rpms/net-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- scanf format length fix (non exploitable?) from Fabian Hugelshofer

Browse Source 
<hugelshofer2006@gmx.ch>
- URL tag changed to http://net-tools.berlios.de/
This commit is contained in:
Jiří Popelka 2009-07-08 13:28:27 +00:00
parent a7a4365096
commit bf613f1929
2 changed files with 148 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
net-tools-1.60-scanf-format.patch Normal file
View File

@ -0,0 +1,140 @@
diff -up net-tools-1.60/arp.c.scanf-format net-tools-1.60/arp.c
--- net-tools-1.60/arp.c.scanf-format 2009-07-08 11:17:09.000000000 +0200
+++ net-tools-1.60/arp.c 2009-07-08 11:43:39.000000000 +0200
@@ -557,7 +557,7 @@ static int arp_show(char *name)
/* Read the ARP cache entries. */
for (num = 0; num < entries; num++) {
fgets(line, sizeof(line), fp);
- if (sscanf(line, "%s 0x%x 0x%x %100s %100s %100s\n",
+ if (sscanf(line, "%s 0x%x 0x%x %99s %99s %99s\n",
ip, &type, &flags, hwa, mask, dev) < 4)
break;
diff -up net-tools-1.60/lib/inet_gr.c.scanf-format net-tools-1.60/lib/inet_gr.c
--- net-tools-1.60/lib/inet_gr.c.scanf-format 2000-10-28 12:59:42.000000000 +0200
+++ net-tools-1.60/lib/inet_gr.c 2009-07-08 11:49:59.000000000 +0200
@@ -38,7 +38,7 @@ extern char *INET_sprintmask(struct sock
int rprint_fib(int ext, int numeric)
{
- char buff[1024], iface[16], flags[64];
+ char buff[1024], iface[17], flags[64];
char gate_addr[128], net_addr[128];
char mask_addr[128];
int num, iflags, metric, refcnt, use, mss, window, irtt;
@@ -69,18 +69,18 @@ int rprint_fib(int ext, int numeric)
fmt = proc_gen_fmt(_PATH_PROCNET_ROUTE, 0, fp,
"Iface", "%16s",
- "Destination", "%128s",
- "Gateway", "%128s",
+ "Destination", "%127s",
+ "Gateway", "%127s",
"Flags", "%X",
"RefCnt", "%d",
"Use", "%d",
"Metric", "%d",
- "Mask", "%128s",
+ "Mask", "%127s",
"MTU", "%d",
"Window", "%d",
"IRTT", "%d",
NULL);
- /* "%16s %128s %128s %X %d %d %d %128s %d %d %d\n" */
+ /* "%16s %127s %127s %X %d %d %d %127s %d %d %d\n" */
if (!fmt)
return 1;
@@ -205,7 +205,7 @@ int rprint_fib(int ext, int numeric)
int rprint_cache(int ext, int numeric)
{
- char buff[1024], iface[16], flags[64];
+ char buff[1024], iface[17], flags[64];
char gate_addr[128], dest_addr[128], specdst[128];
char src_addr[128];
struct sockaddr snet;
@@ -269,20 +269,20 @@ int rprint_cache(int ext, int numeric)
fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp,
"Iface", "%16s",
- "Destination", "%128s",
- "Gateway", "%128s",
+ "Destination", "%127s",
+ "Gateway", "%127s",
"Flags", "%X",
"RefCnt", "%d",
"Use", "%d",
"Metric", "%d",
- "Source", "%128s",
+ "Source", "%127s",
"MTU", "%d",
"Window", "%d",
"IRTT", "%d",
"HH", "%d",
"ARP", "%d",
NULL);
- /* "%16s %128s %128s %X %d %d %d %128s %d %d %d %d %d\n" */
+ /* "%16s %127s %127s %X %d %d %d %127s %d %d %d %d %d\n" */
}
if (format == 2) {
@@ -292,13 +292,13 @@ int rprint_cache(int ext, int numeric)
"MSS Window irtt TOS HHRef HHUptod SpecDst\n"));
fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp,
"Iface", "%16s",
- "Destination", "%128s",
- "Gateway", "%128s",
+ "Destination", "%127s",
+ "Gateway", "%127s",
"Flags", "%X",
"RefCnt", "%d",
"Use", "%d",
"Metric", "%d",
- "Source", "%128s",
+ "Source", "%127s",
"MTU", "%d",
"Window", "%d",
"IRTT", "%d",
@@ -307,7 +307,7 @@ int rprint_cache(int ext, int numeric)
"HHUptod", "%d",
"SpecDst", "%128s",
NULL);
- /* "%16s %128s %128s %X %d %d %d %128s %d %d %d %d %d %128s\n" */
+ /* "%16s %127s %127s %X %d %d %d %127s %d %d %d %d %d %128s\n" */
}
diff -up net-tools-1.60/lib/interface.c.scanf-format net-tools-1.60/lib/interface.c
--- net-tools-1.60/lib/interface.c.scanf-format 2009-07-08 11:17:09.000000000 +0200
+++ net-tools-1.60/lib/interface.c 2009-07-08 11:45:44.000000000 +0200
@@ -713,7 +713,7 @@ void ife_print_long(struct interface *pt
#endif
#if HAVE_AFINET6
FILE *f;
- char addr6[40], devname[20];
+ char addr6[40], devname[21];
struct sockaddr_in6 sap;
int plen, scope, dad_status, if_idx;
extern struct aftype inet6_aftype;
diff -up net-tools-1.60/netstat.c.scanf-format net-tools-1.60/netstat.c
--- net-tools-1.60/netstat.c.scanf-format 2009-07-08 11:17:09.000000000 +0200
+++ net-tools-1.60/netstat.c 2009-07-08 11:42:12.000000000 +0200
@@ -1105,7 +1105,7 @@ static void udp_do_one(int lnr, const ch
more[0] = '\0';
num = sscanf(line,
- "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n",
+ "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %511s\n",
&d, local_addr, &local_port,
rem_addr, &rem_port, &state,
&txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more);
@@ -1540,7 +1540,7 @@ static void raw_do_one(int lnr, const ch
more[0] = '\0';
num = sscanf(line,
- "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n",
+ "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %511s\n",
&d, local_addr, &local_port, rem_addr, &rem_port, &state,
&txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more);

10
net-tools.spec
View File

@ -3,10 +3,10 @@
Summary: Basic networking tools Summary: Basic networking tools
Name: net-tools Name: net-tools
Version: 1.60 Version: 1.60
Release: 92%{?dist} Release: 93%{?dist}
License: GPL+ License: GPL+
Group: System Environment/Base Group: System Environment/Base
URL: http://www.tazenda.demon.co.uk/phil/net-tools/ URL: http://net-tools.berlios.de/
Source0: http://www.tazenda.demon.co.uk/phil/net-tools/net-tools-%{version}.tar.bz2 Source0: http://www.tazenda.demon.co.uk/phil/net-tools/net-tools-%{version}.tar.bz2
Source1: http://www.red-bean.com/~bos/netplug/netplug-%{npversion}.tar.bz2 Source1: http://www.red-bean.com/~bos/netplug/netplug-%{npversion}.tar.bz2
Source2: net-tools-%{version}-config.h Source2: net-tools-%{version}-config.h
@ -82,6 +82,7 @@ Patch68: net-tools-1.60-a-option.patch
Patch69: net-tools-1.60-clear-flag.patch Patch69: net-tools-1.60-clear-flag.patch
Patch70: net-tools-1.60-metric-tunnel-man.patch Patch70: net-tools-1.60-metric-tunnel-man.patch
Patch71: net-tools-1.60-netstat-probe.patch Patch71: net-tools-1.60-netstat-probe.patch
Patch72: net-tools-1.60-scanf-format.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires(post): /sbin/chkconfig Requires(post): /sbin/chkconfig
@ -164,6 +165,7 @@ ifconfig, netstat, route, and others.
%patch69 -p1 -b .clear-flag %patch69 -p1 -b .clear-flag
%patch70 -p1 -b .metric-tunnel-man %patch70 -p1 -b .metric-tunnel-man
%patch71 -p1 -b .probe %patch71 -p1 -b .probe
%patch72 -p1 -b .scanf-format
cp %SOURCE2 ./config.h cp %SOURCE2 ./config.h
cp %SOURCE3 ./config.make cp %SOURCE3 ./config.make
@ -279,6 +281,10 @@ exit 0
%{_sysconfdir}/rc.d/init.d/netplugd %{_sysconfdir}/rc.d/init.d/netplugd
%changelog %changelog
* Wed Jul 8 2009 Jiri Popelka <jpopelka@redhat.com> - 1.60-93
- scanf format length fix (non exploitable?) from Fabian Hugelshofer <hugelshofer2006@gmx.ch>
- URL tag changed to http://net-tools.berlios.de/
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.60-92 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.60-92
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild