pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/ethereal Security fix for CVE-2005-3651:
details: https://anonhg.NetBSD.org/pkgsrc/rev/134433245576
branches: trunk
changeset: 504389:134433245576
user: salo <salo%pkgsrc.org@localhost>
date: Sat Dec 10 21:55:35 2005 +0000
description:
Security fix for CVE-2005-3651:
"Remote exploitation of an input validation vulnerability in the OSPF
protocol dissectors within Ethereal, as included in various vendors
operating system distributions, could allow attackers to crash the
vulnerable process or potentially execute arbitrary code."
http://www.idefense.com/application/poi/display?id=349&type=vulnerabilities
Patch from the Ethereal SVN repository.
diffstat:
net/ethereal/Makefile | 4 +-
net/ethereal/distinfo | 3 +-
net/ethereal/patches/patch-ac | 64 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 68 insertions(+), 3 deletions(-)
diffs (94 lines):
diff -r c907c3b00462 -r 134433245576 net/ethereal/Makefile
--- a/net/ethereal/Makefile Sat Dec 10 21:31:41 2005 +0000
+++ b/net/ethereal/Makefile Sat Dec 10 21:55:35 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.120 2005/12/05 23:55:13 rillig Exp $
+# $NetBSD: Makefile,v 1.121 2005/12/10 21:55:35 salo Exp $
DISTNAME= ethereal-0.10.13
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= http://www.ethereal.com/distribution/ \
http://ethereal.planetmirror.com/distribution/ \
diff -r c907c3b00462 -r 134433245576 net/ethereal/distinfo
--- a/net/ethereal/distinfo Sat Dec 10 21:31:41 2005 +0000
+++ b/net/ethereal/distinfo Sat Dec 10 21:55:35 2005 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.45 2005/11/01 20:28:56 frueauf Exp $
+$NetBSD: distinfo,v 1.46 2005/12/10 21:55:35 salo Exp $
SHA1 (ethereal-0.10.13.tar.bz2) = 4ed2014a1ede6bdb05fbe99b0469a030c7794a13
RMD160 (ethereal-0.10.13.tar.bz2) = 54f6431ac2d807e0d7dd896af71463d340c66107
Size (ethereal-0.10.13.tar.bz2) = 8029087 bytes
SHA1 (patch-aa) = 0513b971c0af032fc64fc181fbd64d78aef0d044
SHA1 (patch-ab) = bfbefb0ae66607068e21d0912a15a72606ab8ea8
+SHA1 (patch-ac) = 101cbc6315b2ad9732b70d697295ad8e4a389dcd
diff -r c907c3b00462 -r 134433245576 net/ethereal/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/ethereal/patches/patch-ac Sat Dec 10 21:55:35 2005 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-ac,v 1.5 2005/12/10 21:55:35 salo Exp $
+
+Security fix for CVE-2005-3651, from Ethereal SVN tree.
+
+--- epan/dissectors/packet-ospf.c.orig 2005-10-10 15:23:02.000000000 +0200
++++ epan/dissectors/packet-ospf.c 2005-12-10 21:40:23.000000000 +0100
+@@ -2321,39 +2321,28 @@
+ static void dissect_ospf_v3_address_prefix(tvbuff_t *tvb, int offset, int prefix_length, proto_tree *tree)
+ {
+
+- guint8 value;
+- guint8 position;
+- guint8 bufpos;
+- gchar *buffer;
+- gchar *bytebuf;
+- guint8 bytes_to_process;
+- int start_offset;
+-
+- start_offset=offset;
+- position=0;
+- bufpos=0;
+- bytes_to_process=((prefix_length+31)/32)*4;
+-
+- buffer=ep_alloc(32+7);
+- while (bytes_to_process > 0 ) {
+-
+- value=tvb_get_guint8(tvb, offset);
++ int bytes_to_process;
++ struct e_in6_addr prefix;
+
+- if ( (position > 0) && ( (position%2) == 0 ) )
+- buffer[bufpos++]=':';
++ bytes_to_process=((prefix_length+31)/32)*4;
+
+- bytebuf=ep_alloc(3);
+- g_snprintf(bytebuf, 3, "%02x",value);
+- buffer[bufpos++]=bytebuf[0];
+- buffer[bufpos++]=bytebuf[1];
+-
+- position++;
+- offset++;
+- bytes_to_process--;
++ if (prefix_length > 128) {
++ proto_tree_add_text(tree, tvb, offset, bytes_to_process,
++ "Address Prefix: length is invalid (%d, should be <= 128)",
++ prefix_length);
++ return;
+ }
+
+- buffer[bufpos]=0;
+- proto_tree_add_text(tree, tvb, start_offset, ((prefix_length+31)/32)*4, "Address Prefix: %s",buffer);
++ memset(prefix.bytes, 0, sizeof prefix.bytes);
++ if (bytes_to_process != 0) {
++ tvb_memcpy(tvb, prefix.bytes, offset, bytes_to_process);
++ if (prefix_length % 8) {
++ prefix.bytes[bytes_to_process - 1] &=
++ ((0xff00 >> (prefix_length % 8)) & 0xff);
++ }
++ }
++ proto_tree_add_text(tree, tvb, offset, bytes_to_process,
++ "Address Prefix: %s", ip6_to_str(&prefix));
+
+ }
+
Home |
Main Index |
Thread Index |
Old Index