From e2ea6501472df4443c7ead10810b6f92c06ff1d5 Mon Sep 17 00:00:00 2001 From: Gwyn Ciesla Date: Jan 23 2024 22:13:30 +0000 Subject: Patch for socks crash. --- diff --git a/19d7684ca10f6c1279568aa19e9a9da2276851f1.patch b/19d7684ca10f6c1279568aa19e9a9da2276851f1.patch new file mode 100644 index 0000000..a7f7802 --- /dev/null +++ b/19d7684ca10f6c1279568aa19e9a9da2276851f1.patch @@ -0,0 +1,78 @@ +From 19d7684ca10f6c1279568aa19e9a9da2276851f1 Mon Sep 17 00:00:00 2001 +From: Ingo Blechschmidt +Date: Sun, 5 Nov 2023 23:43:54 +0100 +Subject: [PATCH] Fix socks4 and socks4a support under glibc's source + fortification + +With glib'c source fortification, gcc offers the compilation warning + + gateway.c: In function 'socks4_connect': + gateway.c:840:4: warning: 'strlcpy' writing 4988 bytes into a region of size 1 overflows the destination + 840 | strlcpy(&(c->userid), socks_userid, sizeof(buf) - sizeof(struct socks_op)); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gateway.c:112:9: note: destination object 'userid' of size 1 + 112 | char userid; /* first byte of userid */ + | ^~~~~~ + +resulting in a runtime abort() when using a socks4 or socks4a upstream proxy: + + $ privoxy --no-daemon <(echo 'forward-socks4 / 127.0.0.1:9050 .') + 7fef77483740 Info: Privoxy version 3.0.34 + 7fef77483740 Info: Program name: privoxy + *** buffer overflow detected ***: terminated + rc: line 3: 321835 Aborted (core dumped) privoxy --no-daemon <(echo 'forward-socks4 / 127.0.0.1:9050 .') + +Despite the warning, the strlcpy() call in question is fine: gcc +misidentifies the size of the destination buffer, estimating to hold +only a single char while in fact the buffer stretches beyond the end of +the struct socks_op. + +This commit fixes this issue in a way which is in line with the second +strlcpy() call in the socks4_connect(). Alternatively, we could also +remove the padding member and promote userid to a trailing flexible array +member. However, this would necessitate further adjustments because that +way the size of struct socks_op would change. + +The issue was originally reported in the NixOS issue tracker at + + https://github.com/NixOS/nixpkgs/issues/265654 + +prompted by an upgrade of glibc from 2.37-39 to 2.38-0, and the fix is +joint work with @esclear and @richi235. +--- + gateway.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/gateway.c b/gateway.c +index a842c07d..20591426 100644 +--- a/gateway.c ++++ b/gateway.c +@@ -837,7 +837,13 @@ static jb_socket socks4_connect(const struct forward_spec *fwd, + + /* build a socks request for connection to the web server */ + +- strlcpy(&(c->userid), socks_userid, sizeof(buf) - sizeof(struct socks_op)); ++ /* ++ * The more straightforward &(c->userid) destination pointer can ++ * cause some gcc versions to misidentify the size of the destination ++ * buffer, tripping the runtime check of glibc's source fortification. ++ */ ++ strlcpy(buf + offsetof(struct socks_op, userid), socks_userid, ++ sizeof(buf) - sizeof(struct socks_op)); + + csiz = sizeof(*c) + sizeof(socks_userid) - sizeof(c->userid) - sizeof(c->padding); + +-- +2.39.2 + + +--- privoxy-3.0.34-stable/gateway.c~ 2024-01-23 16:02:28.893352311 -0600 ++++ privoxy-3.0.34-stable/gateway.c 2024-01-23 16:05:54.458622631 -0600 +@@ -38,6 +38,7 @@ + + #include + #include ++#include + + #ifndef _WIN32 + #include diff --git a/privoxy.spec b/privoxy.spec index eb49ae4..9c3e237 100644 --- a/privoxy.spec +++ b/privoxy.spec @@ -7,7 +7,7 @@ Name: privoxy Version: 3.0.34 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Privacy enhancing proxy License: GPL-2.0-or-later Source0: http://downloads.sourceforge.net/ijbswa/%{name}-%{version}-%{beta_or_stable}-src.tar.gz @@ -17,6 +17,7 @@ Patch0: 53748ca8ca3c893025be34dd4f104546fcbd0602.patch Patch1: e73b93ea9ad1f3e980bd78ed3ebf65dedbb598a2.patch Patch2: 87253c999d5628a6e9287bb0cc613d7b44bcec09.patch Patch3: privoxy-configure-c99.patch +Patch4: 19d7684ca10f6c1279568aa19e9a9da2276851f1.patch URL: http://www.privoxy.org/ Requires(pre): shadow-utils BuildRequires: make @@ -39,6 +40,7 @@ Privoxy is based on the Internet Junkbuster. %patch -P 1 -p 1 %patch -P 2 -p 1 %patch -P 3 -p 1 +%patch -P 4 -p 1 %build rm -rf autom4te.cache @@ -112,6 +114,9 @@ fi %doc doc %changelog +* Tue Jan 23 2024 Gwyn Ciesla - 3.0.34-9 +- Patch for connection crash. + * Sun Jan 21 2024 Fedora Release Engineering - 3.0.34-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild