPSrvTypeRply * srvtyperply = &replymsg->body.srvtyperply; + if (srvtyperply->srvtypelistlen) ++ { ++ /* TRICKY: null terminate the srvtypelist by setting the last byte 0 */ ++ ((char*)(srvtyperply->srvtypelist))[srvtyperply->srvtypelistlen] = 0; ++ + result = CollateToSLPSrvTypeCallback((SLPHandle)handle, + srvtyperply->srvtypelist, srvtyperply->errorcode * -1); ++ } + } + SLPMessageFree(replymsg); + } +--- ./libslp/libslp_knownda.c.orig 2016-09-12 10:57:21.083240529 +0000 ++++ ./libslp/libslp_knownda.c 2016-09-12 11:07:26.178207707 +0000 +@@ -335,6 +335,8 @@ static SLPBoolean KnownDADiscoveryCallba + { + SLPParsedSrvUrl * srvurl; + ++ /* TRICKY: NULL terminate the DA url */ ++ ((char*)(replymsg->body.daadvert.url))[replymsg->body.daadvert.urllen] = 0; + if (SLPParseSrvUrl(replymsg->body.daadvert.urllen, + replymsg->body.daadvert.url, &srvurl) == 0) + { +@@ -993,14 +995,22 @@ void KnownDAProcessSrvRqst(SLPHandleInfo + { + SLPBoolean cb_result; + SLPDatabaseEntry * entry = SLPDatabaseEnum(dh); ++ char tmp; + if (!entry) + break; + ++ /* TRICKY temporary null termination of DA url */ ++ tmp = entry->msg->body.daadvert.url[entry->msg->body.daadvert.urllen]; ++ ((char*)(entry->msg->body.daadvert.url))[entry->msg->body.daadvert.urllen] = 0; ++ + /* Call the SrvURLCallback. */ + cb_result = handle->params.findsrvs.callback(handle, + entry->msg->body.daadvert.url, SLP_LIFETIME_MAXIMUM, + SLP_OK, handle->params.findsrvs.cookie); + ++ /* TRICKY: undo temporary null termination of DA url */ ++ ((char*)(entry->msg->body.daadvert.url))[entry->msg->body.daadvert.urllen] = tmp; ++ + /* Does the caller want more? */ + if (cb_result == SLP_FALSE) + break; +--- ./slpd/slpd_regfile.c.orig 2016-09-12 11:12:02.353273706 +0000 ++++ ./slpd/slpd_regfile.c 2016-09-12 11:30:56.987463452 +0000 +@@ -657,7 +657,7 @@ int SLPDRegFileWriteSrvReg(FILE * fd, SL + + if (fd) + { +- fprintf(fd, "%s,%s,%d\n", msg->body.srvreg.urlentry.url, msg->header.langtag, msg->body.srvreg.urlentry.lifetime); ++ fprintf(fd, "%*s,%s,%d\n", (int)(msg->body.srvreg.urlentry.urllen), msg->body.srvreg.urlentry.url, msg->header.langtag, msg->body.srvreg.urlentry.lifetime); + if (msg->body.srvreg.source == SLP_REG_SOURCE_PULL_PEER_DA) + fprintf(fd, "slp-source=pulled-from-da-%s\n", SLPNetSockAddrStorageToString(&msg->peer, addr_str, sizeof(addr_str))); + else if (msg->body.srvreg.source == SLP_REG_SOURCE_LOCAL) diff --git a/openslp.predicatestorage.diff b/openslp.predicatestorage.diff new file mode 100644 index 0000000..71bf4b7 --- /dev/null +++ b/openslp.predicatestorage.diff @@ -0,0 +1,48 @@ +--- ./slpd/slpd_predicate.c.orig 2014-12-15 13:07:38.636640141 +0000 ++++ ./slpd/slpd_predicate.c 2014-12-15 13:10:09.507004676 +0000 +@@ -1643,7 +1643,7 @@ SLPDPredicateParseResult createPredicate + rhs = val_start; + + /***** Create leaf node. *****/ +- *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode) + lhs_len + rhs_len); ++ *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode) + lhs_len + 1 + rhs_len + 1); + if (!(*ppNode)) + return PREDICATE_PARSE_INTERNAL_ERROR; + +@@ -1653,7 +1653,7 @@ SLPDPredicateParseResult createPredicate + /* Finished with "operator" now - just use as temporary pointer to assist with copying the + * attribute name (lhs) and required value (rhs) into the node + */ +- operator = (*ppNode)->nodeBody.comparison.storage; ++ operator = (char *)((*ppNode) + 1); + strncpy(operator, lhs, lhs_len); + operator[lhs_len] = '\0'; + (*ppNode)->nodeBody.comparison.tag_len = lhs_len; +@@ -1853,7 +1853,7 @@ SLPDPredicateParseResult createPredicate + rhs = val_start; + + /***** Create leaf node. *****/ +- *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode) + lhs_len + rhs_len); ++ *ppNode = (SLPDPredicateTreeNode *)xmalloc(sizeof (SLPDPredicateTreeNode) + lhs_len + 1 + rhs_len + 1); + if (!(*ppNode)) + return PREDICATE_PARSE_INTERNAL_ERROR; + +@@ -1863,7 +1863,7 @@ SLPDPredicateParseResult createPredicate + /* Finished with "operator" now - just use as temporary pointer to assist with copying the + * attribute name (lhs) and required value (rhs) into the node + */ +- operator = (*ppNode)->nodeBody.comparison.storage; ++ operator = (char *)((*ppNode) + 1); + strncpy(operator, lhs, lhs_len); + operator[lhs_len] = '\0'; + (*ppNode)->nodeBody.comparison.tag_len = lhs_len; +--- ./slpd/slpd_predicate.h.orig 2014-12-15 13:07:43.084621416 +0000 ++++ ./slpd/slpd_predicate.h 2014-12-15 13:08:00.738547083 +0000 +@@ -98,7 +98,6 @@ typedef struct __SLPDPredicateTreeNode + char *tag_str; + size_t value_len; + char *value_str; +- char storage[2]; + } comparison; + } nodeBody; + } SLPDPredicateTreeNode; diff --git a/openslp.spec b/openslp.spec index bca2894..4f7f017 100644 --- a/openslp.spec +++ b/openslp.spec @@ -1,7 +1,7 @@ # # spec file for package openslp # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -57,6 +57,9 @@ Patch9: openslp.hardmtu.diff Patch10: openslp.tcplocal.diff Patch11: openslp.localtime.diff Patch12: openslp.sd_notify.diff +Patch13: openslp.predicatestorage.diff +Patch14: openslp.doubleequal.diff +Patch15: openslp.noconvenience.diff %description Service Location Protocol is an IETF standards track protocol that @@ -121,6 +124,9 @@ such applications. %if 0%{?has_systemd} %patch12 %endif +%patch13 +%patch14 +%patch15 %build autoreconf -fiv %configure --disable-static --with-pic --enable-slpv1 \