Add yet another fix against a segfault that ChrisWhite found.

(Portage version: 2.1_rc1-r2)
author: Robin H. Johnson <robbat2@gentoo.org> 2006-05-22 06:37:06 +0000
committer: Robin H. Johnson <robbat2@gentoo.org> 2006-05-22 06:37:06 +0000
commit: cd0d86c89d2504a5eff86788b36f02d38e1a98ec (patch)
tree: a7fba3fe413956ab2b0768af8efd427ab736630f /dev-util
parent: version bump for gdal ruby bindings (diff)
download: gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.tar.gz
gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.tar.bz2
gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.zip
4 files changed, 175 insertions, 1 deletions
diff --git a/dev-util/rats/ChangeLog b/dev-util/rats/ChangeLog
index c6507e7d071e..5a421266edd9 100644
--- a/dev-util/rats/ChangeLog
+++ b/dev-util/rats/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-util/rats
 # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-util/rats/ChangeLog,v 1.12 2006/05/22 05:32:38 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-util/rats/ChangeLog,v 1.13 2006/05/22 06:37:06 robbat2 Exp $
+
+*rats-2.1-r2 (22 May 2006)
+
+  22 May 2006; Robin H. Johnson <robbat2@gentoo.org>
+  +files/rats-2.1-fix-null-pointers.patch, +rats-2.1-r2.ebuild:
+  Add yet another fix against a segfault that ChrisWhite found.
 
   22 May 2006; Robin H. Johnson <robbat2@gentoo.org> rats-2.1-r1.ebuild:
   Forgot to inherit eutils.
diff --git a/dev-util/rats/files/digest-rats-2.1-r2 b/dev-util/rats/files/digest-rats-2.1-r2
new file mode 100644
index 000000000000..cf460df77785
--- /dev/null
+++ b/dev-util/rats/files/digest-rats-2.1-r2
@@ -0,0 +1,3 @@
+MD5 adf31806f1eff0c353abcfd57653ecb3 rats-2.1.tar.gz 326930
+RMD160 6385ff617bf629b03eff64f5563963c905341f22 rats-2.1.tar.gz 326930
+SHA256 ec9fac2765b655c03cede8c5920de3226581f1e626be314bce95f4d0ac9aadd9 rats-2.1.tar.gz 326930
diff --git a/dev-util/rats/files/rats-2.1-fix-null-pointers.patch b/dev-util/rats/files/rats-2.1-fix-null-pointers.patch
new file mode 100644
index 000000000000..0d4c701f0bfc
--- /dev/null
+++ b/dev-util/rats/files/rats-2.1-fix-null-pointers.patch
@@ -0,0 +1,128 @@
+diff -Nuar rats-2.1.orig/report.c rats-2.1/report.c
+--- rats-2.1.orig/report.c	2002-09-16 21:05:43.000000000 -0700
++++ rats-2.1/report.c	2006-05-21 23:16:16.323046789 -0700
+@@ -122,9 +122,15 @@
+   return result;
+ }
+        
+-   
+-
+-  
++/* Exclusively for debugging vulnerabilities.
++ * - robbat2@gentoo.org 21/05/2006 */
++static void debug_vuln_dump(vulnerability_t *ptr) {
++	fprintf(stderr,"vuln_dump: this=%x f=%s l=%d c=%d d=%x t=%d s=%d u=%x p=(%x,%x)\n",				
++			ptr,
++			ptr->filename,ptr->lineno,ptr->column,
++			ptr->data,ptr->type,ptr->severity,
++			ptr->uses,ptr->next,ptr->prev);
++}
+   
+ static void
+ replace_cfname(char *filename)
+@@ -317,6 +323,27 @@
+     insert_vulnerability(log);
+ }
+ 
++/* These are special static vulnerabilities because we don't
++ * want NULL data elements in the vulnerability_t->data
++ * field, because the HTML and XML output formats use that
++ * pointer without checking it for being null first.
