Bring in the patches that fix the recent security problem.

PKGREVISION++
author: skrll <skrll> 2002-12-04 21:20:06 +0000
committer: skrll <skrll> 2002-12-04 21:20:06 +0000
commit: f7a8b553a73ebb947b2fbf5d2ce8ceeb115a1657 (patch)
tree: 236574cc78661ced316ed647178ef27fbcac9701 /net
parent: 777cad88624f60ccf5808c1b26c9ec9cf9ffc488 (diff)
download: pkgsrc-f7a8b553a73ebb947b2fbf5d2ce8ceeb115a1657.tar.gz
7 files changed, 281 insertions, 3 deletions
diff --git a/net/kdenetwork3/Makefile b/net/kdenetwork3/Makefile
index 95b5cdb9351..91de6ba04bf 100644
--- a/net/kdenetwork3/Makefile
+++ b/net/kdenetwork3/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.8 2002/11/01 16:34:41 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2002/12/04 21:20:06 skrll Exp $
 
 DISTNAME=	kdenetwork-3.0.4
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	net
 COMMENT=	Network modules for the KDE integrated X11 desktop
 
diff --git a/net/kdenetwork3/distinfo b/net/kdenetwork3/distinfo
index 77dd62cdfb0..bdffec0ce65 100644
--- a/net/kdenetwork3/distinfo
+++ b/net/kdenetwork3/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2002/10/14 09:13:52 skrll Exp $
+$NetBSD: distinfo,v 1.5 2002/12/04 21:20:06 skrll Exp $
 
 SHA1 (kdenetwork-3.0.4.tar.bz2) = 4288cde85cf157f442b71fa3cc3cc82917eadb6d
 Size (kdenetwork-3.0.4.tar.bz2) = 3961252 bytes
@@ -13,3 +13,8 @@ SHA1 (patch-aj) = e8cfe911eee70e6562d616ba374a3f8ce53c67cd
 SHA1 (patch-ak) = 018cff6d72916b528e8e4e47b8cc01cb36799e24
 SHA1 (patch-al) = 13c6bfb20fc49ae22d30029044808c9b77747754
 SHA1 (patch-am) = ea75731f5c51c7a4868f4e63e3b97b9a78d6d80c
+SHA1 (patch-an) = 8d38aba40b2c05f4a5fcdbb83aa662187bf3dec8
+SHA1 (patch-ao) = 130417f82bdf5ef3f9e3aefa37aceebdde2857a7
+SHA1 (patch-ap) = 33441bf7af2e1c48a92d3b48c963fe9b98c77846
+SHA1 (patch-aq) = 30b5dc24d5899e79fa56ef9eb6a18fc30a3a0456
+SHA1 (patch-ar) = 964ffac4b98451c00999bcacbd92bb9ed747b6e0
diff --git a/net/kdenetwork3/patches/patch-an b/net/kdenetwork3/patches/patch-an
new file mode 100644
index 00000000000..eef19ef5748
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-an
@@ -0,0 +1,95 @@
+$NetBSD: patch-an,v 1.1 2002/12/04 21:20:06 skrll Exp $
+
+--- lanbrowsing/kio_lan/kio_lan.cpp.orig	Thu Jan  3 20:34:12 2002
++++ lanbrowsing/kio_lan/kio_lan.cpp
+@@ -176,13 +176,14 @@ int LANProtocol::lanReadDataFromServer()
+ 
+    char *currentBuf=receiveBuffer;
+    int bytesLeft=receivedBytes;
+-   int tmpIP;
+    //this should be large enough for a name
+-   char tmpName[1024];
++   char tmpName[4*1024];
+    //this should be large enough for the hostname
+-   char tmpHostname[512];
++   char tmpHostname[4*1024];
+    while (bytesLeft>0)
+    {
++      int tmpIP=2;
++      tmpName[0]='\0';
+       if ((memchr(currentBuf,0,bytesLeft)==0) || (memchr(currentBuf,int('\n'),bytesLeft)==0))
+       {
+          delete [] receiveBuffer;
+@@ -190,17 +191,19 @@ int LANProtocol::lanReadDataFromServer()
+          return 0;
+       };
+       kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: processing "<<currentBuf;
+-      sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+       //since we check for 0 and \n with memchr() we can be sure
+       //at this point that tmpBuf is correctly terminated
+       int length=strlen(currentBuf)+1;
++      if (length<(4*1024))
