diff options
| author | tron <tron@pkgsrc.org> | 2008-05-22 12:10:49 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2008-05-22 12:10:49 +0000 |
| commit | 11ac3fc8aa1c02ed9bcd94fd2416df2f003db128 (patch) | |
| tree | 90b17ae0ff60bfa2f0294320caed74bc0da7963a /net | |
| parent | bcfbe6eceffe50ae3ff4eb316499bcf2a22a9b19 (diff) | |
| download | pkgsrc-11ac3fc8aa1c02ed9bcd94fd2416df2f003db128.tar.gz | |
Implement a fix for the security vulnerability reported in
<http://seclists.org/fulldisclosure/2008/May/0488.html>.
Diffstat (limited to 'net')
| -rw-r--r-- | net/mtr/Makefile | 3 | ||||
| -rw-r--r-- | net/mtr/distinfo | 3 | ||||
| -rw-r--r-- | net/mtr/patches/patch-ac | 45 |
3 files changed, 49 insertions, 2 deletions
diff --git a/net/mtr/Makefile b/net/mtr/Makefile index 909c1a05eeb..6b221bb9c4a 100644 --- a/net/mtr/Makefile +++ b/net/mtr/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.48 2007/08/16 23:12:20 joerg Exp $ +# $NetBSD: Makefile,v 1.49 2008/05/22 12:10:49 tron Exp $ DISTNAME= mtr-0.72 +PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.bitwizard.nl/mtr/ diff --git a/net/mtr/distinfo b/net/mtr/distinfo index ba3f9bbd337..5ba2e08d920 100644 --- a/net/mtr/distinfo +++ b/net/mtr/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.22 2006/10/03 19:15:20 wiz Exp $ +$NetBSD: distinfo,v 1.23 2008/05/22 12:10:49 tron Exp $ SHA1 (mtr-0.72.tar.gz) = afc26c9e8a30eba7ca92ba68d4489b0c9c07977d RMD160 (mtr-0.72.tar.gz) = 69843b82fb2de2b2a597c21a62d8eb9473df31b6 Size (mtr-0.72.tar.gz) = 295845 bytes SHA1 (patch-aa) = 3db4ccac08fadcf2fcf75753efc165c6d92a97c3 SHA1 (patch-ab) = 3923fcd252bdcd9475e937fb78d1d7e5ec607180 +SHA1 (patch-ac) = a34b91ff6ff7a89bea4fc8b262d7604017ff6fad diff --git a/net/mtr/patches/patch-ac b/net/mtr/patches/patch-ac new file mode 100644 index 00000000000..ae984e62aef --- /dev/null +++ b/net/mtr/patches/patch-ac @@ -0,0 +1,45 @@ +$NetBSD: patch-ac,v 1.3 2008/05/22 12:10:49 tron Exp $ + +--- split.c.orig 2005-01-11 08:34:07.000000000 +0000 ++++ split.c 2008-05-22 13:07:48.000000000 +0100 +@@ -100,24 +100,28 @@ + addr = net_addr(at); + + if( addrcmp( (void *) addr, (void *) &unspec_addr, af ) != 0 ) { ++ int bytes; + name = dns_lookup(addr); + if(name != NULL) { + /* May be we should test name's length */ +- sprintf(newLine, "%s %d %d %d %d %d %d", name, +- net_loss(at), +- net_returned(at), net_xmit(at), +- net_best(at) /1000, net_avg(at)/1000, +- net_worst(at)/1000); ++ bytes = snprintf(newLine, sizeof(newLine), "%s %d %d %d %d %d %d", ++ name, ++ net_loss(at), ++ net_returned(at), net_xmit(at), ++ net_best(at) /1000, net_avg(at)/1000, ++ net_worst(at)/1000); + } else { +- sprintf(newLine, "%s %d %d %d %d %d %d", +- strlongip( addr ), +- net_loss(at), +- net_returned(at), net_xmit(at), +- net_best(at) /1000, net_avg(at)/1000, +- net_worst(at)/1000); ++ bytes = snprintf(newLine, sizeof(newLine), "%s %d %d %d %d %d %d", ++ strlongip( addr ), ++ net_loss(at), ++ net_returned(at), net_xmit(at), ++ net_best(at) /1000, net_avg(at)/1000, ++ net_worst(at)/1000); + } ++ if (bytes < 0 || bytes >= sizeof(newLine)) ++ strcpy(newLine, "???"); + } else { +- sprintf(newLine, "???"); ++ strcpy(newLine, "???"); + } + + if (strcmp(newLine, Lines[at]) == 0) { |