From 4b8b55c8671ff68b0d9c396bc9e9aba5b95caf77 Mon Sep 17 00:00:00 2001 From: Kevin Zheng Date: Tue, 31 Aug 2021 22:07:43 -0700 Subject: [PATCH] security/sshguard: Fix memset() off-by-one This bug causes a stack overflow (and crash due to failed stack check) when certain IPv6 addresses are whitelisted on i386. --- security/sshguard/Makefile | 1 + .../files/patch-src_blocker_sshguard__whitelist.c | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 security/sshguard/files/patch-src_blocker_sshguard__whitelist.c diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile index ba84072408b4..48621f158097 100644 --- a/security/sshguard/Makefile +++ b/security/sshguard/Makefile @@ -2,6 +2,7 @@ PORTNAME= sshguard PORTVERSION= 2.4.2 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} diff --git a/security/sshguard/files/patch-src_blocker_sshguard__whitelist.c b/security/sshguard/files/patch-src_blocker_sshguard__whitelist.c new file mode 100644 index 000000000000..6e468872f458 --- /dev/null +++ b/security/sshguard/files/patch-src_blocker_sshguard__whitelist.c @@ -0,0 +1,11 @@ +--- src/blocker/sshguard_whitelist.c.orig 2020-12-31 17:06:03 UTC ++++ src/blocker/sshguard_whitelist.c +@@ -275,7 +275,7 @@ int whitelist_add_block6(const char *restrict address, + bitlen = masklen % 8; + bitmask = 0xFF << (8 - bitlen); + ab.address.ip6.mask.s6_addr[bytelen] = bitmask; +- memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, sizeof(ab.address.ip6.mask.s6_addr) - bytelen); ++ memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, sizeof(ab.address.ip6.mask.s6_addr) - bytelen - 1); + + if (! list_contains(& whitelist, &ab)) { + list_append(& whitelist, &ab); -- 2.32.0