Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 47173 Details for
Bug 76084
[new package] Dibbler - a portable DHCPv6 implementation
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
a patch to solve issues reported by the flawfinder with severity 3-5.
dibbler-0.3.1-security.patch (text/plain), 6.71 KB, created by
Tomasz Mrugalski
on 2004-12-29 15:10:36 UTC
(
hide
)
Description:
a patch to solve issues reported by the flawfinder with severity 3-5.
Filename:
MIME Type:
Creator:
Tomasz Mrugalski
Created:
2004-12-29 15:10:36 UTC
Size:
6.71 KB
patch
obsolete
>diff -uNr dibbler.orig/ClntCfgMgr/ClntParser.cpp dibbler/ClntCfgMgr/ClntParser.cpp >--- dibbler.orig/ClntCfgMgr/ClntParser.cpp 2004-12-08 01:13:57.000000000 +0100 >+++ dibbler/ClntCfgMgr/ClntParser.cpp 2004-12-29 22:42:07.783913312 +0100 >@@ -2022,9 +2022,9 @@ > x < (sizeof(yytname) / sizeof(char *)); x++) > if (yycheck[x + yyn] == x) > { >- strcat(msg, count == 0 ? ", expecting `" : " or `"); >- strcat(msg, yytname[x]); >- strcat(msg, "'"); >+ strncat(msg, count == 0 ? ", expecting `" : " or `",size+15-strlen(msg)); >+ strncat(msg, yytname[x], size+15-strlen(msg)); >+ strncat(msg, "'", size+15-strlen(msg)); > count++; > } > } >diff -uNr dibbler.orig/ClntIfaceMgr/ClntIfaceIface.cpp dibbler/ClntIfaceMgr/ClntIfaceIface.cpp >--- dibbler.orig/ClntIfaceMgr/ClntIfaceIface.cpp 2004-11-02 00:31:24.000000000 +0100 >+++ dibbler/ClntIfaceMgr/ClntIfaceIface.cpp 2004-12-29 22:42:07.810909208 +0100 >@@ -531,7 +531,7 @@ > FILE *f, *fout; > char buf[512]; > char fileout[512]; >- sprintf(buf,"%s-old", filename); >+ snprintf(buf,511,"%s-old", filename); > unsigned int len = strlen(str); > bool found = false; > >diff -uNr dibbler.orig/DHCPClient.cpp dibbler/DHCPClient.cpp >--- dibbler.orig/DHCPClient.cpp 2004-12-07 23:56:20.000000000 +0100 >+++ dibbler/DHCPClient.cpp 2004-12-29 22:42:07.822907384 +0100 >@@ -62,7 +62,11 @@ > TDHCPClient::TDHCPClient(string config) > { > serviceShutdown = 0; >- srand(now()); >+ >+ // This one is just used to delay client startup a bit, so it is not >+ // a security risk. >+ srand(now()); // Flawfinder: ignore >+ > this->IsDone = false; > > IfaceMgr = new TClntIfaceMgr(CLNTIFACEMGR_FILE); >diff -uNr dibbler.orig/DHCPServer.cpp dibbler/DHCPServer.cpp >--- dibbler.orig/DHCPServer.cpp 2004-12-07 01:45:09.000000000 +0100 >+++ dibbler/DHCPServer.cpp 2004-12-29 22:42:07.824907080 +0100 >@@ -61,7 +61,11 @@ > TDHCPServer::TDHCPServer(string config) > { > serviceShutdown = 0; >- srand(now()); >+ >+ // This one is just used to delay client startup a bit, so it is not >+ // a security risk. >+ srand(now()); // Flawfinder: ignore >+ > this->IsDone = false; > > this->IfaceMgr = new TSrvIfaceMgr(SRVIFACEMGR_FILE); >diff -uNr dibbler.orig/misc/addrpack.c dibbler/misc/addrpack.c >--- dibbler.orig/misc/addrpack.c 2004-01-14 23:03:07.000000000 +0100 >+++ dibbler/misc/addrpack.c 2004-12-29 22:42:07.825906928 +0100 >@@ -134,7 +134,7 @@ > { > char tmp[sizeof "255.255.255.255"]; > sprintf(tmp,"%u.%u.%u.%u", src[0], src[1], src[2], src[3]); >- return strcpy(dst, tmp); >+ return strncpy(dst, tmp,15); > } > > >@@ -206,7 +206,7 @@ > (NS_IN6ADDRSZ / NS_INT16SZ)) > *tp++ = ':'; > *tp++ = '\0'; >- return strcpy(dst, tmp); >+ return strncpy(dst, tmp,48); > } > > void print_packed(char * addr) >diff -uNr dibbler.orig/misc/IPv6Addr.cpp dibbler/misc/IPv6Addr.cpp >--- dibbler.orig/misc/IPv6Addr.cpp 2004-12-07 21:53:14.000000000 +0100 >+++ dibbler/misc/IPv6Addr.cpp 2004-12-29 22:42:07.826906776 +0100 >@@ -26,7 +26,7 @@ > > TIPv6Addr::TIPv6Addr(char* addr, bool plain) { > if (plain) { >- strcpy(Plain,addr); >+ strncpy(Plain,addr,48); > inet_pton6(Plain,Addr); > } else { > memcpy(Addr,addr,16); >diff -uNr dibbler.orig/port-linux/addrpack.c dibbler/port-linux/addrpack.c >--- dibbler.orig/port-linux/addrpack.c 2004-01-14 23:03:07.000000000 +0100 >+++ dibbler/port-linux/addrpack.c 2004-12-29 22:42:07.827906624 +0100 >@@ -134,7 +134,7 @@ > { > char tmp[sizeof "255.255.255.255"]; > sprintf(tmp,"%u.%u.%u.%u", src[0], src[1], src[2], src[3]); >- return strcpy(dst, tmp); >+ return strncpy(dst, tmp,16); > } > > >@@ -206,7 +206,7 @@ > (NS_IN6ADDRSZ / NS_INT16SZ)) > *tp++ = ':'; > *tp++ = '\0'; >- return strcpy(dst, tmp); >+ return strncpy(dst, tmp,48); > } > > void print_packed(char * addr) >diff -uNr dibbler.orig/port-linux/layer3.c dibbler/port-linux/layer3.c >--- dibbler.orig/port-linux/layer3.c 2004-12-08 01:20:14.000000000 +0100 >+++ dibbler/port-linux/layer3.c 2004-12-29 22:42:07.829906320 +0100 >@@ -171,7 +171,7 @@ > #endif > > tmp = malloc(sizeof(struct iface)); >- snprintf(tmp->name,MAX_IFNAME_LENGTH,(char*)RTA_DATA(tb[IFLA_IFNAME])); >+ snprintf(tmp->name,MAX_IFNAME_LENGTH,"%s",(char*)RTA_DATA(tb[IFLA_IFNAME])); > tmp->id=ifi->ifi_index; > tmp->flags=ifi->ifi_flags; > tmp->next=head; >diff -uNr dibbler.orig/port-linux/ll_map.c dibbler/port-linux/ll_map.c >--- dibbler.orig/port-linux/ll_map.c 2004-01-14 23:03:07.000000000 +0100 >+++ dibbler/port-linux/ll_map.c 2004-12-29 22:42:07.830906168 +0100 >@@ -81,7 +81,7 @@ > im->alen = 0; > memset(im->addr, 0, sizeof(im->addr)); > } >- strcpy(im->name, RTA_DATA(tb[IFLA_IFNAME])); >+ strncpy(im->name, RTA_DATA(tb[IFLA_IFNAME]), 16); > return 0; > } > >@@ -150,7 +150,7 @@ > for (im = idxmap[i]; im; im = im->next) { > if (strcmp(im->name, name) == 0) { > icache = im->index; >- strcpy(ncache, name); >+ strncpy(ncache, name,16); > return im->index; > } > } >diff -uNr dibbler.orig/port-linux/lowlevel-options-linux.c dibbler/port-linux/lowlevel-options-linux.c >--- dibbler.orig/port-linux/lowlevel-options-linux.c 2004-11-30 01:54:25.000000000 +0100 >+++ dibbler/port-linux/lowlevel-options-linux.c 2004-12-29 22:42:07.831906016 +0100 >@@ -16,7 +16,8 @@ > */ > > #include <stdio.h> >-#include "sys/stat.h" >+#include <sys/stat.h> >+#include <fcntl.h> > #include "Portable.h" > > #define CR 0x0a >@@ -50,6 +51,7 @@ > FILE * f, *f2; > char buf[512]; > int found=0; >+ int fildes; > struct stat st; > memset(&st,0,sizeof(st)); > stat(RESOLVCONF_FILE, &st); >@@ -68,7 +70,11 @@ > fclose(f); > fclose(f2); > >- chmod(RESOLVCONF_FILE, st.st_mode); >+ fildes = open(RESOLVCONF_FILE,O_RDWR); >+ if (fildes==-1) >+ return 0; >+ fchmod(fildes, st.st_mode); >+ close(fildes); > return 0; > } > >@@ -96,6 +102,7 @@ > FILE * f, *f2; > char buf[512]; > int found=0; >+ int fildes; > struct stat st; > memset(&st,0,sizeof(st)); > stat(RESOLVCONF_FILE, &st); >@@ -116,7 +123,11 @@ > fclose(f); > fclose(f2); > >- chmod(RESOLVCONF_FILE,st.st_mode); >+ fildes = open(RESOLVCONF_FILE,O_RDWR); >+ if (fildes==-1) >+ return 0; >+ fchmod(fildes, st.st_mode); >+ close(fildes); > return 0; > } > >diff -uNr dibbler.orig/SrvCfgMgr/SrvParser.cpp dibbler/SrvCfgMgr/SrvParser.cpp >--- dibbler.orig/SrvCfgMgr/SrvParser.cpp 2004-12-07 01:43:03.000000000 +0100 >+++ dibbler/SrvCfgMgr/SrvParser.cpp 2004-12-29 22:42:07.834905560 +0100 >@@ -1921,9 +1921,9 @@ > x < (sizeof(yytname) / sizeof(char *)); x++) > if (yycheck[x + yyn] == x) > { >- strcat(msg, count == 0 ? ", expecting `" : " or `"); >- strcat(msg, yytname[x]); >- strcat(msg, "'"); >+ strncat(msg, count == 0 ? ", expecting `" : " or `", size+15-strlen(msg)); >+ strncat(msg, yytname[x], size+15-strlen(msg)); >+ strncat(msg, "'", size+15-strlen(msg)); > count++; > } > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=47173">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 76084
:
47169
|
47170
|
47171
|
47172
| 47173 |
47174
|
48905
|
66824
|
66825
|
66826
|
66827
