auto-import changelog data from iproute-2.6.9-2.src.rpm

Mon Sep 06 2004 Radek Vokal <rvokal@redhat.com> 2.6.9-2 - fixed possible buffer owerflow, path by Steve Grubb <linux_4ever@yahoo.com>
2004-09-09 06:23:57 +00:00 · 2004-09-09 06:23:57 +00:00 · 7d717a51ff
commit 7d717a51ff
parent e15bfd0dab
2 changed files with 60 additions and 1 deletions
--- a/iproute.spec
+++ b/iproute.spec
@ -1,7 +1,7 @@
 Summary: Advanced IP routing and network device configuration tools.
 Name: iproute
 Version: 2.6.9
-Release: 1
+Release: 2
 Group: Applications/System
 Source: http://developer.osdl.org/dev/iproute2/download/iproute2-%{version}-ss040831.tar.gz
 Source1: ip.8
@ -20,6 +20,7 @@ Patch1: iproute2-2.4.7-rt_config.patch
 Patch2: iproute2-2.6.9-kernel.patch
 Patch3: iproute2-2.6.9-ss.patch
 Patch4: iproute2-2.4.7-initvar.patch
+Patch5: iproute2-2.6.9-owl-nstat-bound.patch
 License: GNU GPL
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildPrereq: tetex-latex tetex-dvips psutils linuxdoc-tools db4-devel bison
@ -36,6 +37,7 @@ capabilities of the Linux 2.4.x and 2.6.x kernel.
 %patch2 -p1 -b .kernel
 %patch3 -p1 -b .ss
 %patch4 -p1 -b .initvar
+%patch5 -p1 -b .bound

 %build
 make
@ -79,6 +81,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_sbindir}/*

 %changelog
+* Mon Sep 06 2004 Radek Vokal <rvokal@redhat.com> 2.6.9-2
+- fixed possible buffer owerflow, path by Steve Grubb <linux_4ever@yahoo.com>
+
 * Wed Sep 01 2004 Radek Vokal <rvokal@redhat.com> 2.6.9-1
 - updated to iproute-2.6.9, spec file change, patches cleared

--- a/iproute2-2.6.9-owl-nstat-bound.patch
+++ b/iproute2-2.6.9-owl-nstat-bound.patch
@ -0,0 +1,54 @@
+--- iproute2-2.6.9/misc/nstat.c.bound	2004-08-31 14:32:14.000000000 -0400
+++ iproute2-2.6.9/misc/nstat.c	2004-09-05 10:32:26.000000000 -0400
+@@ -121,14 +121,16 @@
+ 		int nr;
+ 		unsigned long long val;
+ 		double rate;
+-		char idbuf[256];
+		char idbuf[sizeof(buf)];
+ 		if (buf[0] == '#') {
+ 			buf[strlen(buf)-1] = 0;
+ 			if (info_source[0] && strcmp(info_source, buf+1))
+ 				source_mismatch = 1;
+-			strncpy(info_source, buf+1, sizeof(info_source)-1);
+			info_source[0] = 0;
+			strncat(info_source, buf+1, sizeof(info_source)-1);
+ 			continue;
+ 		}
+		/* idbuf is as big as buf, so this is safe */
+ 		nr = sscanf(buf, "%s%llu%lg", idbuf, &val, &rate);
+ 		if (nr < 2)
+ 			abort();
+@@ -162,7 +164,7 @@
+ 	struct nstat_ent *n;
+ 
+ 	while (fgets(buf, sizeof(buf), fp) != NULL) {
+-		char idbuf[256];
+		char idbuf[sizeof(buf)];
+ 		int  off;
+ 		char *p;
+ 
+@@ -170,8 +172,9 @@
+ 		if (!p)
+ 			abort();
+ 		*p = 0;
+-		strcpy(idbuf, buf);
+-		off = strlen(idbuf);
+		idbuf[0] = 0;
+		strncat(idbuf, buf, sizeof(idbuf) -1);
+		off = p - buf;
+ 		p += 2;
+ 
+ 		while (*p) {
+@@ -180,7 +183,10 @@
+ 				*next++ = 0;
+ 			else if ((next = strchr(p, '\n')) != NULL)
+ 				*next++ = 0;
+-			strcpy(idbuf+off, p);
+			if (off < sizeof(idbuf)) {
+				idbuf[off] = 0;
+				strncat(idbuf, p, sizeof(idbuf) - off - 1);
+			}
+ 			n = malloc(sizeof(*n));
+ 			if (!n)
+ 				abort();