++         sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
++
+       bytesLeft-=length;
+       currentBuf+=length;
+-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
++      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0))
+       {
+          kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: succeeded"<<endl;
+       }
+-      else
++      else if (tmpIP!=2)
+       {
+          kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: listing host: "<<tmpName<<" with ip: "<<tmpIP<<endl;
+          UDSAtom atom;
+@@ -344,13 +347,14 @@ int LANProtocol::rlanReadDataFromServer(
+ 
+    char *currentBuf=receiveBuffer;
+    int bytesLeft=receivedBytes;
+-   int tmpIP;
+    //this should be large enough for a name
+-   char tmpName[1024];
++   char tmpName[4*1024];
+    //this should be large enough for the hostname
+-   char tmpHostname[512];
++   char tmpHostname[4*1024];
+    while (bytesLeft>0)
+    {
++      int tmpIP=2;
++      tmpName[0]='\0';
+       if ((memchr(currentBuf,0,bytesLeft)==0) || (memchr(currentBuf,int('\n'),bytesLeft)==0))
+       {
+          delete [] receiveBuffer;
+@@ -358,17 +362,19 @@ int LANProtocol::rlanReadDataFromServer(
+          return 0;
+       };
+       kdDebug(7101)<<"RLANProtocol::readDataFromServer: processing "<<currentBuf;
+-      sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+       //since we check for 0 and \n with memchr() we can be sure
+       //at this point that tmpBuf is correctly terminated
+       int length=strlen(currentBuf)+1;
++      if (length<(4*1024))
++         sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
++
+       bytesLeft-=length;
+       currentBuf+=length;
+-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
++      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0) )
+       {
+          kdDebug(7101)<<"RLANProtocol::readDataFromServer: succeeded"<<endl;
+       }
+-      else
++      else if (tmpIP!=2)
+       {
+          kdDebug(7101)<<"RLANProtocol::readDataFromServer: listing host: "<<tmpName<<" with ip: "<<tmpIP<<endl;
+          UDSAtom atom;
+@@ -436,7 +442,7 @@ int LANProtocol::checkHost(const QString
+          delete hostInfo;
+          return 0;
+       }
+-      memcpy(&ip, hp->h_addr, hp->h_length);
++      memcpy(&ip, hp->h_addr, sizeof(ip));
+ 
+       for (int i=0; i<KIOLAN_MAX; i++)
+       {
diff --git a/net/kdenetwork3/patches/patch-ao b/net/kdenetwork3/patches/patch-ao
new file mode 100644
index 00000000000..de99b7547d6
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-ao
@@ -0,0 +1,10 @@
+$NetBSD: patch-ao,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/ChangeLog.orig	Wed Jan  3 20:38:01 2001
++++ lanbrowsing/lisa/ChangeLog
+@@ -1,2 +1,5 @@
++0.1.3
++-security fixes: fixed LOGNAME vulnerabilty and another possible buffer overflow
++
+ Version 0.1
+ -initial version
diff --git a/net/kdenetwork3/patches/patch-ap b/net/kdenetwork3/patches/patch-ap
new file mode 100644
index 00000000000..a2386549840
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-ap
@@ -0,0 +1,13 @@
+$NetBSD: patch-ap,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/lisadefines.h.orig	Fri Oct 26 12:05:47 2001
++++ lanbrowsing/lisa/lisadefines.h
+@@ -2,7 +2,7 @@
+ #define LISADEFINES_H
+ 
+ 
