NetBSD Problem Report #58578

From www@netbsd.org  Sun Aug 11 05:51:17 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id C2DBF1A9242
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 11 Aug 2024 05:51:17 +0000 (UTC)
Message-Id: <20240811055116.07D9E1A9243@mollari.NetBSD.org>
Date: Sun, 11 Aug 2024 05:51:15 +0000 (UTC)
From: rvp@SDF.ORG
Reply-To: rvp@SDF.ORG
To: gnats-bugs@NetBSD.org
Subject: pkgin(1) doesn't handle blanks in /usr/pkg/etc/pkgin/repositories.conf
X-Send-Pr-Version: www-1.0

>Number:         58578
>Category:       pkg
>Synopsis:       pkgin(1) doesn't handle blanks in /usr/pkg/etc/pkgin/repositories.conf
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    jperkin
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 11 05:55:00 +0000 2024
>Last-Modified:  Tue Aug 13 05:05:01 +0000 2024
>Originator:     RVP
>Release:        NetBSD/amd64 10.99.11
>Organization:
>Environment:
NetBSD/amd64 10.99.11
>Description:
pkgin(1) doesn't handle blanks in /usr/pkg/etc/pkgin/repositories.conf
very well. Add leading or trailings blanks to the URL there and pkgin
does silly things.
>How-To-Repeat:
As above; then do `pkgin update'.
>Fix:
Trim blanks from URLs

---START patch---
diff -urN pkgin-22.10.0.orig/fsops.c pkgin-22.10.0/fsops.c
--- pkgin-22.10.0.orig/fsops.c	2022-10-05 17:19:10.000000000 +0000
+++ pkgin-22.10.0/fsops.c	2023-03-24 07:12:52.029452000 +0000
@@ -112,6 +112,12 @@
 		if (fgets(buf, BUFSIZ, fp) == NULL)
 			continue;

+		for (tmp = buf; isspace((unsigned char )*tmp); tmp++)
+			/* EMPTY */ ;
+		if (strlen(tmp) == 0)
+			continue;
+		memmove(buf, tmp, strlen(tmp) + 1);
+
 		if (strncmp(buf, "ftp://", 6) != 0 &&
 			strncmp(buf, "http://", 7) != 0 &&
 			strncmp(buf, "https://", 8) != 0 &&
diff -urN pkgin-22.10.0.orig/tools.c pkgin-22.10.0/tools.c
--- pkgin-22.10.0.orig/tools.c	2022-10-05 17:19:10.000000000 +0000
+++ pkgin-22.10.0/tools.c	2023-03-24 07:09:32.862474000 +0000
@@ -46,25 +46,15 @@
 }

 /*
- * Remove trailing \n or \r\n, returning length of resulting string.
+ * Remove all trailing space chars., returning length of resulting string.
  */
 size_t
 trimcr(char *str)
 {
-	size_t len;
-
-	if (str == NULL)
-		return (0);
-
-	len = strlen(str);
-
-	if (str[len - 1] == '\n')
-		str[--len] = '\0';
-
-	if (str[len - 1] == '\r')
-		str[--len] = '\0';
-
-	return (len);
+	char* p = str + strlen(str);
+	while (p > str && isspace((unsigned char )*(p - 1)))
+		*--p = '\0';
+	return (size_t)(p - str);
 }

 void
---END patch---

Note, this was made for 22.10.0, but, it still applies cleanly with a
bit of fuzz.

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->jperkin
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Sun, 11 Aug 2024 06:29:16 +0000
Responsible-Changed-Why:
Over to maintainer


From: RVP <rvp@SDF.ORG>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: pkg/58578: pkgin(1) doesn't handle blanks in
 /usr/pkg/etc/pkgin/repositories.conf
Date: Tue, 13 Aug 2024 05:03:30 +0000 (UTC)

 A smaller, less intrusive patch is:

 ```
 diff -urN pkgin-master.orig/fsops.c pkgin-master/fsops.c
 --- pkgin-master.orig/fsops.c	2024-06-12 14:37:20.000000000 +0000
 +++ pkgin-master/fsops.c	2024-08-13 04:50:24.205653579 +0000
 @@ -94,6 +94,11 @@
   		if (fgets(buf, BUFSIZ, fp) == NULL)
   			continue;

 +		char tb[sizeof buf];
 +		char* p = buf + strspn(buf, " \t");
 +		snprintf(tb, sizeof tb, "%.*s", (int)strcspn(p, " \t\r\n"), p);
 +		strcpy(buf, tb);
 +
   		if (strncmp(buf, "ftp://", 6) != 0 &&
   			strncmp(buf, "http://", 7) != 0 &&
   			strncmp(buf, "https://", 8) != 0 &&
 @@ -121,7 +126,7 @@
   			}
   		}

 -		curlen = trimcr(buf) + 2; /* ' ' + '\0' */
 +		curlen = strlen(buf) + 2; /* ' ' + '\0' */
   		repolen += curlen;

   		repos = xrealloc(repos, repolen * sizeof(char));
 ```

 -RVP

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.