Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 202237 Details for
Bug 282653
<net-dns/dnsmasq-2.5.0[tftp] Multiple vulnerabilities (CVE-2009-{2957,2958})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
dnsmasq-CVE-2009-2957+2958.patch
dnsmasq-CVE-2009-2957+2958.patch (text/plain), 2.73 KB, created by
Alex Legler (RETIRED)
on 2009-08-25 09:30:48 UTC
(
hide
)
Description:
dnsmasq-CVE-2009-2957+2958.patch
Filename:
MIME Type:
Creator:
Alex Legler (RETIRED)
Created:
2009-08-25 09:30:48 UTC
Size:
2.73 KB
patch
obsolete
>Upstream patch for CVE-2009-2957 and CVE-2009-2958. Bug 282653. > >--- dnsmasq-2.49/src/tftp.c 2009-06-08 22:12:43.000000000 +0100 >+++ dnsmasq-2.50/src/tftp.c 2009-08-21 10:57:34.000000000 +0100 >@@ -192,20 +192,21 @@ > > while ((opt = next(&p, end))) > { >- if (strcasecmp(opt, "blksize") == 0 && >- (opt = next(&p, end)) && >- !(daemon->options & OPT_TFTP_NOBLOCK)) >+ if (strcasecmp(opt, "blksize") == 0) > { >- transfer->blocksize = atoi(opt); >- if (transfer->blocksize < 1) >- transfer->blocksize = 1; >- if (transfer->blocksize > (unsigned)daemon->packet_buff_sz - 4) >- transfer->blocksize = (unsigned)daemon->packet_buff_sz - 4; >- transfer->opt_blocksize = 1; >- transfer->block = 0; >+ if ((opt = next(&p, end)) && >+ !(daemon->options & OPT_TFTP_NOBLOCK)) >+ { >+ transfer->blocksize = atoi(opt); >+ if (transfer->blocksize < 1) >+ transfer->blocksize = 1; >+ if (transfer->blocksize > (unsigned)daemon->packet_buff_sz - 4) >+ transfer->blocksize = (unsigned)daemon->packet_buff_sz - 4; >+ transfer->opt_blocksize = 1; >+ transfer->block = 0; >+ } > } >- >- if (strcasecmp(opt, "tsize") == 0 && next(&p, end) && !transfer->netascii) >+ else if (strcasecmp(opt, "tsize") == 0 && next(&p, end) && !transfer->netascii) > { > transfer->opt_transize = 1; > transfer->block = 0; >@@ -217,17 +218,17 @@ > { > if (daemon->tftp_prefix[0] == '/') > daemon->namebuff[0] = 0; >- strncat(daemon->namebuff, daemon->tftp_prefix, MAXDNAME); >+ strncat(daemon->namebuff, daemon->tftp_prefix, (MAXDNAME-1) - strlen(daemon->namebuff)); > if (daemon->tftp_prefix[strlen(daemon->tftp_prefix)-1] != '/') >- strncat(daemon->namebuff, "/", MAXDNAME); >+ strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff)); > > if (daemon->options & OPT_TFTP_APREF) > { > size_t oldlen = strlen(daemon->namebuff); > struct stat statbuf; > >- strncat(daemon->namebuff, inet_ntoa(peer.sin_addr), MAXDNAME); >- strncat(daemon->namebuff, "/", MAXDNAME); >+ strncat(daemon->namebuff, inet_ntoa(peer.sin_addr), (MAXDNAME-1) - strlen(daemon->namebuff)); >+ strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff)); > > /* remove unique-directory if it doesn't exist */ > if (stat(daemon->namebuff, &statbuf) == -1 || !S_ISDIR(statbuf.st_mode)) >@@ -245,8 +246,7 @@ > } > else if (filename[0] == '/') > daemon->namebuff[0] = 0; >- strncat(daemon->namebuff, filename, MAXDNAME); >- daemon->namebuff[MAXDNAME-1] = 0; >+ strncat(daemon->namebuff, filename, (MAXDNAME-1) - strlen(daemon->namebuff)); > > /* check permissions and open file */ > if ((transfer->file = check_tftp_fileperm(&len)))
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 282653
: 202237