rpms/net-tools/devel net-tools-1.60-scanf-format.patch, NONE, 1.1 net-tools.spec, 1.98, 1.99

Jiří Popelka jpopelka at fedoraproject.org
Wed Jul 8 13:28:28 UTC 2009 

Author: jpopelka

Update of /cvs/pkgs/rpms/net-tools/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26715

Modified Files:
	net-tools.spec 
Added Files:
	net-tools-1.60-scanf-format.patch 
Log Message:
- scanf format length fix (non exploitable?) from Fabian Hugelshofer <hugelshofer2006 at gmx.ch>
- URL tag changed to http://net-tools.berlios.de/


net-tools-1.60-scanf-format.patch:

--- NEW FILE net-tools-1.60-scanf-format.patch ---
diff -up net-tools-1.60/arp.c.scanf-format net-tools-1.60/arp.c
--- net-tools-1.60/arp.c.scanf-format	2009-07-08 11:17:09.000000000 +0200
+++ net-tools-1.60/arp.c	2009-07-08 11:43:39.000000000 +0200
@@ -557,7 +557,7 @@ static int arp_show(char *name)
 	/* Read the ARP cache entries. */
 	for (num = 0; num < entries; num++) {
 	    fgets(line, sizeof(line), fp);
-	    if (sscanf(line, "%s 0x%x 0x%x %100s %100s %100s\n",
+	    if (sscanf(line, "%s 0x%x 0x%x %99s %99s %99s\n",
 			 ip, &type, &flags, hwa, mask, dev) < 4)
 		break;
 
diff -up net-tools-1.60/lib/inet_gr.c.scanf-format net-tools-1.60/lib/inet_gr.c
--- net-tools-1.60/lib/inet_gr.c.scanf-format	2000-10-28 12:59:42.000000000 +0200
+++ net-tools-1.60/lib/inet_gr.c	2009-07-08 11:49:59.000000000 +0200
@@ -38,7 +38,7 @@ extern char *INET_sprintmask(struct sock
 
 int rprint_fib(int ext, int numeric)
 {
-    char buff[1024], iface[16], flags[64];
+    char buff[1024], iface[17], flags[64];
     char gate_addr[128], net_addr[128];
     char mask_addr[128];
     int num, iflags, metric, refcnt, use, mss, window, irtt;
@@ -69,18 +69,18 @@ int rprint_fib(int ext, int numeric)
 
     fmt = proc_gen_fmt(_PATH_PROCNET_ROUTE, 0, fp,
 		       "Iface", "%16s",
-		       "Destination", "%128s",
-		       "Gateway", "%128s",
+		       "Destination", "%127s",
+		       "Gateway", "%127s",
 		       "Flags", "%X",
 		       "RefCnt", "%d",
 		       "Use", "%d",
 		       "Metric", "%d",
-		       "Mask", "%128s",
+		       "Mask", "%127s",
 		       "MTU", "%d",
 		       "Window", "%d",
 		       "IRTT", "%d",
 		       NULL);
-    /* "%16s %128s %128s %X %d %d %d %128s %d %d %d\n" */
+    /* "%16s %127s %127s %X %d %d %d %127s %d %d %d\n" */
 
     if (!fmt)
 	return 1;
@@ -205,7 +205,7 @@ int rprint_fib(int ext, int numeric)
 
 int rprint_cache(int ext, int numeric)
 {
-    char buff[1024], iface[16], flags[64];
+    char buff[1024], iface[17], flags[64];
     char gate_addr[128], dest_addr[128], specdst[128];
     char src_addr[128];
     struct sockaddr snet;
@@ -269,20 +269,20 @@ int rprint_cache(int ext, int numeric)
 
       fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp,
 		       "Iface", "%16s",
-		       "Destination", "%128s",
-		       "Gateway", "%128s",
+		       "Destination", "%127s",
+		       "Gateway", "%127s",
 		       "Flags", "%X",
 		       "RefCnt", "%d",
 		       "Use", "%d",
 		       "Metric", "%d",
-		       "Source", "%128s",
+		       "Source", "%127s",
 		       "MTU", "%d",
 		       "Window", "%d",
 		       "IRTT", "%d",
 		       "HH", "%d",
 		       "ARP", "%d",
 		       NULL);
-      /* "%16s %128s %128s %X %d %d %d %128s %d %d %d %d %d\n" */
+      /* "%16s %127s %127s %X %d %d %d %127s %d %d %d %d %d\n" */
     }
 
     if (format == 2) {
@@ -292,13 +292,13 @@ int rprint_cache(int ext, int numeric)
 		 "MSS   Window irtt  TOS HHRef HHUptod     SpecDst\n"));
         fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp,
 		       "Iface", "%16s",
-		       "Destination", "%128s",
-		       "Gateway", "%128s",
+		       "Destination", "%127s",
+		       "Gateway", "%127s",
 		       "Flags", "%X",
 		       "RefCnt", "%d",
 		       "Use", "%d",
 		       "Metric", "%d",
-		       "Source", "%128s",
+		       "Source", "%127s",
 		       "MTU", "%d",
 		       "Window", "%d",
 		       "IRTT", "%d",
@@ -307,7 +307,7 @@ int rprint_cache(int ext, int numeric)
 		       "HHUptod", "%d",
 		       "SpecDst", "%128s",
 		       NULL);
-      /* "%16s %128s %128s %X %d %d %d %128s %d %d %d %d %d %128s\n" */
+      /* "%16s %127s %127s %X %d %d %d %127s %d %d %d %d %d %128s\n" */
     }
 
 
diff -up net-tools-1.60/lib/interface.c.scanf-format net-tools-1.60/lib/interface.c
--- net-tools-1.60/lib/interface.c.scanf-format	2009-07-08 11:17:09.000000000 +0200
+++ net-tools-1.60/lib/interface.c	2009-07-08 11:45:44.000000000 +0200
@@ -713,7 +713,7 @@ void ife_print_long(struct interface *pt
 #endif
 #if HAVE_AFINET6
     FILE *f;
-    char addr6[40], devname[20];
+    char addr6[40], devname[21];
     struct sockaddr_in6 sap;
     int plen, scope, dad_status, if_idx;
     extern struct aftype inet6_aftype;
diff -up net-tools-1.60/netstat.c.scanf-format net-tools-1.60/netstat.c
--- net-tools-1.60/netstat.c.scanf-format	2009-07-08 11:17:09.000000000 +0200
+++ net-tools-1.60/netstat.c	2009-07-08 11:42:12.000000000 +0200
@@ -1105,7 +1105,7 @@ static void udp_do_one(int lnr, const ch
 
     more[0] = '\0';
     num = sscanf(line,
-		 "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n",
+		 "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %511s\n",
 		 &d, local_addr, &local_port,
 		 rem_addr, &rem_port, &state,
 	  &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more);
@@ -1540,7 +1540,7 @@ static void raw_do_one(int lnr, const ch
 
     more[0] = '\0';
     num = sscanf(line,
-		 "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n",
+		 "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %511s\n",
 		 &d, local_addr, &local_port, rem_addr, &rem_port, &state,
 	  &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more);
 


Index: net-tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/net-tools/devel/net-tools.spec,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -p -r1.98 -r1.99
--- net-tools.spec	26 Feb 2009 04:54:53 -0000	1.98
+++ net-tools.spec	8 Jul 2009 13:28:27 -0000	1.99
@@ -3,10 +3,10 @@
 Summary: Basic networking tools
 Name: net-tools
 Version: 1.60
-Release: 92%{?dist}
+Release: 93%{?dist}
 License: GPL+
 Group: System Environment/Base
-URL: http://www.tazenda.demon.co.uk/phil/net-tools/
+URL: http://net-tools.berlios.de/
 Source0: http://www.tazenda.demon.co.uk/phil/net-tools/net-tools-%{version}.tar.bz2
 Source1: http://www.red-bean.com/~bos/netplug/netplug-%{npversion}.tar.bz2
 Source2: net-tools-%{version}-config.h
@@ -82,6 +82,7 @@ Patch68: net-tools-1.60-a-option.patch
 Patch69: net-tools-1.60-clear-flag.patch
 Patch70: net-tools-1.60-metric-tunnel-man.patch
 Patch71: net-tools-1.60-netstat-probe.patch
+Patch72: net-tools-1.60-scanf-format.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires(post): /sbin/chkconfig
@@ -164,6 +165,7 @@ ifconfig, netstat, route, and others.
 %patch69 -p1 -b .clear-flag
 %patch70 -p1 -b .metric-tunnel-man
 %patch71 -p1 -b .probe
+%patch72 -p1 -b .scanf-format
 
 cp %SOURCE2 ./config.h
 cp %SOURCE3 ./config.make
@@ -279,6 +281,10 @@ exit 0
 %{_sysconfdir}/rc.d/init.d/netplugd
 
 %changelog
+* Wed Jul  8 2009  Jiri Popelka <jpopelka at redhat.com> - 1.60-93
+- scanf format length fix (non exploitable?) from Fabian Hugelshofer <hugelshofer2006 at gmx.ch>
+- URL tag changed to http://net-tools.berlios.de/
+
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.60-92
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

More information about the fedora-extras-commits mailing list