r35591 - in /trunk/libnet-arp-perl/debian: changelog patches/buffer_overflows.patch patches/prototypes.patch patches/return-value.patch patches/series
thialme-guest at users.alioth.debian.org
thialme-guest at users.alioth.debian.org
Sun May 17 17:47:00 UTC 2009
Author: thialme-guest
Date: Sun May 17 17:46:55 2009
New Revision: 35591
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=35591
Log:
Added patch to fix buffer overflows
Added:
trunk/libnet-arp-perl/debian/patches/buffer_overflows.patch
Modified:
trunk/libnet-arp-perl/debian/changelog
trunk/libnet-arp-perl/debian/patches/prototypes.patch
trunk/libnet-arp-perl/debian/patches/return-value.patch
trunk/libnet-arp-perl/debian/patches/series
Modified: trunk/libnet-arp-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libnet-arp-perl/debian/changelog?rev=35591&op=diff
==============================================================================
--- trunk/libnet-arp-perl/debian/changelog (original)
+++ trunk/libnet-arp-perl/debian/changelog Sun May 17 17:46:55 2009
@@ -6,6 +6,8 @@
- documentation.diff
- 10alignment-and-headers.patch
* Added header (author, bug number, description) to all patches.
+ * Added buffer_overflows.patch to fix buffer overflows due to the use of
+ strcpy (Closes: #528675).
-- Franck Joncourt <franck.mail at dthconnex.com> Sun, 26 Apr 2009 22:07:55 +0200
Added: trunk/libnet-arp-perl/debian/patches/buffer_overflows.patch
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libnet-arp-perl/debian/patches/buffer_overflows.patch?rev=35591&op=file
==============================================================================
--- trunk/libnet-arp-perl/debian/patches/buffer_overflows.patch (added)
+++ trunk/libnet-arp-perl/debian/patches/buffer_overflows.patch Sun May 17 17:46:55 2009
@@ -1,0 +1,109 @@
+Author: Franck Joncourt <franck.mail at dthconnex.com>
+Bugs: 528675
+Description: fix buffer overflows due to an unsafe use of strcpy.
+ + Define a constant, HEX_HW_ADDR_LEN, in arp.h to set the length of the
+ hex representation of the hardware address. Its use with strncpy will
+ prevent eventual overflows through the mac variable.
+ + Make sure the device name provided by the user does not overwrite data
+ in the ifreq structure when copied. The device name in an ifreq
+ strcuture is IFNAMSIZ bytes long.
+
+--- libnet-arp-perl.orig/arp.h
++++ libnet-arp-perl/arp.h
+@@ -42,6 +42,10 @@
+ #endif
+ #define IP_ALEN 4
+
++/* Length of the hardware address in the standard hex-digits-and-colons
++ * notation (null terminated string) */
++#define HEX_HW_ADDR_LEN 18
++
+ // ARP Header Struktur
+ struct my_arphdr {
+ u_short hw_type; // hardware type
+--- libnet-arp-perl.orig/get_mac_linux.c
++++ libnet-arp-perl/get_mac_linux.c
+@@ -22,11 +22,13 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/ioctl.h>
++#include <sys/types.h>
+ #include <net/ethernet.h>
+ #include <string.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <net/if.h>
++#include "arp.h"
+
+ int get_mac_linux(u_char *dev, char *mac)
+ {
+@@ -35,16 +37,18 @@
+ struct sockaddr_in *addr;
+ struct ether_addr ether;
+
+- if(strlen(mac) > 0)
+- strcpy(mac,"unknown");
+- else
++ if (!strlen(mac) || !strlen(dev))
+ return -1;
+
+- if(strlen(dev) == 0)
+- return -1;
+-
+- strcpy(iface.ifr_name,dev);
++ /* Set hardware address as unknown */