+-#define MYVERSION "0.1.1"
++#define MYVERSION "0.2.2"
+ #define MY_ID 7741
+ #define MYPORT 7741
+ #define MAX_SPECS 32
diff --git a/net/kdenetwork3/patches/patch-aq b/net/kdenetwork3/patches/patch-aq
new file mode 100644
index 00000000000..a731548d845
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-aq
@@ -0,0 +1,121 @@
+$NetBSD: patch-aq,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/netmanager.cpp.orig	Sat Feb  2 22:27:59 2002
++++ lanbrowsing/lisa/netmanager.cpp
+@@ -27,6 +27,7 @@
+ #include <strings.h>
+ #include <errno.h>
+ #include <string.h>
++#include <pwd.h>
+ 
+ #ifndef AF_LOCAL
+ #define AF_LOCAL AF_UNIX
+@@ -70,7 +71,7 @@ NetManager::NetManager(int& rawSocketFD,
+ 
+ NetManager::~NetManager()
+ {
+-   mgetDebug()<<"netknife destructor ..."<<std::endl;
++   mgetDebug()<<"NetManager destructor ..."<<std::endl;
+    if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
+    ::close(m_listenFD);
+    ::close(m_bcFD);
+@@ -131,14 +132,28 @@ int NetManager::prepare()
+       m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
+       //m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
+       MyString socketName("/tmp/resLisa-");
+-      socketName+=getenv("LOGNAME");
++      struct passwd *user = getpwuid( getuid() );
++      if ( user )
++         socketName+=user->pw_name;
++      else
++         //should never happen
++         socketName+="???";
+       ::unlink(socketName.data());
+       sockaddr_un serverAddr;
+-//      bzero((char*)&serverAddr, sizeof(serverAddr));
++      if (socketName.length() >= sizeof(serverAddr.sun_path))
++      {
++         std::cout<<"NetManager::prepare: your user name  \""<<user->pw_name<<"\" is too long, exiting."<<std::endl;
++         return 0;
++      }
+       memset((void*)&serverAddr, 0, sizeof(serverAddr));
+-      serverAddr.sun_family      = AF_LOCAL;
+-      strcpy(serverAddr.sun_path,socketName.data());
+-      ::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
++      serverAddr.sun_family=AF_LOCAL;
++      strncpy(serverAddr.sun_path,socketName.data(),sizeof(serverAddr.sun_path));
++      result=::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
++      if (result!=0)
++      {
++         std::cout<<"NetManager::prepare: bind (UNIX socket) failed, errno: "<<errno<<std::endl;
++         return 0;
++      }
+    }
+    else
+    {
+@@ -148,7 +163,7 @@ int NetManager::prepare()
+       {
+          std::cout<<"NetManager::prepare: socket(TCP) failed, errno: "<<errno<<std::endl;
+          return 0;
+-      };
++      }
+ 
+       sockaddr_in serverAddress;
+ //      bzero((char*)&serverAddress, sizeof(serverAddress));
+@@ -654,6 +669,10 @@ int NetManager::readDataFromFD(int fd)
+    m_receivedBytes+=result;
+    if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
+    m_receiveBuffer=newBuf;
++   // too much data - abort at 2MB to avoid memory exhaustion
++   if (m_receivedBytes>2*1024*1024)
++     return 0;
++
+    return 1;
+ };
+ 
+@@ -665,14 +684,15 @@ int NetManager::processScanResults()
+ 
+    char *tmpBuf=m_receiveBuffer;
+    int bytesLeft=m_receivedBytes;
+-   int tmpIP;
+    mgetDebug()<<"m_receivedBytes: "<<m_receivedBytes<<" bytesLeft: "<<bytesLeft<<std::endl;
+    //this should be large enough for a name
