mtr/mtr-0.69-CVE-2002-0497.patch

--- mtr-0.69/dns.c.CVE-2002-0497	2005-01-11 09:32:42.000000000 +0100
+++ mtr-0.69/dns.c	2005-02-09 18:13:12.000000000 +0100
@@ -877,7 +877,7 @@
   if (type == T_A) {
     dorequest(rp->hostname,type,rp->id);
     if (debug) {
-      sprintf(tempstring,"Resolver: Sent reverse authentication request for \"%s\".",
+      snprintf(tempstring, sizeof(tempstring), "Resolver: Sent reverse authentication request for \"%s\".",
 	      rp->hostname);
       restell(tempstring);
     }
@@ -898,7 +898,7 @@
     }
     dorequest(tempstring,type,rp->id);
     if (debug) {
-      sprintf(tempstring,"Resolver: Sent domain lookup request for \"%s\".",
+      snprintf(tempstring, sizeof(tempstring), "Resolver: Sent domain lookup request for \"%s\".",
 	      strlongip( &(rp->ip) ));
       restell(tempstring);
     }
@@ -934,7 +934,7 @@
   rp->expiretime = sweeptime + (double)ttl;
   untieresolve(rp);
   if (debug) {
-    sprintf(tempstring,"Resolver: Lookup successful: %s\n",rp->hostname);
+    snprintf(tempstring, sizeof(tempstring), "Resolver: Lookup successful: %s\n",rp->hostname);
     restell(tempstring);
   }
 }
@@ -991,7 +991,7 @@
   case NOERROR:
     if (hp->ancount) {
       if (debug) {
-	sprintf(tempstring,"Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)",
+	snprintf(tempstring, sizeof(tempstring), "Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)",
                 hp->qdcount,hp->ancount,hp->nscount,hp->arcount);
 	restell(tempstring);
       }
@@ -1031,14 +1031,14 @@
       namestring[strlen(stackstring)] = '\0';
       if (strcasecmp(stackstring,namestring)) {
 	if (debug) {
-	  sprintf(tempstring,"Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")",
+	  snprintf(tempstring, sizeof(tempstring), "Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")",
 		  stackstring,namestring);
 	  restell(tempstring);
 	}
 	return;
       }
       if (debug) {
-	sprintf(tempstring,"Resolver: Queried domain name: \"%s\"",namestring);
+	snprintf(tempstring, sizeof(tempstring), "Resolver: Queried domain name: \"%s\"",namestring);
 	restell(tempstring);
       }
       c+= r;
@@ -1049,7 +1049,7 @@
       qdatatype = sucknetword(c);
       qclass = sucknetword(c);
       if (qclass != C_IN) {
-	sprintf(tempstring,"Resolver error: Received unsupported query class: %u (%s)",
+	snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unsupported query class: %u (%s)",
                 qclass,qclass < ClasstypeCount ? classtypes[qclass] :
 		classtypes[ClasstypeCount]);
 	restell(tempstring);
@@ -1063,7 +1063,7 @@
 	  }
 	break;
       default:
-	sprintf(tempstring,"Resolver error: Received unimplemented query type: %u (%s)",
+	snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented query type: %u (%s)",
 		qdatatype,qdatatype < ResourcetypeCount ?
 		resourcetypes[qdatatype] : resourcetypes[ResourcetypeCount]);
 	restell(tempstring);
@@ -1085,7 +1085,7 @@
 	else
 	  usefulanswer = 1;
 	if (debug) {
-	  sprintf(tempstring,"Resolver: answered domain query: \"%s\"",namestring);
+	  snprintf(tempstring, sizeof(tempstring), "Resolver: answered domain query: \"%s\"",namestring);
 	  restell(tempstring);
 	}
 	c+= r;
@@ -1098,10 +1098,10 @@
 	ttl = sucknetlong(c);
 	rdatalength = sucknetword(c);
 	if (class != qclass) {
-	  sprintf(tempstring,"query class: %u (%s)",qclass,qclass < ClasstypeCount ?
+	  snprintf(tempstring, sizeof(tempstring), "query class: %u (%s)",qclass,qclass < ClasstypeCount ?
 		  classtypes[qclass] : classtypes[ClasstypeCount]);
 	  restell(tempstring);
-	  sprintf(tempstring,"rr class: %u (%s)",class,class < ClasstypeCount ?
