Bug#875994: stretch-pu: package flickcurl/1.26-2

To: Jonathan Wiltshire <jmw@debian.org>
Cc: 875994@bugs.debian.org
Subject: Bug#875994: stretch-pu: package flickcurl/1.26-2
From: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>
Date: Sun, 24 Sep 2017 09:36:10 +0530
Message-id: <[🔎] 20170924040610.a4ul5kozcethvrax@odessa>
Reply-to: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>, 875994@bugs.debian.org
In-reply-to: <[🔎] 20170923163009.mvnpu2wi3qmc5ztp@powdarrmonkey.net>
References: <[🔎] 20170917034912.gyoawageaspyrtf2@odessa> <[🔎] 20170923163009.mvnpu2wi3qmc5ztp@powdarrmonkey.net> <[🔎] 20170917034912.gyoawageaspyrtf2@odessa>

Dear Jonathan,

On Sat, Sep 23, 2017 at 05:30:09PM +0100, Jonathan Wiltshire wrote:
> Control: moreinfo
> 
> Hi,
> 
> On Sun, Sep 17, 2017 at 09:19:12AM +0530, Kumar Appaiah wrote:
> > Could you please consider the attached changes to flickcurl to fix
> > #875800? If so, I will prepare an upload.
> 
> In principle yes, but you need to submit a full source debdiff of your
> prepared upload targetting stretch first.

Thanks. Please check the attached interdiff. If there are any errors,
please let me know.

Kumar
-- 
Kumar Appaiah

diff --git a/debian/changelog b/debian/changelog
index 3a59242..19c5707 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+flickcurl (1.26-4+deb9u1) stretch; urgency=medium
+
+  * Apply patch from upstream to fix oauth token fetching
+  * Apply patch from upstream to prevent double free corruption
+    during authentication (Closes: #875800)
+  * Remove broken devhelp link in flickcurl-doc (Closes: #859019)
+
+ -- Kumar Appaiah <akumar@debian.org>  Thu, 30 Mar 2017 07:25:12 +0530
+
 flickcurl (1.26-2) unstable; urgency=medium
 
