Fix buffer overflows (bug #337851). Fix MAC address output format.

(Portage version: 2.2.0_alpha49/cvs/Linux x86_64)

2 files changed, 101 insertions, 0 deletions

diff --git a/net-analyzer/packit/files/packit-1.0-format.patch b/net-analyzer/packit/files/packit-1.0-format.patch
new file mode 100644
index 000000000000..0ad430206a47
--- /dev/null
+++ b/net-analyzer/packit/files/packit-1.0-format.patch
@@ -0,0 +1,43 @@
+The original objective seems to have been to apply padding, but this
+is not done at all: instead, set a precision. -JeR
+
+--- a/src/shape_arp_hdr.c
++++ b/src/shape_arp_hdr.c
+@@ -94,7 +94,7 @@
+     if(format_ethernet_addr(ahdr_o.s_eaddr, s_neaddr) == 0)
+         fatal_error("Invalid sender ethernet address");
+ 
+-    snprintf(ahdr_o.shw_addr, 18, "%0X:%0X:%0X:%0X:%0X:%0X",
++    snprintf(ahdr_o.shw_addr, 18, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X",
+         s_neaddr[0], s_neaddr[1], s_neaddr[2], s_neaddr[3], s_neaddr[4], s_neaddr[5]);
+ 
+     if(ahdr_o.r_paddr == NULL)
+@@ -139,7 +139,7 @@
+     if(format_ethernet_addr(ahdr_o.r_eaddr, r_neaddr) == 0)
+         fatal_error("Invalid receiver ethernet address");
+ 
+-    snprintf(ahdr_o.rhw_addr, 18, "%0X:%0X:%0X:%0X:%0X:%0X",
++    snprintf(ahdr_o.rhw_addr, 18, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X",
+         r_neaddr[0], r_neaddr[1], r_neaddr[2], r_neaddr[3], r_neaddr[4], r_neaddr[5]);
+ 
+     if(libnet_build_arp(
+--- a/src/shape_ethernet_hdr.c.org
++++ b/src/shape_ethernet_hdr.c
+@@ -56,7 +56,7 @@
+         if(format_ethernet_addr(ehdr_o.s_addr, us_addr) == 0)
+             fatal_error("Invalid source ethernet address");
+     
+-    snprintf(ehdr_o.shw_addr, 18, "%0X:%0X:%0X:%0X:%0X:%0X",
++    snprintf(ehdr_o.shw_addr, 18, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X",
+         us_addr[0], us_addr[1], us_addr[2], us_addr[3], us_addr[4], us_addr[5]);
+ 
+     if(ehdr_o.d_addr == NULL && injection_type == ETHERTYPE_ARP)
+@@ -71,7 +71,7 @@
+     if(format_ethernet_addr(ehdr_o.d_addr, ud_addr) == 0)
+         fatal_error("Invalid destination ethernet address");
+ 
+-    snprintf(ehdr_o.dhw_addr, 18, "%0X:%0X:%0X:%0X:%0X:%0X",
++    snprintf(ehdr_o.dhw_addr, 18, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X",
+         ud_addr[0], ud_addr[1], ud_addr[2], ud_addr[3], ud_addr[4], ud_addr[5]);
+ 
+     if(libnet_build_ethernet(
diff --git a/net-analyzer/packit/files/packit-1.0-overflow.patch b/net-analyzer/packit/files/packit-1.0-overflow.patch
new file mode 100644
index 000000000000..3adf31a6bb82
--- /dev/null
+++ b/net-analyzer/packit/files/packit-1.0-overflow.patch
@@ -0,0 +1,58 @@
+--- a/src/utils.c
++++ b/src/utils.c
+@@ -137,7 +137,7 @@
+ #endif
+ 
+     va_start(va, msgp);
+-    vsnprintf(msg, 256, msgp, va);
++    vsnprintf(msg, 255, msgp, va);
+ 
+     msg_len = strlen(msg);
+ 
+--- a/src/exit.c
++++ b/src/exit.c
+@@ -36,7 +36,7 @@
+         while(1)
+         {
+             fprintf(stderr, "\n\nWould you like to quit? (y/n): ");
+-            fgets(a, 16, stdin);
++            fgets(a, 2, stdin);
+ 
+             if(!strncasecmp(a, "Y", 1))            
+                 break;
+--- a/src/define_defaults.c
++++ b/src/define_defaults.c
+@@ -36,7 +36,7 @@
+     rand_d_port = (p_mode == M_TRACE) ? 1 : 0;
+     r_timeout = 1;
+     burst_rate = 1;
+-    hwaddr_p[17] = 0;
++    /* hwaddr_p[18] = 0; */
+     init_type = 1;
+     interval_sec = 1;
+     interval_usec = 0;
+--- a/src/inject_defs.h
++++ b/src/inject_defs.h
+@@ -132,9 +132,9 @@
+     u_int16_t rand_d_addr;
+ 
+     u_int8_t *s_addr;                   /* source ethernet address string */
+-    u_int8_t shw_addr[17];
++    u_int8_t shw_addr[18];
+     u_int8_t *d_addr;                   /* destination ethernet address string */
+-    u_int8_t dhw_addr[17];
++    u_int8_t dhw_addr[18];
+ } ehdr_o;
+ 
+ struct arphdr_opts
+@@ -153,8 +153,8 @@
+     u_int8_t *r_eaddr;                  /* receiver ethernet address */
+     u_int16_t rand_r_eaddr;
+ 
+-    u_int8_t shw_addr[17];
+-    u_int8_t rhw_addr[17];
++    u_int8_t shw_addr[18];
++    u_int8_t rhw_addr[18];
+ } ahdr_o;
+ 
+ libnet_t *pkt_d;