Bring in the patches that fix the recent security problem.

PKGREVISION++
author: skrll <skrll@pkgsrc.org> 2002-12-04 21:20:06 +0000
committer: skrll <skrll@pkgsrc.org> 2002-12-04 21:20:06 +0000
commit: 8fbef927d3644f4280f5d68b5c2d3fa5db4f3b3c (patch)
tree: 236574cc78661ced316ed647178ef27fbcac9701 /net/kdenetwork3/patches
parent: b7761ee57708c84dfa6862d503fb5a679ba82557 (diff)
download: pkgsrc-8fbef927d3644f4280f5d68b5c2d3fa5db4f3b3c.tar.gz
5 files changed, 273 insertions, 0 deletions
diff --git a/net/kdenetwork3/patches/patch-an b/net/kdenetwork3/patches/patch-an
new file mode 100644
index 00000000000..eef19ef5748
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-an
@@ -0,0 +1,95 @@
+$NetBSD: patch-an,v 1.1 2002/12/04 21:20:06 skrll Exp $
+
+--- lanbrowsing/kio_lan/kio_lan.cpp.orig	Thu Jan  3 20:34:12 2002
++++ lanbrowsing/kio_lan/kio_lan.cpp
+@@ -176,13 +176,14 @@ int LANProtocol::lanReadDataFromServer()
+ 
+    char *currentBuf=receiveBuffer;
+    int bytesLeft=receivedBytes;
+-   int tmpIP;
+    //this should be large enough for a name
+-   char tmpName[1024];
++   char tmpName[4*1024];
+    //this should be large enough for the hostname
+-   char tmpHostname[512];
++   char tmpHostname[4*1024];
+    while (bytesLeft>0)
+    {
++      int tmpIP=2;
++      tmpName[0]='\0';
+       if ((memchr(currentBuf,0,bytesLeft)==0) || (memchr(currentBuf,int('\n'),bytesLeft)==0))
+       {
+          delete [] receiveBuffer;
+@@ -190,17 +191,19 @@ int LANProtocol::lanReadDataFromServer()
+          return 0;
+       };
+       kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: processing "<<currentBuf;
+-      sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+       //since we check for 0 and \n with memchr() we can be sure
+       //at this point that tmpBuf is correctly terminated
+       int length=strlen(currentBuf)+1;
++      if (length<(4*1024))
++         sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
++
+       bytesLeft-=length;
+       currentBuf+=length;
+-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
++      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0))
+       {
+          kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: succeeded"<<endl;
+       }
+-      else
++      else if (tmpIP!=2)
+       {
+          kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: listing host: "<<tmpName<<" with ip: "<<tmpIP<<endl;
+          UDSAtom atom;
+@@ -344,13 +347,14 @@ int LANProtocol::rlanReadDataFromServer(
+ 
+    char *currentBuf=receiveBuffer;
+    int bytesLeft=receivedBytes;
+-   int tmpIP;
+    //this should be large enough for a name
+-   char tmpName[1024];
++   char tmpName[4*1024];
+    //this should be large enough for the hostname
+-   char tmpHostname[512];
++   char tmpHostname[4*1024];
+    while (bytesLeft>0)
+    {
++      int tmpIP=2;
++      tmpName[0]='\0';
+       if ((memchr(currentBuf,0,bytesLeft)==0) || (memchr(currentBuf,int('\n'),bytesLeft)==0))
+       {
+          delete [] receiveBuffer;
+@@ -358,17 +362,19 @@ int LANProtocol::rlanReadDataFromServer(
+          return 0;
+       };
+       kdDebug(7101)<<"RLANProtocol::readDataFromServer: processing "<<currentBuf;
+-      sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+       //since we check for 0 and \n with memchr() we can be sure
+       //at this point that tmpBuf is correctly terminated
+       int length=strlen(currentBuf)+1;
++      if (length<(4*1024))
++         sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
++
+       bytesLeft-=length;
+       currentBuf+=length;
+-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
++      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0) )
+       {
+          kdDebug(7101)<<"RLANProtocol::readDataFromServer: succeeded"<<endl;
+       }
+-      else
++      else if (tmpIP!=2)
+       {
+          kdDebug(7101)<<"RLANProtocol::readDataFromServer: listing host: "<<tmpName<<" with ip: "<<tmpIP<<endl;