++ strncpy(mac,"unknown", HEX_HW_ADDR_LEN);
++ mac[HEX_HW_ADDR_LEN-1] = '\0';
+
++ /* Copy device name into the ifreq strcture so that we can look for its
++ * hardware address through an ioctl request */
++ strncpy(iface.ifr_name, dev, IFNAMSIZ);
++ iface.ifr_name[IFNAMSIZ-1] = '\0';
++
+ // Open a socket
+ if((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+ {
+--- libnet-arp-perl.orig/arp_lookup_linux.c
++++ libnet-arp-perl/arp_lookup_linux.c
+@@ -20,6 +20,8 @@
+
+ #include <stdio.h>
+ #include <string.h>
++#include <sys/types.h>
++#include "arp.h"
+
+ #define _PATH_PROCNET_ARP "/proc/net/arp"
+
+@@ -33,14 +35,12 @@
+ char device[100];
+ int num, type, flags;
+
+- if(strlen(mac) > 0)
+- strcpy(mac,"unknown");
+- else
++ if (!strlen(mac) || !strlen(ip))
+ return -1;
+
+- if(strlen(ip) == 0)
+- return -1;
+-
++ strncpy(mac,"unknown", HEX_HW_ADDR_LEN);
++ mac[HEX_HW_ADDR_LEN-1] = '\0';
++
+ if ((fp = fopen(_PATH_PROCNET_ARP, "r")) == NULL) {
+ perror(_PATH_PROCNET_ARP);
+ return (-1);
+@@ -59,10 +59,10 @@
+
+ if ((strlen(dev) == 0 || strcmp(dev, device) == 0) && strcmp(ip, ipaddr) == 0)
+ {
+- strcpy(mac, hwa);
+- break;
++ strncpy(mac, hwa, HEX_HW_ADDR_LEN);
++ mac[HEX_HW_ADDR_LEN-1] = '\0';
++ break;
+ }
+- strcpy(mac, "unknown");
+ }
+ }
+
Modified: trunk/libnet-arp-perl/debian/patches/prototypes.patch
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libnet-arp-perl/debian/patches/prototypes.patch?rev=35591&op=diff
==============================================================================
--- trunk/libnet-arp-perl/debian/patches/prototypes.patch (original)
+++ trunk/libnet-arp-perl/debian/patches/prototypes.patch Sun May 17 17:46:55 2009
@@ -3,9 +3,9 @@
The arp header must define the global prototypes of the *_linux and *_bsd
functions used in order to let the ARP.xs file know about them.
---- a/arp.h
-+++ b/arp.h
-@@ -56,3 +56,9 @@ struct my_arphdr {
+--- libnet-arp-perl.orig/arp.h
++++ libnet-arp-perl/arp.h
+@@ -60,3 +60,9 @@
};
extern struct ether_addr *ether_aton (__const char *__asc) __THROW;
Modified: trunk/libnet-arp-perl/debian/patches/return-value.patch
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libnet-arp-perl/debian/patches/return-value.patch?rev=35591&op=diff
==============================================================================
--- trunk/libnet-arp-perl/debian/patches/return-value.patch (original)
+++ trunk/libnet-arp-perl/debian/patches/return-value.patch Sun May 17 17:46:55 2009
@@ -4,9 +4,9 @@
do nothing when it succeeds.
This makes the function returns 0 rather than no value.
---- a/arp_lookup_linux.c
-+++ b/arp_lookup_linux.c
-@@ -67,4 +67,5 @@ int arp_lookup_linux(char *dev, char *ip
+--- libnet-arp-perl.orig/arp_lookup_linux.c
++++ libnet-arp-perl/arp_lookup_linux.c
+@@ -67,4 +67,5 @@
}
fclose(fp);
Modified: trunk/libnet-arp-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libnet-arp-perl/debian/patches/series?rev=35591&op=diff
==============================================================================
--- trunk/libnet-arp-perl/debian/patches/series (original)
+++ trunk/libnet-arp-perl/debian/patches/series Sun May 17 17:46:55 2009
@@ -1,3 +1,4 @@
+buffer_overflows.patch
return-value.patch
prototypes.patch
20skip_send_packet_test.patch
More information about the Pkg-perl-cvs-commits
mailing list