   * libflickcurl-dev: depend on libraptor2-dev, not obsolete
diff --git a/debian/flickcurl-doc.links b/debian/flickcurl-doc.links
index 9fa58d6..37daaab 100644
--- a/debian/flickcurl-doc.links
+++ b/debian/flickcurl-doc.links
@@ -1,2 +1 @@
-usr/share/doc/flickcurl-doc/flickcurl.devhelp usr/share/gtk-doc/html/flickcurl
 usr/share/doc/flickcurl-doc/flickcurl.devhelp2 usr/share/gtk-doc/html/flickcurl2
diff --git a/debian/patches/0001-Make-form-use-free-api-saner-and-prevent-double-free.patch b/debian/patches/0001-Make-form-use-free-api-saner-and-prevent-double-free.patch
new file mode 100644
index 0000000..75d29fc
--- /dev/null
+++ b/debian/patches/0001-Make-form-use-free-api-saner-and-prevent-double-free.patch
@@ -0,0 +1,176 @@
+From a5cc2a5d2fc7074f50fbaa772232b6e0fea7ce89 Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave@dajobe.org>
+Date: Sun, 25 Jan 2015 15:44:27 -0800
+Subject: [PATCH] Make form use/free api saner and prevent double free. Fixes
+ Issue #28
+
+---
+ src/common.c             | 31 +++++++++++++++++++++----------
+ src/flickcurl_internal.h |  2 +-
+ src/oauth.c              | 34 ++++++++++++++++++----------------
+ 3 files changed, 40 insertions(+), 27 deletions(-)
+
+diff --git a/src/common.c b/src/common.c
+index 1fcc67d..348c78f 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -1516,14 +1516,18 @@ flickcurl_invoke_get_content(flickcurl *fc, size_t* size_p)
+ }
+ 
+ 
++/*
++ * INTERNAL - free a form.
++ */
+ void
+-flickcurl_free_form(char **form, int count)
++flickcurl_free_form(char **form)
+ {
+   if(!form)
+     return;
+ 
+   /* free content which is the first key */
+-  free(form[0]);
++  if(form[0])
++    free(form[0]);
+ 
+   free(form);
+ }
+@@ -1537,10 +1541,16 @@ flickcurl_free_form(char **form, int count)
+ * INTERNAL - decoded content from current request as HTTP FORM and return fields
+ *
+ * NOTE: The result may be an empty array with just two NULL
+-* terminating pointers if there are no fields.
++* terminating pointers if there are no fields or no content.
++*
++* If @count_p is not NULL, *@count_p is set to the number of pairs of
++* fields.
++*
++* Index 0 is used to store the raw content.
++*
++* Return value: NULL on failure or an array of [char* field name,
++* char* field value] starting at index 1, terminated by a NULL pair.
+ *
+-* Return value: array of [char* field name, char* field value] with
+-* NULL pair terminating or NULL on failure
+ */
+ char**
+ flickcurl_invoke_get_form_content(flickcurl *fc, int* count_p)
+@@ -1562,21 +1572,24 @@ flickcurl_invoke_get_form_content(flickcurl *fc, int* count_p)
+     count++; /* counting separators so need +1 for number of contents */
+   }
+   
+-  /* Allocate count + 1 sized array of char* (key, value) pointers
++  /* Allocate 1+ count + 1 sized array of char* (key, value) pointers
+    * The last pair are always (NULL, NULL).
+    *
+    * The pointers are into the 'content' buffer which is kept around
+    * and owned by this array and stored in form[0].
+    */
+-  form = (char**)calloc(2*(count + 1), sizeof(char*));
++  form = (char**)calloc(1 + 2*(count + 1), sizeof(char*));
+   if(!form) {
+     if(content)
+       free(content);
+     return NULL;
+   }
+ 
++  /* the form owns the content array */
++  form[0] = content;
++
+   if(content) {
+-    for(p = content, i = 0; *p; p++) {
++    for(p = content, i = 1; *p; p++) {
+       char *start = p;
+ 
+       while(*p && *p != '&' && *p != '=')
+@@ -1590,8 +1603,6 @@ flickcurl_invoke_get_form_content(flickcurl *fc, int* count_p)
+     }
+     form[i++] = NULL;
+     form[i] = NULL;
+-
+-    free(content);
+   }
+ 
+   if(count_p)
+diff --git a/src/flickcurl_internal.h b/src/flickcurl_internal.h
+index 4904341..3082978 100644
+--- a/src/flickcurl_internal.h
++++ b/src/flickcurl_internal.h
+@@ -119,7 +119,7 @@ xmlDocPtr flickcurl_invoke(flickcurl *fc);
+ char* flickcurl_invoke_get_content(flickcurl *fc, size_t* size_p);
+ /* Invoke URI prepared above and get back 'count' key/values */