+          UDSAtom atom;
+@@ -436,7 +442,7 @@ int LANProtocol::checkHost(const QString
+          delete hostInfo;
+          return 0;
+       }
+-      memcpy(&ip, hp->h_addr, hp->h_length);
++      memcpy(&ip, hp->h_addr, sizeof(ip));
+ 
+       for (int i=0; i<KIOLAN_MAX; i++)
+       {
diff --git a/net/kdenetwork3/patches/patch-ao b/net/kdenetwork3/patches/patch-ao
new file mode 100644
index 00000000000..de99b7547d6
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-ao
@@ -0,0 +1,10 @@
+$NetBSD: patch-ao,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/ChangeLog.orig	Wed Jan  3 20:38:01 2001
++++ lanbrowsing/lisa/ChangeLog
+@@ -1,2 +1,5 @@
++0.1.3
++-security fixes: fixed LOGNAME vulnerabilty and another possible buffer overflow
++
+ Version 0.1
+ -initial version
diff --git a/net/kdenetwork3/patches/patch-ap b/net/kdenetwork3/patches/patch-ap
new file mode 100644
index 00000000000..a2386549840
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-ap
@@ -0,0 +1,13 @@
+$NetBSD: patch-ap,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/lisadefines.h.orig	Fri Oct 26 12:05:47 2001
++++ lanbrowsing/lisa/lisadefines.h
+@@ -2,7 +2,7 @@
+ #define LISADEFINES_H
+ 
+ 
+-#define MYVERSION "0.1.1"
++#define MYVERSION "0.2.2"
+ #define MY_ID 7741
+ #define MYPORT 7741
+ #define MAX_SPECS 32
diff --git a/net/kdenetwork3/patches/patch-aq b/net/kdenetwork3/patches/patch-aq
new file mode 100644
index 00000000000..a731548d845
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-aq
@@ -0,0 +1,121 @@
+$NetBSD: patch-aq,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/netmanager.cpp.orig	Sat Feb  2 22:27:59 2002
++++ lanbrowsing/lisa/netmanager.cpp
+@@ -27,6 +27,7 @@
+ #include <strings.h>
+ #include <errno.h>
+ #include <string.h>
++#include <pwd.h>
+ 
+ #ifndef AF_LOCAL
+ #define AF_LOCAL AF_UNIX
+@@ -70,7 +71,7 @@ NetManager::NetManager(int& rawSocketFD,
+ 
+ NetManager::~NetManager()
+ {
+-   mgetDebug()<<"netknife destructor ..."<<std::endl;
++   mgetDebug()<<"NetManager destructor ..."<<std::endl;
+    if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
+    ::close(m_listenFD);
+    ::close(m_bcFD);
+@@ -131,14 +132,28 @@ int NetManager::prepare()
+       m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
+       //m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
+       MyString socketName("/tmp/resLisa-");
+-      socketName+=getenv("LOGNAME");
++      struct passwd *user = getpwuid( getuid() );
++      if ( user )
++         socketName+=user->pw_name;
++      else
++         //should never happen
++         socketName+="???";
+       ::unlink(socketName.data());
+       sockaddr_un serverAddr;
+-//      bzero((char*)&serverAddr, sizeof(serverAddr));
++      if (socketName.length() >= sizeof(serverAddr.sun_path))
++      {
++         std::cout<<"NetManager::prepare: your user name  \""<<user->pw_name<<"\" is too long, exiting."<<std::endl;
++         return 0;
++      }
+       memset((void*)&serverAddr, 0, sizeof(serverAddr));
+-      serverAddr.sun_family      = AF_LOCAL;
+-      strcpy(serverAddr.sun_path,socketName.data());
+-      ::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
++      serverAddr.sun_family=AF_LOCAL;
++      strncpy(serverAddr.sun_path,socketName.data(),sizeof(serverAddr.sun_path));
++      result=::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
++      if (result!=0)
++      {
++         std::cout<<"NetManager::prepare: bind (UNIX socket) failed, errno: "<<errno<<std::endl;
++         return 0;
++      }
+    }
+    else
+    {
+@@ -148,7 +163,7 @@ int NetManager::prepare()
+       {
+          std::cout<<"NetManager::prepare: socket(TCP) failed, errno: "<<errno<<std::endl;
+          return 0;
+-      };
++      }
+ 
+       sockaddr_in serverAddress;
+ //      bzero((char*)&serverAddress, sizeof(serverAddress));
+@@ -654,6 +669,10 @@ int NetManager::readDataFromFD(int fd)