+    //and the stuff which is inserted into the buffer
+-   //comes only from ourselves
++   //comes only from ourselves ... or attackers :-(
+    char tmpName[1024*4];
+    while (bytesLeft>0)
+    {
++      int tmpIP=2;  // well, some impossible IP address, 0 and 1 are already used for the last line of output
++      tmpName[0]='\0';
+       if ((memchr(tmpBuf,0,bytesLeft)==0) || (memchr(tmpBuf,int('\n'),bytesLeft)==0))
+       {
+          delete newNodes;
+@@ -687,14 +707,16 @@ int NetManager::processScanResults()
+          return 0;
+       };
+       //mgetDebug()<<"NetManager::processScanResults: processing -"<<tmpBuf;
+-      sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
+       //since we check for 0 and \n with memchr() we can be sure
+       //at this point that tmpBuf is correctly terminated
+       int length=strlen(tmpBuf)+1;
++      if (length<(4*1024))
++         sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
++
+       bytesLeft-=length;
+       tmpBuf+=length;
+       mgetDebug()<<"length: "<<length<<" bytesLeft: "<<bytesLeft<<std::endl;
+-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
++      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0))
+       {
+          mgetDebug()<<"NetManager::processScanResults: succeeded :-)"<<std::endl;
+          delete hostList;
+@@ -712,7 +734,7 @@ int NetManager::processScanResults()
+ 
+          return 1;
+       }
+-      else
++      else if (tmpIP!=2)
+       {
+          //mgetDebug()<<"NetManager::processScanResults: adding host: "<<tmpName<<" with ip: "<<tmpIP<<std::endl;
+          newNodes->append(Node(tmpName,tmpIP));
diff --git a/net/kdenetwork3/patches/patch-ar b/net/kdenetwork3/patches/patch-ar
new file mode 100644
index 00000000000..d34a65bc67b
--- /dev/null
+++ b/net/kdenetwork3/patches/patch-ar
@@ -0,0 +1,34 @@
+$NetBSD: patch-ar,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/netscanner.cpp.orig	Sat Feb  2 22:27:59 2002
++++ lanbrowsing/lisa/netscanner.cpp
+@@ -36,6 +36,10 @@
+ #include <netinet/ip.h>
+ #include <netinet/ip_icmp.h>
+ 
++#ifndef INADDR_NONE
++#define INADDR_NONE -1
++#endif
++
+ #define mgetDebug() getDebug()<<procId
+ 
+ struct ICMPEchoRequest
+@@ -133,7 +137,7 @@ void NetScanner::configure(Config& confi
+       {
+          if ((m_strictMode) && (hostsAdded>=STRICTMODEMAXHOSTS))
+             break;
+-         memcpy(&server_addr, hp->h_addr, hp->h_length);
++         memcpy(&server_addr, hp->h_addr, sizeof(server_addr));
+          char *ip=inet_ntoa(server_addr);
+          mgetDebug()<<"NetScanner::configure(): looking up "<<nextName<<" gives -"<<ip<<"-"<<std::endl;
+          ipRangeStr=ipRangeStr+ip+';';
+@@ -377,6 +381,9 @@ void NetScanner::nmblookupScan(SimpleLis
+          };
+       };
+    } while (!done);
++
++   // Warning: The return value of plcose may be incorrect due to the
++   // SIGCHLD handler that is installed. Ignore it!
+    pclose(nmblookupFile);
+ 
+    delete [] tmpBuf;
author	skrll <skrll>	2002-12-04 21:20:06 +0000
committer	skrll <skrll>	2002-12-04 21:20:06 +0000
commit	f7a8b553a73ebb947b2fbf5d2ce8ceeb115a1657 (patch)
tree	236574cc78661ced316ed647178ef27fbcac9701 /net
parent	777cad88624f60ccf5808c1b26c9ec9cf9ffc488 (diff)
download	pkgsrc-f7a8b553a73ebb947b2fbf5d2ce8ceeb115a1657.tar.gz