Summary: | net-analyzer/tcpreplay _FORTIFY_SOURCE indicates presence of overflow | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | Current packages | Assignee: | Gentoo Netmon project <netmon> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | hardened |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://tcpreplay.synfin.net/changeset/2480 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 259417 | ||
Attachments: |
Build log
Patch to tcpreplay-3.4.4.ebuild to add sed statement to fix overflow |
Description
Diego Elio Pettenò (RETIRED)
2010-09-09 14:46:27 UTC
Created attachment 246603 [details]
Build log
Created attachment 246800 [details, diff]
Patch to tcpreplay-3.4.4.ebuild to add sed statement to fix overflow
Upstream declares a char ipaddr[16], then tells snprintf that the length is 17. This sed bumps the buffer up to char ipaddr[20].
Looks like it's fixed in 3.4.5beta2 and in the URL. Maybe we can introduce that patch or get 3.4.5_beta2 in the tree. Or wait for the final 3.4.5. 3.4.5_beta2 is in the tree. Index: package.mask =================================================================== RCS file: /var/cvsroot/gentoo-x86/profiles/package.mask,v retrieving revision 1.12116 retrieving revision 1.12117 diff -u -B -r1.12116 -r1.12117 --- package.mask 29 Oct 2010 10:15:28 -0000 1.12116 +++ package.mask 29 Oct 2010 13:16:33 -0000 1.12117 @@ -1,5 +1,5 @@ #################################################################### -# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.12116 2010/10/29 10:15:28 ssuominen Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.12117 2010/10/29 13:16:33 pva Exp $ # # When you add an entry to the top of this file, add your name, the date, and # an explanation of why something is getting masked. Please be extremely @@ -31,6 +31,10 @@ #--- END OF EXAMPLES --- +# Peter Volkov <pva@gentoo.org> (29 Oct 2010) +# mask beta release +=net-analyzer/tcpreplay-3.4.5* + # Samuli Suominen <ssuominen@gentoo.org> (29 Oct 2010) # freqtweak, bug 336160, uses obsolete wxgtk # mplinuxman, bug 338863, for old MP3 players, overflows buffers Could the patch be applied to 3.4.4 then? *tcpreplay-3.4.4-r1 (29 Oct 2010) 29 Oct 2010; Peter Volkov <pva@gentoo.org> +tcpreplay-3.4.4-r1.ebuild, +files/tcpreplay-3.4.4-crash.patch: Fix buffer overflow (bug #336605) in stable version. |