+	  snprintf(tempstring, sizeof(tempstring), "rr class: %u (%s)",class,class < ClasstypeCount ?
 		  classtypes[class] : classtypes[ClasstypeCount]);
 	  restell(tempstring);
 	  restell("Resolver error: Answered class does not match queried class.");
@@ -1117,20 +1117,20 @@
 	}
 	if (datatype == qdatatype || datatype == T_CNAME) {
 	  if (debug) {
-	    sprintf(tempstring,"Resolver: TTL: %s",strtdiff(sendstring,ttl));
+	    snprintf(tempstring, sizeof(tempstring), "Resolver: TTL: %s",strtdiff(sendstring,ttl));
 	    restell(tempstring);
 	  }
 	  if (usefulanswer)
 	    switch (datatype) {
 	    case T_A:
 	      if (rdatalength != 4) {
-		sprintf(tempstring,"Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)",
+		snprintf(tempstring, sizeof(tempstring), "Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)",
 			rdatalength);
 		restell(tempstring);
 		return;
 	      }
 	      if ( addrcmp( (void *) &(rp->ip), (void *) c, af ) == 0 ) {
-		sprintf(tempstring,"Resolver: Reverse authentication failed: %s != ",
+		snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication failed: %s != ",
 			strlongip( &(rp->ip) ));
 		addrcpy( (void *) &alignedip, (void *) c, af );
 		strcat(tempstring,strlongip( &alignedip ));
@@ -1138,7 +1138,7 @@
 		res_hostipmismatch++;
 		failrp(rp);
 	      } else {
-		sprintf(tempstring,"Resolver: Reverse authentication complete: %s == \"%s\".",
+		snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication complete: %s == \"%s\".",
 			strlongip( &(rp->ip) ),nonull(rp->hostname));
 		restell(tempstring);
 		res_reversesuccess++;
@@ -1155,7 +1155,7 @@
 		return;
 	      }
 	      if (debug) {
-		sprintf(tempstring,"Resolver: Answered domain: \"%s\"",namestring);
+		snprintf(tempstring, sizeof(tempstring), "Resolver: Answered domain: \"%s\"",namestring);
 		restell(tempstring);
 	      }
 	      if (r > HostnameLength) {
@@ -1180,14 +1180,14 @@
 	      }
 	      break;
 	    default:
-	      sprintf(tempstring,"Resolver error: Received unimplemented data type: %u (%s)",
+	      snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented data type: %u (%s)",
 		      datatype,datatype < ResourcetypeCount ?
 		      resourcetypes[datatype] : resourcetypes[ResourcetypeCount]);
 	      restell(tempstring);
 	    }
 	} else {
 	  if (debug) {
-	    sprintf(tempstring,"Resolver: Ignoring resource type %u. (%s)",
+	    snprintf(tempstring, sizeof(tempstring), "Resolver: Ignoring resource type %u. (%s)",
 		    datatype,datatype < ResourcetypeCount ?
 		    resourcetypes[datatype] : resourcetypes[ResourcetypeCount]);
 	    restell(tempstring);
@@ -1205,7 +1205,7 @@
     failrp(rp);
     break;
   default:
-    sprintf(tempstring,"Resolver: Received error response %u. (%s)",
+    snprintf(tempstring, sizeof(tempstring), "Resolver: Received error response %u. (%s)",
 	    getheader_rcode(hp),getheader_rcode(hp) < ResponsecodeCount ?
 	    responsecodes[getheader_rcode(hp)] : responsecodes[ResponsecodeCount]);
     restell(tempstring);
@@ -1236,13 +1236,13 @@
 		      (void *) &(from4->sin_addr), AF_INET ) == 0 )
 	  break;
     if (i == _res.nscount) {
-      sprintf(tempstring,"Resolver error: Received reply from unknown source: %s",
+      snprintf(tempstring, sizeof(tempstring), "Resolver error: Received reply from unknown source: %s",
 	      inet_ntoa(from4->sin_addr ));
       restell(tempstring);
     } else
       parserespacket((byte *)resrecvbuf,r);
   } else {
-    sprintf(tempstring,"Resolver: Socket error: %s",strerror(errno));
+    snprintf(tempstring, sizeof(tempstring), "Resolver: Socket error: %s",strerror(errno));
     restell(tempstring);
   }
 }
@@ -1271,7 +1271,7 @@
     case STATE_FINISHED:	/* TTL has expired */
     case STATE_FAILED:	/* Fake TTL has expired */
       if (debug) {
-	sprintf(tempstring,"Resolver: Cache record for \"%s\" (%s) has expired. (state: %u)  Marked for expire at: %g, time: %g.",
+	snprintf(tempstring, sizeof(tempstring), "Resolver: Cache record for \"%s\" (%s) has expired. (state: %u)  Marked for expire at: %g, time: %g.",
                 nonull(rp->hostname), strlongip( &(rp->ip) ), 
 		rp->state, rp->expiretime, sweeptime);
 	restell(tempstring);
@@ -1315,14 +1315,14 @@
     if ((rp->state == STATE_FINISHED) || (rp->state == STATE_FAILED)) {
       if ((rp->state == STATE_FINISHED) && (rp->hostname)) {
 	if (debug) {
-	  sprintf(tempstring,"Resolver: Used cached record: %s == \"%s\".\n",
+	  snprintf(tempstring, sizeof(tempstring), "Resolver: Used cached record: %s == \"%s\".\n",
 		  strlongip(ip),rp->hostname);
 	  restell(tempstring);
 	}
 	return rp->hostname;
       } else {
 	if (debug) {
-	  sprintf(tempstring,"Resolver: Used failed record: %s == ???\n",
+	  snprintf(tempstring, sizeof(tempstring), "Resolver: Used failed record: %s == ???\n",
 		  strlongip(ip));
 	  restell(tempstring);
 	}
- Updated to mtr-0.69 - Dropped quite a few patches - Forewardported the CVE patch 2005-02-09 17:23:38 +00:00			`--- mtr-0.69/dns.c.CVE-2002-0497 2005-01-11 09:32:42.000000000 +0100`
			`+++ mtr-0.69/dns.c 2005-02-09 18:13:12.000000000 +0100`
			`@@ -877,7 +877,7 @@`
			`if (type == T_A) {`
			`dorequest(rp->hostname,type,rp->id);`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Sent reverse authentication request for \"%s\".",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Sent reverse authentication request for \"%s\".",`
			`rp->hostname);`
			`restell(tempstring);`
			`}`
			`@@ -898,7 +898,7 @@`
			`}`
			`dorequest(tempstring,type,rp->id);`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Sent domain lookup request for \"%s\".",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Sent domain lookup request for \"%s\".",`
			`strlongip( &(rp->ip) ));`
			`restell(tempstring);`
			`}`
			`@@ -934,7 +934,7 @@`
			`rp->expiretime = sweeptime + (double)ttl;`
			`untieresolve(rp);`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Lookup successful: %s\n",rp->hostname);`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Lookup successful: %s\n",rp->hostname);`
			`restell(tempstring);`
			`}`
			`}`
			`@@ -991,7 +991,7 @@`
			`case NOERROR:`
			`if (hp->ancount) {`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)",`
			`hp->qdcount,hp->ancount,hp->nscount,hp->arcount);`
			`restell(tempstring);`
			`}`
			`@@ -1031,14 +1031,14 @@`
			`namestring[strlen(stackstring)] = '\0';`
			`if (strcasecmp(stackstring,namestring)) {`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")",`
			`stackstring,namestring);`
			`restell(tempstring);`
			`}`
			`return;`
			`}`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Queried domain name: \"%s\"",namestring);`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Queried domain name: \"%s\"",namestring);`
			`restell(tempstring);`
			`}`
			`c+= r;`
			`@@ -1049,7 +1049,7 @@`
			`qdatatype = sucknetword(c);`
			`qclass = sucknetword(c);`
			`if (qclass != C_IN) {`
			`- sprintf(tempstring,"Resolver error: Received unsupported query class: %u (%s)",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unsupported query class: %u (%s)",`
			`qclass,qclass < ClasstypeCount ? classtypes[qclass] :`
			`classtypes[ClasstypeCount]);`
			`restell(tempstring);`
			`@@ -1063,7 +1063,7 @@`
			`}`
			`break;`
			`default:`
			`- sprintf(tempstring,"Resolver error: Received unimplemented query type: %u (%s)",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented query type: %u (%s)",`
			`qdatatype,qdatatype < ResourcetypeCount ?`
			`resourcetypes[qdatatype] : resourcetypes[ResourcetypeCount]);`
			`restell(tempstring);`
			`@@ -1085,7 +1085,7 @@`
			`else`
			`usefulanswer = 1;`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: answered domain query: \"%s\"",namestring);`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: answered domain query: \"%s\"",namestring);`
			`restell(tempstring);`
			`}`
			`c+= r;`
			`@@ -1098,10 +1098,10 @@`
			`ttl = sucknetlong(c);`
			`rdatalength = sucknetword(c);`
			`if (class != qclass) {`
			`- sprintf(tempstring,"query class: %u (%s)",qclass,qclass < ClasstypeCount ?`
			`+ snprintf(tempstring, sizeof(tempstring), "query class: %u (%s)",qclass,qclass < ClasstypeCount ?`
			`classtypes[qclass] : classtypes[ClasstypeCount]);`
			`restell(tempstring);`
			`- sprintf(tempstring,"rr class: %u (%s)",class,class < ClasstypeCount ?`
			`+ snprintf(tempstring, sizeof(tempstring), "rr class: %u (%s)",class,class < ClasstypeCount ?`
			`classtypes[class] : classtypes[ClasstypeCount]);`
			`restell(tempstring);`
			`restell("Resolver error: Answered class does not match queried class.");`
			`@@ -1117,20 +1117,20 @@`
			`}`
			`if (datatype == qdatatype \|\| datatype == T_CNAME) {`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: TTL: %s",strtdiff(sendstring,ttl));`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: TTL: %s",strtdiff(sendstring,ttl));`
			`restell(tempstring);`
			`}`
			`if (usefulanswer)`
			`switch (datatype) {`
			`case T_A:`
			`if (rdatalength != 4) {`
			`- sprintf(tempstring,"Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)",`
			`rdatalength);`
			`restell(tempstring);`
			`return;`
			`}`
			`if ( addrcmp( (void ) &(rp->ip), (void ) c, af ) == 0 ) {`
			`- sprintf(tempstring,"Resolver: Reverse authentication failed: %s != ",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication failed: %s != ",`
			`strlongip( &(rp->ip) ));`
			`addrcpy( (void ) &alignedip, (void ) c, af );`
			`strcat(tempstring,strlongip( &alignedip ));`
			`@@ -1138,7 +1138,7 @@`
			`res_hostipmismatch++;`
			`failrp(rp);`
			`} else {`
			`- sprintf(tempstring,"Resolver: Reverse authentication complete: %s == \"%s\".",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication complete: %s == \"%s\".",`
			`strlongip( &(rp->ip) ),nonull(rp->hostname));`
			`restell(tempstring);`
			`res_reversesuccess++;`
			`@@ -1155,7 +1155,7 @@`
			`return;`
			`}`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Answered domain: \"%s\"",namestring);`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Answered domain: \"%s\"",namestring);`
			`restell(tempstring);`
			`}`
			`if (r > HostnameLength) {`
			`@@ -1180,14 +1180,14 @@`
			`}`
			`break;`
			`default:`
			`- sprintf(tempstring,"Resolver error: Received unimplemented data type: %u (%s)",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented data type: %u (%s)",`
			`datatype,datatype < ResourcetypeCount ?`
			`resourcetypes[datatype] : resourcetypes[ResourcetypeCount]);`
			`restell(tempstring);`
			`}`
			`} else {`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Ignoring resource type %u. (%s)",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Ignoring resource type %u. (%s)",`
			`datatype,datatype < ResourcetypeCount ?`
			`resourcetypes[datatype] : resourcetypes[ResourcetypeCount]);`
			`restell(tempstring);`
			`@@ -1205,7 +1205,7 @@`
			`failrp(rp);`
			`break;`
			`default:`
			`- sprintf(tempstring,"Resolver: Received error response %u. (%s)",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Received error response %u. (%s)",`
			`getheader_rcode(hp),getheader_rcode(hp) < ResponsecodeCount ?`
			`responsecodes[getheader_rcode(hp)] : responsecodes[ResponsecodeCount]);`
			`restell(tempstring);`
			`@@ -1236,13 +1236,13 @@`
			`(void *) &(from4->sin_addr), AF_INET ) == 0 )`
			`break;`
			`if (i == _res.nscount) {`
			`- sprintf(tempstring,"Resolver error: Received reply from unknown source: %s",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received reply from unknown source: %s",`
			`inet_ntoa(from4->sin_addr ));`
			`restell(tempstring);`
			`} else`
			`parserespacket((byte *)resrecvbuf,r);`
			`} else {`
			`- sprintf(tempstring,"Resolver: Socket error: %s",strerror(errno));`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Socket error: %s",strerror(errno));`
			`restell(tempstring);`
			`}`
			`}`
			`@@ -1271,7 +1271,7 @@`
			`case STATE_FINISHED: /* TTL has expired */`
			`case STATE_FAILED: /* Fake TTL has expired */`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Cache record for \"%s\" (%s) has expired. (state: %u) Marked for expire at: %g, time: %g.",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Cache record for \"%s\" (%s) has expired. (state: %u) Marked for expire at: %g, time: %g.",`
			`nonull(rp->hostname), strlongip( &(rp->ip) ),`
			`rp->state, rp->expiretime, sweeptime);`
			`restell(tempstring);`
			`@@ -1315,14 +1315,14 @@`
			`if ((rp->state == STATE_FINISHED) \|\| (rp->state == STATE_FAILED)) {`
			`if ((rp->state == STATE_FINISHED) && (rp->hostname)) {`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Used cached record: %s == \"%s\".\n",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Used cached record: %s == \"%s\".\n",`
			`strlongip(ip),rp->hostname);`
			`restell(tempstring);`
			`}`
			`return rp->hostname;`
			`} else {`
			`if (debug) {`
			`- sprintf(tempstring,"Resolver: Used failed record: %s == ???\n",`
			`+ snprintf(tempstring, sizeof(tempstring), "Resolver: Used failed record: %s == ???\n",`
			`strlongip(ip));`
			`restell(tempstring);`
			`}`