Date: Thu, 6 Nov 2008 13:39:33 +0300 (MSK) From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/128640: [patch] x11/xfce4-datetime-plugin: fix use-after-free issue Message-ID: <20081106103933.5607C17112@amnesiac.at.no.dns> Resent-Message-ID: <200811061040.mA6Ae1Va036221@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 128640 >Category: ports >Synopsis: [patch] x11/xfce4-datetime-plugin: fix use-after-free issue >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 06 10:40:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: Code Labs >Environment: System: FreeBSD XXX 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #17: Thu Nov 6 12:14:18 MSK 2008 root@XXX:/usr/obj/usr/src/sys/XXX amd64 >Description: There is use-after-free issue for the xfce-datetime-plugin 0.6.0: http://bugzilla.xfce.org/show_bug.cgi?id=4562 It was already fixed in the trunk, but it is unknown when the release will happen: developer said "I'll do a new release when I have the time". Since the issue makes the plugin fairly unusable, I think it is worth to patch the FreeBSD port just now, not waiting for the release itself. >How-To-Repeat: The problem shows up only on my 7.1/amd64 (for 7.1/i386) all is fine. Just spawn the plugin when configuration was already created and it will show 'Invalid format' as the date and time and line full of junk as the configuration items. >Fix: The following patch should do the trick: --- 0.6.0-fix-access-after-free.patch begins here --- diff -urN ./Makefile ../xfce4-datetime-plugin/Makefile --- ./Makefile 2008-11-06 13:29:15.000000000 +0300 +++ ../xfce4-datetime-plugin/Makefile 2008-11-06 13:29:44.000000000 +0300 @@ -7,6 +7,7 @@ PORTNAME= xfce4-datetime-plugin PORTVERSION= 0.6.0 +PORTREVISION= 1 CATEGORIES= x11-clocks xfce MASTER_SITES= http://goodies.xfce.org/releases/${PORTNAME}/ DIST_SUBDIR= xfce4 diff -urN ./files/patch-g_strdup-before-closing-rc ../xfce4-datetime-plugin/files/patch-g_strdup-before-closing-rc --- ./files/patch-g_strdup-before-closing-rc 1970-01-01 03:00:00.000000000 +0300 +++ ../xfce4-datetime-plugin/files/patch-g_strdup-before-closing-rc 2008-11-06 13:30:11.000000000 +0300 @@ -0,0 +1,35 @@ +Synopsis: Fix memory access after free +Index: datetime.c +Obtained via SVN from: http://svn.xfce.org/svn/goodies/xfce4-datetime-plugin/trunk/panel-plugin +See also: http://svn.xfce.org/index.cgi/xfce-goodies/diff/xfce4-datetime-plugin/trunk/panel-plugin/datetime.c?revs=5484&revs=5007 +=================================================================== +--- panel-plugin/datetime.c (revision 5483) ++++ panel-plugin/datetime.c (revision 5484) +@@ -595,7 +595,7 @@ + static void datetime_read_rc_file(XfcePanelPlugin *plugin, t_datetime *dt) + { + gchar *file; +- XfceRc *rc; ++ XfceRc *rc = NULL; + t_layout layout; + const gchar *date_font, *time_font, *date_format, *time_format; + +@@ -619,8 +619,6 @@ + time_font = xfce_rc_read_entry(rc, "time_font", time_font); + date_format = xfce_rc_read_entry(rc, "date_format", date_format); + time_format = xfce_rc_read_entry(rc, "time_format", time_format); +- +- xfce_rc_close(rc); + } + } + +@@ -629,6 +627,9 @@ + date_format = g_strdup(date_format); + time_format = g_strdup(time_format); + ++ if(rc != NULL) ++ xfce_rc_close(rc); ++ + /* set values in dt struct */ + datetime_apply_layout(dt, layout); + datetime_apply_font(dt, date_font, time_font); --- 0.6.0-fix-access-after-free.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081106103933.5607C17112>