++ * - robbat2@gentoo.org 21/05/2006 */
++static struct Vuln_t vuln_PerlBacktick = {
++	.Name = "Perl Backtick"
++};
++static struct Vuln_t vuln_PhpBacktick = {
++	.Name = "PHP Backtick"
++};
++static struct Vuln_t vuln_PythonBacktick = {
++	.Name = "Python Backtick"
++};
++static struct Vuln_t vuln_StaticLocalBuffer = {
++	.Name = "Static Local Buffer"
++};
++static struct Vuln_t vuln_StaticGlobalBuffer = {
++	.Name = "Static Global Buffer"
++};
++
+ void log_perlbacktick(int lineno, int column, Severity_t severity)
+ {
+     vulnerability_t *   log;
+@@ -325,7 +352,7 @@
+     log->filename = current_file;
+     log->column   = column;
+     log->lineno   = lineno;
+-    log->data     = (Vuln_t *)NULL;
++    log->data     = &vuln_PerlBacktick;
+     log->type     = PerlBacktick;
+     log->severity = severity;
+     log->uses     = (toctou_use_t *)NULL;
+@@ -342,7 +369,7 @@
+     log->filename = current_file;
+     log->column   = column;
+     log->lineno   = lineno;
+-    log->data     = (Vuln_t *)NULL;
++    log->data     = &vuln_PhpBacktick;
+     log->type     = PhpBacktick;
+     log->severity = severity;
+     log->uses     = (toctou_use_t *)NULL;
+@@ -358,7 +385,7 @@
+     log->filename = current_file;
+     log->column   = column;
+     log->lineno   = lineno;
+-    log->data     = (Vuln_t *)NULL;
++    log->data     = &vuln_PythonBacktick;
+     log->type     = PythonBacktick;
+     log->severity = severity;
+     log->uses     = (toctou_use_t *)NULL;
+@@ -374,7 +401,16 @@
+     log->filename = current_file;
+     log->column   = column;
+     log->lineno   = lineno;
+-    log->data     = (Vuln_t *)NULL;
++	switch(type) {
++		case StaticLocalBuffer: 
++			log->data     = &vuln_StaticLocalBuffer; 
++			break;
++		case StaticGlobalBuffer: 
++			log->data     = &vuln_StaticGlobalBuffer; 
++			break;
++		default:
++			log->data     = (Vuln_t *)NULL;
++	}
+     log->type     = type;
+     log->severity = severity;
+     log->uses     = (toctou_use_t *)NULL;
+@@ -432,6 +468,10 @@
+ static void build_xml_vulnerability(vulnerability_t *ptr) {
+     int i;
+     
++	/* Debugging - robbat2@gentoo.org 21/05/2006 */
++	if(ptr->data == NULL) 
++		debug_vuln_dump(ptr);
++    
+     printf("<vulnerability>\n");
+ 
+     /* Output the severity */
+@@ -593,6 +633,8 @@
+ void report_vulnerability(vulnerability_t *ptr)
+ {
+     int i;
++	if(ptr->data == NULL)
++		debug_vuln_dump(ptr);
+ 
+     switch (ptr->type)
+     {
+@@ -890,8 +932,10 @@
+      
+ static void build_html_vulnerability(vulnerability_t *ptr) {
+     int i;
+-    
+-
++ 
++	/* Debugging - robbat2@gentoo.org 21/05/2006 */
++	if(ptr->data == NULL) 
++		debug_vuln_dump(ptr);
+     
+     /* Output the severity */
+     printf("  <b>Severity: %s</b><br/>\n",
diff --git a/dev-util/rats/rats-2.1-r2.ebuild b/dev-util/rats/rats-2.1-r2.ebuild
new file mode 100644
index 000000000000..12f81ce7af88
--- /dev/null
+++ b/dev-util/rats/rats-2.1-r2.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-util/rats/rats-2.1-r2.ebuild,v 1.1 2006/05/22 06:37:06 robbat2 Exp $
+
+inherit eutils
+
+DESCRIPTION="RATS - Rough Auditing Tool for Security"
+HOMEPAGE="http://www.securesoftware.com/download_rats.htm"
+SRC_URI="http://www.securesoftware.com/${PN}/${P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+DEPEND="dev-libs/expat
+		virtual/libc"
+
+src_unpack() {
+	unpack ${A}
+	epatch ${FILESDIR}/${P}-add-getopt-trailing-null.patch
+	epatch ${FILESDIR}/${P}-fix-null-pointers.patch
+}
+
+src_compile() {
+	econf --datadir="/usr/share/${PN}/" || die
+	emake || die
+}
+
+src_install () {
+	einstall SHAREDIR="${D}/usr/share/${PN}" MANDIR="${D}/usr/share/man" || die
+	dodoc README README.win32
+}
+
+pkg_postinst() {
+	ewarn "Please be careful when using this program with it's force language"
+	ewarn "option, '--language <LANG>' it may take huge amounts of memory when"
+	ewarn "it tries to treat binary files as some other type."
+}
author	Robin H. Johnson <robbat2@gentoo.org>	2006-05-22 06:37:06 +0000
committer	Robin H. Johnson <robbat2@gentoo.org>	2006-05-22 06:37:06 +0000
commit	cd0d86c89d2504a5eff86788b36f02d38e1a98ec (patch)
tree	a7fba3fe413956ab2b0768af8efd427ab736630f /dev-util
parent	version bump for gdal ruby bindings (diff)
download	gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.tar.gz gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.tar.bz2 gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.zip