Re: nmap segfault fix

On Wed, Sep 29, 2021 at 09:10:14AM -0700, JR Aquino wrote:
> How about now?

Thanks, that's better.

I think the part of the diff which is the upstream fix is simple enough
that we do not need to worry about the license.

I'll land this in -current once the tree unlocks and will also land it
in 7.0-stable.

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/nmap/Makefile,v
retrieving revision 1.140
diff -u -p -r1.140 Makefile
--- Makefile 20 Jul 2021 22:28:24 -0000 1.140
+++ Makefile 29 Sep 2021 16:36:20 -0000
@@ -7,6 +7,7 @@ MODPY_EGG_VERSION= 7.91
DISTNAME= nmap-${MODPY_EGG_VERSION}
PKGNAME-main= ${DISTNAME}
PKGNAME-zenmap= nmap-zenmap-${MODPY_EGG_VERSION}
+REVISION= 0

CATEGORIES= net security
MASTER_SITES= ${HOMEPAGE}/dist/
@@ -33,6 +34,7 @@ MODULES= lang/python \
lang/lua
MODPY_VERSION= ${MODPY_DEFAULT_VERSION_2}

+DEBUG_PACKAGES= ${BUILD_PACKAGES}
CONFIGURE_STYLE=autoconf
AUTOCONF_VERSION=2.69

Index: patches/patch-nmap_dns_cc
===================================================================
RCS file: patches/patch-nmap_dns_cc
diff -N patches/patch-nmap_dns_cc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-nmap_dns_cc 29 Sep 2021 16:35:25 -0000
@@ -0,0 +1,44 @@
+$OpenBSD$
+
+Avoid careless dereferences outside the domain name buffer.
+Part of this is
+https://github.com/nmap/nmap/commit/3adaa69cb211b00f9bfc66263a56cbd87cc9e521
+
+Index: nmap_dns.cc
+--- nmap_dns.cc.orig
++++ nmap_dns.cc
+@@ -1352,7 +1352,7 @@ bool DNS::Factory::ptrToIp(const std::string &ptr, soc
+ memset(&ip, 0, sizeof(sockaddr_storage));
+
+ // Check whether the name ends with the IPv4 PTR domain
+- if (NULL != (p = strcasestr(cptr + ptr.length() + 1 - sizeof(C_IPV4_PTR_DOMAIN), C_IPV4_PTR_DOMAIN)))
++ if (ptr.length() >= sizeof(C_IPV4_PTR_DOMAIN) - 1 && NULL != (p = strcasestr(cptr + ptr.length() + 1 - sizeof(C_IPV4_PTR_DOMAIN), C_IPV4_PTR_DOMAIN)))
+ {
+ struct sockaddr_in *ip4 = (struct sockaddr_in *)&ip;
+ u8 place_value[] = {1, 10, 100};
+@@ -1361,7 +1361,7 @@ bool DNS::Factory::ptrToIp(const std::string &ptr, soc
+ size_t i = 0;
+
+ p--;
+- while (i < sizeof(ip4->sin_addr.s_addr))
++ while (p >= cptr && i < sizeof(ip4->sin_addr.s_addr))
+ {
+ if (*p == '.')
+ {
+@@ -1387,14 +1387,14 @@ bool DNS::Factory::ptrToIp(const std::string &ptr, soc
+ ip.ss_family = AF_INET;
+ }
+ // If not, check IPv6
+- else if (NULL != (p = strcasestr(cptr + ptr.length() + 1 - sizeof(C_IPV6_PTR_DOMAIN), C_IPV6_PTR_DOMAIN)))
++ else if (ptr.length() >= sizeof(C_IPV6_PTR_DOMAIN) - 1 && NULL != (p = strcasestr(cptr + ptr.length() + 1 - sizeof(C_IPV6_PTR_DOMAIN), C_IPV6_PTR_DOMAIN)))
+ {
+ struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)&ip;
+ u8 alt = 0;
+ size_t i=0;
+
+ p--;
+- while (i < sizeof(ip6->sin6_addr.s6_addr))
++ while (p >= cptr && i < sizeof(ip6->sin6_addr.s6_addr))
+ {
+ if (*p == '.')
+ {