From scheidell@secnap.net  Thu Jan 26 20:13:48 2012
Return-Path: <scheidell@secnap.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 06910106564A
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 26 Jan 2012 20:13:48 +0000 (UTC)
	(envelope-from scheidell@secnap.net)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253])
	by mx1.freebsd.org (Postfix) with ESMTP id B98B18FC14
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 26 Jan 2012 20:13:47 +0000 (UTC)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253])
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 2C061621C46
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 26 Jan 2012 15:13:47 -0500 (EST)
Received: from scanner.secnap.net (unknown [10.70.1.4])
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 0E6D5621C45
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 26 Jan 2012 15:13:46 -0500 (EST)
Received: by scanner.secnap.net (Postfix, from userid 1001)
	id 0933E1D3E7; Thu, 26 Jan 2012 15:13:46 -0500 (EST)
Message-Id: <20120126201346.0933E1D3E7@scanner.secnap.net>
Date: Thu, 26 Jan 2012 15:13:46 -0500 (EST)
From: Michael Scheidell <scheidell@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] security/swatch doesn't always find running process
X-Send-Pr-Version: 3.113
X-GNATS-Notify: joseph@randomnetworks.com

>Number:         164529
>Category:       ports
>Synopsis:       [PATCH] security/swatch doesn't always find running process
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    scheidell
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 26 20:20:09 UTC 2012
>Closed-Date:    Fri Feb 10 14:38:03 UTC 2012
>Last-Modified:  Fri Feb 10 14:40:10 UTC 2012
>Originator:     Michael Scheidell
>Release:        FreeBSD 7.4-RELEASE-p3 i386
>Organization:
SECNAP Network Security Corp
>Environment:

amd7.4, amd7.3, i386 7.3
>Description:
	1) service swatch status won't always show status, which means it won't always stop, restart, etc.
	if swatch_x_flags is greater than 222 bytes, then you need procname=/usr/local/bin/perl
        if < 222, you don't.  This is due to the $0 limit in perl:  "

http://perldoc.perl.org/perlvar.html
"Note that there are platform-specific limitations on the maximum length of $0 . In the most extreme case it may be limited 
to the space occupied by the original $0 ."


	2) swatch would LIKE to have p5-File-Tail as a dependency: (if you don't use the default tail command)
	"Checking if your kit is complete...
Looks good
Warning: prerequisite File::Tail 0 not found.
Writing Makefile for swatch:
>How-To-Repeat:
	1) have a very long log file name (so that swatch_1_flags is > 222 bytes), have multiple files, same
	2) pkg_delete p5-File-Tail\* and reinstall swatch. look for error.
>Fix:
	1) this patch takes the $command $swatch_x_flags and the 'suffex' (perl), two byte padding and compares it to 255
if swatch worked for you before (service swatch (status|stop|restart) then this should work.
if it didn't work before, and you had lots of little swatches running, this should fix it.

I asked in ports@ and perl@ and didn't really get any good answers to this ugly hack.

(note: two options, instead of setting procname, you could 'err 1 swatch_${i}_flags too long' in rc. or you could patch 
swatch to fail if cmdarg > (too long)

2) this patch will bring in File-Tail, and allow for both smaller swatch_x_flags lens and larger ones.

- patch swatch.rc to check for buffer overflow in cmdarg with long _flags lines
- add p5-File-Tail dependency


--- swatch.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/security/swatch/Makefile,v
retrieving revision 1.31
diff -u -r1.31 Makefile
--- Makefile	21 Jan 2012 17:40:12 -0000	1.31
+++ Makefile	26 Jan 2012 19:55:30 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	swatch
 PORTVERSION=	3.2.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security sysutils
 MASTER_SITES=	SF
 
