pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q3]: pkgsrc/net/ethereal Pullup ticket 950 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/f18e81cce7cc
branches: pkgsrc-2005Q3
changeset: 499737:f18e81cce7cc
user: snj <snj%pkgsrc.org@localhost>
date: Sat Dec 10 23:40:57 2005 +0000
description:
Pullup ticket 950 - requested by Lubomir Sedlacik
security fix for ethereal
Revisions pulled up:
- pkgsrc/net/ethereal/Makefile 1.121
- pkgsrc/net/ethereal/distinfo 1.46
- pkgsrc/net/ethereal/patches/patch-ac 1.5
Modified Files:
pkgsrc/net/ethereal: Makefile distinfo
Added Files:
pkgsrc/net/ethereal/patches: patch-ac
Log Message:
Security fix for CVE-2005-3651:
"Remote exploitation of an input validation vulnerability in the OSPF
protocol dissectors within Ethereal, as included in various vendors
operating system distributions, could allow attackers to crash the
vulnerable process or potentially execute arbitrary code."
http://www.idefense.com/application/poi/display?id=349&type=vulnerabilities
Patch from the Ethereal SVN repository.
diffstat:
net/ethereal/Makefile | 4 +-
net/ethereal/distinfo | 3 +-
net/ethereal/patches/patch-ac | 64 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 68 insertions(+), 3 deletions(-)
diffs (94 lines):
diff -r 0bf31dc5a349 -r f18e81cce7cc net/ethereal/Makefile
--- a/net/ethereal/Makefile Sat Dec 10 22:47:13 2005 +0000
+++ b/net/ethereal/Makefile Sat Dec 10 23:40:57 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.115.2.2 2005/11/03 13:27:30 salo Exp $
+# $NetBSD: Makefile,v 1.115.2.3 2005/12/10 23:40:57 snj Exp $
DISTNAME= ethereal-0.10.13
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= http://www.ethereal.com/distribution/ \
http://ethereal.planetmirror.com/distribution/ \
diff -r 0bf31dc5a349 -r f18e81cce7cc net/ethereal/distinfo
--- a/net/ethereal/distinfo Sat Dec 10 22:47:13 2005 +0000
+++ b/net/ethereal/distinfo Sat Dec 10 23:40:57 2005 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.42.2.2 2005/11/03 13:27:30 salo Exp $
+$NetBSD: distinfo,v 1.42.2.3 2005/12/10 23:40:58 snj Exp $
SHA1 (ethereal-0.10.13.tar.bz2) = 4ed2014a1ede6bdb05fbe99b0469a030c7794a13
RMD160 (ethereal-0.10.13.tar.bz2) = 54f6431ac2d807e0d7dd896af71463d340c66107
Size (ethereal-0.10.13.tar.bz2) = 8029087 bytes
SHA1 (patch-aa) = 0513b971c0af032fc64fc181fbd64d78aef0d044
SHA1 (patch-ab) = bfbefb0ae66607068e21d0912a15a72606ab8ea8
+SHA1 (patch-ac) = 101cbc6315b2ad9732b70d697295ad8e4a389dcd
diff -r 0bf31dc5a349 -r f18e81cce7cc net/ethereal/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/ethereal/patches/patch-ac Sat Dec 10 23:40:57 2005 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-ac,v 1.3.2.2 2005/12/10 23:40:58 snj Exp $
+
+Security fix for CVE-2005-3651, from Ethereal SVN tree.
+
+--- epan/dissectors/packet-ospf.c.orig 2005-10-10 15:23:02.000000000 +0200
++++ epan/dissectors/packet-ospf.c 2005-12-10 21:40:23.000000000 +0100
+@@ -2321,39 +2321,28 @@
+ static void dissect_ospf_v3_address_prefix(tvbuff_t *tvb, int offset, int prefix_length, proto_tree *tree)
+ {
+
+- guint8 value;
+- guint8 position;
+- guint8 bufpos;
+- gchar *buffer;
+- gchar *bytebuf;
+- guint8 bytes_to_process;
+- int start_offset;
+-
+- start_offset=offset;
+- position=0;
+- bufpos=0;
+- bytes_to_process=((prefix_length+31)/32)*4;
+-
+- buffer=ep_alloc(32+7);
+- while (bytes_to_process > 0 ) {
+-
+- value=tvb_get_guint8(tvb, offset);
++ int bytes_to_process;
++ struct e_in6_addr prefix;
+
+- if ( (position > 0) && ( (position%2) == 0 ) )
+- buffer[bufpos++]=':';
++ bytes_to_process=((prefix_length+31)/32)*4;
+
+- bytebuf=ep_alloc(3);
+- g_snprintf(bytebuf, 3, "%02x",value);
+- buffer[bufpos++]=bytebuf[0];
+- buffer[bufpos++]=bytebuf[1];
+-
+- position++;
+- offset++;
+- bytes_to_process--;
++ if (prefix_length > 128) {
++ proto_tree_add_text(tree, tvb, offset, bytes_to_process,
++ "Address Prefix: length is invalid (%d, should be <= 128)",
++ prefix_length);
++ return;
+ }
+
+- buffer[bufpos]=0;
+- proto_tree_add_text(tree, tvb, start_offset, ((prefix_length+31)/32)*4, "Address Prefix: %s",buffer);
++ memset(prefix.bytes, 0, sizeof prefix.bytes);
++ if (bytes_to_process != 0) {
++ tvb_memcpy(tvb, prefix.bytes, offset, bytes_to_process);
++ if (prefix_length % 8) {
++ prefix.bytes[bytes_to_process - 1] &=
++ ((0xff00 >> (prefix_length % 8)) & 0xff);
++ }
++ }
++ proto_tree_add_text(tree, tvb, offset, bytes_to_process,
++ "Address Prefix: %s", ip6_to_str(&prefix));
+
+ }
+
Home |
Main Index |
Thread Index |
Old Index