Fix two memory corruption crashes.

* Use-after-free in afpd's Time Machine Code [1]
* Memory overrun in extended attributes [2]

PR:		251203 [1]
		244191 [2]
Submitted by:	 Jose Quinteiro <freebsd@quinteiro.org>

net/netatalk3/Makefile

@@ -3,7 +3,7 @@
 
 PORTNAME=	netatalk
 PORTVERSION=	3.1.12
-PORTREVISION=	3
+PORTREVISION=	4
 PORTEPOCH=	1
 CATEGORIES=	net
 MASTER_SITES=	SF

net/netatalk3/files/patch-etc_afpd_volume.c

@@ -0,0 +1,20 @@
+--- etc/afpd/volume.c.orig	2020-11-17 04:41:20 UTC
++++ etc/afpd/volume.c
+@@ -183,6 +183,7 @@ static int get_tm_used(struct vol * restrict vol)
+             
+             if ((bandsize = get_tm_bandsize(cfrombstr(infoplist))) == -1) {
+                 bdestroy(infoplist);
++                infoplist = NULL;
+                 continue;
+             }
+ 
+@@ -190,7 +191,9 @@ static int get_tm_used(struct vol * restrict vol)
+ 
+             if ((links = get_tm_bands(cfrombstr(bandsdir))) == -1) {
+                 bdestroy(infoplist);
++                infoplist = NULL;
+                 bdestroy(bandsdir);
++                bandsdir = NULL;
+                 continue;
+             }
+ 

net/netatalk3/files/patch-libatalk_vfs_extattr.c

@@ -0,0 +1,19 @@
+--- libatalk/vfs/extattr.c	2020-11-17 04:20:13 UTC
++++ libatalk/vfs/extattr.c	
+@@ -353,13 +353,13 @@ static ssize_t bsd_attr_list (int type, extattr_arg ar
+     }
+ 
+     /* Convert from pascal strings to C strings */
+-    len = list[0];
+-    memmove(list, list + 1, list_size);
++    len = (unsigned char)list[0];
++    memmove(list, list + 1, list_size - 1);
+ 
+     for(i = len; i < list_size; ) {
+         LOG(log_maxdebug, logtype_afpd, "len: %d, i: %d", len, i);
+ 
+-        len = list[i];
++        len = (unsigned char)list[i];
+         list[i] = '\0';
+         i += len + 1;
+     }