@@ -17,7 +17,8 @@
 BUILD_DEPENDS=	\
 	${SITE_PERL}/Date/Format.pm:${PORTSDIR}/devel/p5-TimeDate \
 	${SITE_PERL}/Date/Manip.pm:${PORTSDIR}/devel/p5-Date-Manip \
-	${SITE_PERL}/Date/Calc.pm:${PORTSDIR}/devel/p5-Date-Calc
+	${SITE_PERL}/Date/Calc.pm:${PORTSDIR}/devel/p5-Date-Calc \
+	${SITE_PERL}/File/Tail.pm:${PORTSDIR}/devel/p5-File-Tail
 RUN_DEPENDS:=	${BUILD_DEPENDS}
 
 PERL_CONFIGURE=	yes
Index: files/swatch.in
===================================================================
RCS file: /home/pcvs/ports/security/swatch/files/swatch.in,v
retrieving revision 1.7
diff -u -r1.7 swatch.in
--- files/swatch.in	14 Jan 2012 08:56:53 -0000	1.7
+++ files/swatch.in	26 Jan 2012 19:55:30 -0000
@@ -21,15 +21,20 @@
 
 name=swatch
 rcvar=swatch_enable
+# set some defaults
+: ${swatch_enable="NO"}
 
 command=%%PREFIX%%/bin/swatch
-procname=%%LOCALBASE%%/bin/perl
 
 load_rc_config ${name}
 
 if [ -n "${swatch_rules}" ]; then
     for i in ${swatch_rules}; do
 	eval swatch_flags=\$swatch_${i}_flags
+	len=`echo "0${command} ${swatch_flags} (perl)0" | wc -c`
+	if [ $len -ge 255 ];then
+	   procname=%%LOCALBASE%%/bin/perl
+	fi
 	eval swatch_user=\$swatch_${i}_user
 	eval swatch_chdir=\$swatch_${i}_chdir
 	eval pidfile=\$swatch_${i}_pidfile
--- swatch.patch ends here ---


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________  
  
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->scheidell 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Jan 26 20:20:20 UTC 2012 
Responsible-Changed-Why:  
Submitter has GNATS access (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164529 
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Thu Jan 26 20:20:24 UTC 2012 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164529 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: joseph@randomnetworks.com
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/164529: [PATCH] security/swatch doesn't always find running process
Date: Thu, 26 Jan 2012 20:20:22 UT

 Maintainer of security/swatch,
 
 Please note that PR ports/164529 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/164529
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: Michael Scheidell <scheidell@freebsd.org>
To: <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: ports/164529: [PATCH] security/swatch doesn&#39;t always find
 running process
Date: Tue, 7 Feb 2012 11:36:31 -0500

 Joseph:
 
 Have you had a chance to look at my pr yet?
 It should be 100% upward compatible with anyone using it now, and fixes 
 the problem with long _flags.
 
 I checked on ports@ and their suggestion to have it fixed upstream 
 really isn't going to work.. FreeBSD has the 255 byte limit, and any 
 'fix' upstream would break anyone currently using swatch with long _flags.
 
 -- 
 Michael Scheidell, CTO
 o: 561-999-5000
 d: 561-948-2259
  >*| *SECNAP Network Security Corporation
 
     * Best Mobile Solutions Product of 2011
     * Best Intrusion Prevention Product
     * Hot Company Finalist 2011
     * Best Email Security Product
     * Certified SNORT Integrator
 
State-Changed-From-To: feedback->closed 
State-Changed-By: scheidell 
State-Changed-When: Fri Feb 10 14:38:02 UTC 2012 
State-Changed-Why:  
Committed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164529 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/164529: commit references a PR
Date: Fri, 10 Feb 2012 14:37:40 +0000 (UTC)

 scheidell    2012-02-10 14:37:30 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/swatch      Makefile 
     security/swatch/files swatch.in 
   Log:
   - patch swatch.rc to check for buffer overflow in cmdarg with long _flags lines
   - add p5-File-Tail dependency
   - Bump PORTREVISION
   
   PR:             ports/164529
   Submitted by:   scheidell
   Approved by:    joseph@randomnetworks.com (maintainer timeout, 15 days), gabor (mentor)
   
   Revision  Changes    Path
   1.32      +3 -2      ports/security/swatch/Makefile
   1.8       +11 -4     ports/security/swatch/files/swatch.in
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