+    m_receivedBytes+=result;
+    if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
+    m_receiveBuffer=newBuf;
++   // too much data - abort at 2MB to avoid memory exhaustion
++   if (m_receivedBytes>2*1024*1024)
++     return 0;
++
+    return 1;
+ };
+ 
+@@ -665,14 +684,15 @@ int NetManager::processScanResults()
+ 
+    char *tmpBuf=m_receiveBuffer;
+    int bytesLeft=m_receivedBytes;
+-   int tmpIP;
+    mgetDebug()<<"m_receivedBytes: "<<m_receivedBytes<<" bytesLeft: "<<bytesLeft<<std::endl;
+    //this should be large enough for a name
+    //and the stuff which is inserted into the buffer
+-   //comes only from ourselves
++   //comes only from ourselves ... or attackers :-(
+    char tmpName[1024*4];
+    while (bytesLeft>0)
+    {
++      int tmpIP=2;  // well, some impossible IP address, 0 and 1 are already used for the last line of output
++      tmpName[0]='\0';
+       if ((memchr(tmpBuf,0,bytesLeft)==0) || (memchr(tmpBuf,int('\n'),bytesLeft)==0))
+       {
+          delete newNodes;
+@@ -687,14 +707,16 @@ int NetManager::processScanResults()
+          return 0;
+       };
+       //mgetDebug()<<"NetManager::processScanResults: processing -"<<tmpBuf;
+-      sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
+       //since we check for 0 and \n with memchr() we can be sure
+       //at this point that tmpBuf is correctly terminated
+       int length=strlen(tmpBuf)+1;
++      if (length<(4*1024))
++         sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
++
+       bytesLeft-=length;
+       tmpBuf+=length;
+       mgetDebug()<<"length: "<<length<<" bytesLeft: "<<bytesLeft<<std::endl;
+-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
++      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0))
+       {
+          mgetDebug()<<"NetManager::processScanResults: succeeded :-)"<<std::endl;
+          delete hostList;
+@@ -712,7 +734,7 @@ int NetManager::processScanResults()
+ 
+          return 1;
+       }
+-      else
++      else if (tmpIP!=2)
+       {
+          //mgetDebug()<<"NetManager::processScanResults: adding host: "<<tmpName<<" with ip: "<<tmpIP<<std::endl;
+          newNodes->append(Node(tmpName,tmpIP));
diff --git a/net/kdenetwork3/patches/patch-ar b/net/kdenetwork3/patches/patch-ar
new file mode 100644
index 00000000000..d34a65bc67b
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-ar
@@ -0,0 +1,34 @@
+$NetBSD: patch-ar,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/netscanner.cpp.orig	Sat Feb  2 22:27:59 2002
++++ lanbrowsing/lisa/netscanner.cpp
+@@ -36,6 +36,10 @@
+ #include <netinet/ip.h>
+ #include <netinet/ip_icmp.h>
+ 
++#ifndef INADDR_NONE
++#define INADDR_NONE -1
++#endif
++
+ #define mgetDebug() getDebug()<<procId
+ 
+ struct ICMPEchoRequest
+@@ -133,7 +137,7 @@ void NetScanner::configure(Config& confi
+       {
+          if ((m_strictMode) && (hostsAdded>=STRICTMODEMAXHOSTS))
+             break;
+-         memcpy(&server_addr, hp->h_addr, hp->h_length);
++         memcpy(&server_addr, hp->h_addr, sizeof(server_addr));
+          char *ip=inet_ntoa(server_addr);
+          mgetDebug()<<"NetScanner::configure(): looking up "<<nextName<<" gives -"<<ip<<"-"<<std::endl;
+          ipRangeStr=ipRangeStr+ip+';';
+@@ -377,6 +381,9 @@ void NetScanner::nmblookupScan(SimpleLis
+          };
+       };
+    } while (!done);
++
++   // Warning: The return value of plcose may be incorrect due to the
++   // SIGCHLD handler that is installed. Ignore it!
+    pclose(nmblookupFile);
+ 
+    delete [] tmpBuf;
author	skrll <skrll@pkgsrc.org>	2002-12-04 21:20:06 +0000
committer	skrll <skrll@pkgsrc.org>	2002-12-04 21:20:06 +0000
commit	8fbef927d3644f4280f5d68b5c2d3fa5db4f3b3c (patch)
tree	236574cc78661ced316ed647178ef27fbcac9701 /net/kdenetwork3/patches
parent	b7761ee57708c84dfa6862d503fb5a679ba82557 (diff)
download	pkgsrc-8fbef927d3644f4280f5d68b5c2d3fa5db4f3b3c.tar.gz