+ char** flickcurl_invoke_get_form_content(flickcurl *fc, int* count_p);
+-void flickcurl_free_form(char **form, int count);
++void flickcurl_free_form(char **form);
+ 
+ /* args.c */
+ void flickcurl_free_arg(flickcurl_arg *arg);
+diff --git a/src/oauth.c b/src/oauth.c
+index d1f649e..8ac4e3c 100644
+--- a/src/oauth.c
++++ b/src/oauth.c
+@@ -741,11 +741,12 @@ flickcurl_oauth_create_request_token(flickcurl* fc, const char* callback)
+           uri, count);
+ #endif
+ 
+-  for(i = 0; i < (2 * count); i += 2) {
+-    if(!strcmp(form[i], "oauth_token")) {
+-      request_token = form[i+1];
+-    } else if(!strcmp(form[i], "oauth_token_secret")) {
+-      request_token_secret = form[i+1];
++  for(i = 0; i < count; i++) {
++    int offset = 1 + (2 * i);
++    if(!strcmp(form[offset], "oauth_token")) {
++      request_token = form[offset+1];
++    } else if(!strcmp(form[offset], "oauth_token_secret")) {
++      request_token_secret = form[offset+1];
+     }
+   }
+ 
+@@ -771,7 +772,7 @@ flickcurl_oauth_create_request_token(flickcurl* fc, const char* callback)
+   
+   tidy:
+   if(form)
+-    flickcurl_free_form(form, count);
++    flickcurl_free_form(form);
+   
+   return rc;
+ }
+@@ -888,15 +889,16 @@ flickcurl_oauth_create_access_token(flickcurl* fc, const char* verifier)
+           uri, count);
+ #endif
+ 
+-  for(i = 0; i < (2 * count); i += 2) {
+-    if(!strcmp(form[i], "oauth_token")) {
+-      access_token = form[i+1];
+-    } else if(!strcmp(form[i], "oauth_token_secret")) {
+-      access_token_secret = form[i+1];
+-    } else if(!strcmp(form[i], "username")) {
+-      username = form[i+1];
+-    } else if(!strcmp(form[i], "user_nsid")) {
+-      user_nsid = form[i+1];
++  for(i = 0; i < count; i++) {
++    int offset = 1 + (2 * i);
++    if(!strcmp(form[offset], "oauth_token")) {
++      access_token = form[offset+1];
++    } else if(!strcmp(form[offset], "oauth_token_secret")) {
++      access_token_secret = form[offset+1];
++    } else if(!strcmp(form[offset], "username")) {
++      username = form[offset+1];
++    } else if(!strcmp(form[offset], "user_nsid")) {
++      user_nsid = form[offset+1];
+     }
+     /* ignoring: fullname */
+   }
+@@ -952,7 +954,7 @@ flickcurl_oauth_create_access_token(flickcurl* fc, const char* verifier)
+   
+   tidy:
+   if(form)
+-    flickcurl_free_form(form, count);
++    flickcurl_free_form(form);
+   
+   return rc;
+ }
+-- 
+2.14.1
+
diff --git a/debian/patches/oauth_request_fix.diff b/debian/patches/oauth_request_fix.diff
new file mode 100644
index 0000000..9595cdd
--- /dev/null
+++ b/debian/patches/oauth_request_fix.diff
@@ -0,0 +1,22 @@
+Index: flickcurl/src/oauth.c
+===================================================================
+--- flickcurl.orig/src/oauth.c
++++ flickcurl/src/oauth.c
+@@ -709,7 +709,7 @@ flickcurl_oauth_create_request_token(fli
+   int i;
+   int count;
+ 
+-  flickcurl_end_params(fc);
++  flickcurl_init_params(fc, 0);
+ 
+   /* Require signature */
+   flickcurl_set_sign(fc);
+@@ -856,7 +856,7 @@ flickcurl_oauth_create_access_token(flic
+   if(!verifier)
+     return 1;
+ 
+-  flickcurl_end_params(fc);
++  flickcurl_init_params(fc, 0);
+ 
+   /* Require signature */
+   flickcurl_set_sign(fc);
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..9146cb1
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+oauth_request_fix.diff
+0001-Make-form-use-free-api-saner-and-prevent-double-free.patch

Reply to:

Follow-Ups:
- Bug#875994: stretch-pu: package flickcurl/1.26-2
  - From: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>

References:
- Bug#875994: stretch-pu: package flickcurl/1.26-2
  - From: Kumar Appaiah <a.kumar@alumni.iitm.ac.in>
- Bug#875994: stretch-pu: package flickcurl/1.26-2
  - From: Jonathan Wiltshire <jmw@debian.org>

Prev by Date: Bug#875994: stretch-pu: package flickcurl/1.26-2
Next by Date: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
Previous by thread: Bug#875994: stretch-pu: package flickcurl/1.26-2
Next by thread: Bug#875994: stretch-pu: package flickcurl/1.26-2
Index(es):
- Date
- Thread