Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 153971 Details for
Bug 223017
net-analyzer/mtr <0.73-r2 Stack-based buffer overflow (CVE-2008-2357)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
mtr-0.73-remove-sprintf.patch
mtr-0.73-remove-sprintf.patch (text/plain), 9.02 KB, created by
Robert Buchholz (RETIRED)
on 2008-05-22 18:53:54 UTC
(
hide
)
Description:
mtr-0.73-remove-sprintf.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-05-22 18:53:54 UTC
Size:
9.02 KB
patch
obsolete
>Index: mtr-0.73/dns.c >=================================================================== >--- mtr-0.73.orig/dns.c >+++ mtr-0.73/dns.c >@@ -883,7 +883,7 @@ void resendrequest(struct resolve *rp,in > if (type == T_A) { > dorequest(rp->hostname,type,rp->id); > if (debug) { >- sprintf(tempstring,"Resolver: Sent reverse authentication request for \"%s\".", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Sent reverse authentication request for \"%s\".", > rp->hostname); > restell(tempstring); > } >@@ -904,7 +904,7 @@ void resendrequest(struct resolve *rp,in > } > dorequest(tempstring,type,rp->id); > if (debug) { >- sprintf(tempstring,"Resolver: Sent domain lookup request for \"%s\".", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Sent domain lookup request for \"%s\".", > strlongip( &(rp->ip) )); > restell(tempstring); > } >@@ -940,7 +940,7 @@ void passrp(struct resolve *rp,long ttl) > rp->expiretime = sweeptime + (double)ttl; > untieresolve(rp); > if (debug) { >- sprintf(tempstring,"Resolver: Lookup successful: %s\n",rp->hostname); >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Lookup successful: %s\n",rp->hostname); > restell(tempstring); > } > } >@@ -997,7 +997,7 @@ void parserespacket(byte *s, int l) > case NOERROR: > if (hp->ancount) { > if (debug) { >- sprintf(tempstring,"Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)", > hp->qdcount,hp->ancount,hp->nscount,hp->arcount); > restell(tempstring); > } >@@ -1037,14 +1037,14 @@ void parserespacket(byte *s, int l) > namestring[strlen(stackstring)] = '\0'; > if (strcasecmp(stackstring,namestring)) { > if (debug) { >- sprintf(tempstring,"Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")", > stackstring,namestring); > restell(tempstring); > } > return; > } > if (debug) { >- sprintf(tempstring,"Resolver: Queried domain name: \"%s\"",namestring); >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Queried domain name: \"%s\"",namestring); > restell(tempstring); > } > c+= r; >@@ -1055,7 +1055,7 @@ void parserespacket(byte *s, int l) > qdatatype = sucknetword(c); > qclass = sucknetword(c); > if (qclass != C_IN) { >- sprintf(tempstring,"Resolver error: Received unsupported query class: %u (%s)", >+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unsupported query class: %u (%s)", > qclass,qclass < ClasstypeCount ? classtypes[qclass] : > classtypes[ClasstypeCount]); > restell(tempstring); >@@ -1069,7 +1069,7 @@ void parserespacket(byte *s, int l) > } > break; > default: >- sprintf(tempstring,"Resolver error: Received unimplemented query type: %u (%s)", >+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented query type: %u (%s)", > qdatatype,qdatatype < ResourcetypeCount ? > resourcetypes[qdatatype] : resourcetypes[ResourcetypeCount]); > restell(tempstring); >@@ -1091,7 +1091,7 @@ void parserespacket(byte *s, int l) > else > usefulanswer = 1; > if (debug) { >- sprintf(tempstring,"Resolver: answered domain query: \"%s\"",namestring); >+ snprintf(tempstring, sizeof(tempstring), "Resolver: answered domain query: \"%s\"",namestring); > restell(tempstring); > } > c+= r; >@@ -1104,10 +1104,10 @@ void parserespacket(byte *s, int l) > ttl = sucknetlong(c); > rdatalength = sucknetword(c); > if (class != qclass) { >- sprintf(tempstring,"query class: %u (%s)",qclass,qclass < ClasstypeCount ? >+ snprintf(tempstring, sizeof(tempstring), "query class: %u (%s)",qclass,qclass < ClasstypeCount ? > classtypes[qclass] : classtypes[ClasstypeCount]); > restell(tempstring); >- sprintf(tempstring,"rr class: %u (%s)",class,class < ClasstypeCount ? >+ snprintf(tempstring, sizeof(tempstring), "rr class: %u (%s)",class,class < ClasstypeCount ? > classtypes[class] : classtypes[ClasstypeCount]); > restell(tempstring); > restell("Resolver error: Answered class does not match queried class."); >@@ -1123,20 +1123,20 @@ void parserespacket(byte *s, int l) > } > if (datatype == qdatatype || datatype == T_CNAME) { > if (debug) { >- sprintf(tempstring,"Resolver: TTL: %s",strtdiff(sendstring,ttl)); >+ snprintf(tempstring, sizeof(tempstring), "Resolver: TTL: %s",strtdiff(sendstring,ttl)); > restell(tempstring); > } > if (usefulanswer) > switch (datatype) { > case T_A: > if (rdatalength != 4) { >- sprintf(tempstring,"Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)", >+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)", > rdatalength); > restell(tempstring); > return; > } > if ( addrcmp( (void *) &(rp->ip), (void *) c, af ) == 0 ) { >- sprintf(tempstring,"Resolver: Reverse authentication failed: %s != ", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication failed: %s != ", > strlongip( &(rp->ip) )); > addrcpy( (void *) &alignedip, (void *) c, af ); > strcat(tempstring,strlongip( &alignedip )); >@@ -1144,7 +1144,7 @@ void parserespacket(byte *s, int l) > res_hostipmismatch++; > failrp(rp); > } else { >- sprintf(tempstring,"Resolver: Reverse authentication complete: %s == \"%s\".", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication complete: %s == \"%s\".", > strlongip( &(rp->ip) ),nonull(rp->hostname)); > restell(tempstring); > res_reversesuccess++; >@@ -1161,7 +1161,7 @@ void parserespacket(byte *s, int l) > return; > } > if (debug) { >- sprintf(tempstring,"Resolver: Answered domain: \"%s\"",namestring); >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Answered domain: \"%s\"",namestring); > restell(tempstring); > } > if (r > HostnameLength) { >@@ -1186,14 +1186,14 @@ void parserespacket(byte *s, int l) > } > break; > default: >- sprintf(tempstring,"Resolver error: Received unimplemented data type: %u (%s)", >+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented data type: %u (%s)", > datatype,datatype < ResourcetypeCount ? > resourcetypes[datatype] : resourcetypes[ResourcetypeCount]); > restell(tempstring); > } > } else { > if (debug) { >- sprintf(tempstring,"Resolver: Ignoring resource type %u. (%s)", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Ignoring resource type %u. (%s)", > datatype,datatype < ResourcetypeCount ? > resourcetypes[datatype] : resourcetypes[ResourcetypeCount]); > restell(tempstring); >@@ -1211,7 +1211,7 @@ void parserespacket(byte *s, int l) > failrp(rp); > break; > default: >- sprintf(tempstring,"Resolver: Received error response %u. (%s)", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Received error response %u. (%s)", > getheader_rcode(hp),getheader_rcode(hp) < ResponsecodeCount ? > responsecodes[getheader_rcode(hp)] : responsecodes[ResponsecodeCount]); > restell(tempstring); >@@ -1242,13 +1242,13 @@ void dns_ack(void) > (void *) &(from4->sin_addr), AF_INET ) == 0 ) > break; > if (i == _res.nscount) { >- sprintf(tempstring,"Resolver error: Received reply from unknown source: %s", >+ snprintf(tempstring, sizeof(tempstring), "Resolver error: Received reply from unknown source: %s", > inet_ntoa(from4->sin_addr )); > restell(tempstring); > } else > parserespacket((byte *)resrecvbuf,r); > } else { >- sprintf(tempstring,"Resolver: Socket error: %s",strerror(errno)); >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Socket error: %s",strerror(errno)); > restell(tempstring); > } > } >@@ -1277,7 +1277,7 @@ void dns_events(double *sinterval) > case STATE_FINISHED: /* TTL has expired */ > case STATE_FAILED: /* Fake TTL has expired */ > if (debug) { >- sprintf(tempstring,"Resolver: Cache record for \"%s\" (%s) has expired. (state: %u) Marked for expire at: %g, time: %g.", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Cache record for \"%s\" (%s) has expired. (state: %u) Marked for expire at: %g, time: %g.", > nonull(rp->hostname), strlongip( &(rp->ip) ), > rp->state, rp->expiretime, sweeptime); > restell(tempstring); >@@ -1321,14 +1321,14 @@ char *dns_lookup2(ip_t * ip) > if ((rp->state == STATE_FINISHED) || (rp->state == STATE_FAILED)) { > if ((rp->state == STATE_FINISHED) && (rp->hostname)) { > if (debug) { >- sprintf(tempstring,"Resolver: Used cached record: %s == \"%s\".\n", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Used cached record: %s == \"%s\".\n", > strlongip(ip),rp->hostname); > restell(tempstring); > } > return rp->hostname; > } else { > if (debug) { >- sprintf(tempstring,"Resolver: Used failed record: %s == ???\n", >+ snprintf(tempstring, sizeof(tempstring), "Resolver: Used failed record: %s == ???\n", > strlongip(ip)); > restell(tempstring); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 223017
: 153971