diff options
| -rw-r--r-- | net/ethereal/Makefile | 4 | ||||
| -rw-r--r-- | net/ethereal/distinfo | 3 | ||||
| -rw-r--r-- | net/ethereal/patches/patch-ac | 64 |
3 files changed, 68 insertions, 3 deletions
diff --git a/net/ethereal/Makefile b/net/ethereal/Makefile index 1e4f01dbe90..0393dc5a6f6 100644 --- a/net/ethereal/Makefile +++ b/net/ethereal/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.120 2005/12/05 23:55:13 rillig Exp $ +# $NetBSD: Makefile,v 1.121 2005/12/10 21:55:35 salo Exp $ DISTNAME= ethereal-0.10.13 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= net MASTER_SITES= http://www.ethereal.com/distribution/ \ http://ethereal.planetmirror.com/distribution/ \ diff --git a/net/ethereal/distinfo b/net/ethereal/distinfo index 00186c8791d..12c56f54b4c 100644 --- a/net/ethereal/distinfo +++ b/net/ethereal/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.45 2005/11/01 20:28:56 frueauf Exp $ +$NetBSD: distinfo,v 1.46 2005/12/10 21:55:35 salo Exp $ SHA1 (ethereal-0.10.13.tar.bz2) = 4ed2014a1ede6bdb05fbe99b0469a030c7794a13 RMD160 (ethereal-0.10.13.tar.bz2) = 54f6431ac2d807e0d7dd896af71463d340c66107 Size (ethereal-0.10.13.tar.bz2) = 8029087 bytes SHA1 (patch-aa) = 0513b971c0af032fc64fc181fbd64d78aef0d044 SHA1 (patch-ab) = bfbefb0ae66607068e21d0912a15a72606ab8ea8 +SHA1 (patch-ac) = 101cbc6315b2ad9732b70d697295ad8e4a389dcd diff --git a/net/ethereal/patches/patch-ac b/net/ethereal/patches/patch-ac new file mode 100644 index 00000000000..ecf0e1b9514 --- /dev/null +++ b/net/ethereal/patches/patch-ac @@ -0,0 +1,64 @@ +$NetBSD: patch-ac,v 1.5 2005/12/10 21:55:35 salo Exp $ + +Security fix for CVE-2005-3651, from Ethereal SVN tree. + +--- epan/dissectors/packet-ospf.c.orig 2005-10-10 15:23:02.000000000 +0200 ++++ epan/dissectors/packet-ospf.c 2005-12-10 21:40:23.000000000 +0100 +@@ -2321,39 +2321,28 @@ + static void dissect_ospf_v3_address_prefix(tvbuff_t *tvb, int offset, int prefix_length, proto_tree *tree) + { + +- guint8 value; +- guint8 position; +- guint8 bufpos; +- gchar *buffer; +- gchar *bytebuf; +- guint8 bytes_to_process; +- int start_offset; +- +- start_offset=offset; +- position=0; +- bufpos=0; +- bytes_to_process=((prefix_length+31)/32)*4; +- +- buffer=ep_alloc(32+7); +- while (bytes_to_process > 0 ) { +- +- value=tvb_get_guint8(tvb, offset); ++ int bytes_to_process; ++ struct e_in6_addr prefix; + +- if ( (position > 0) && ( (position%2) == 0 ) ) +- buffer[bufpos++]=':'; ++ bytes_to_process=((prefix_length+31)/32)*4; + +- bytebuf=ep_alloc(3); +- g_snprintf(bytebuf, 3, "%02x",value); +- buffer[bufpos++]=bytebuf[0]; +- buffer[bufpos++]=bytebuf[1]; +- +- position++; +- offset++; +- bytes_to_process--; ++ if (prefix_length > 128) { ++ proto_tree_add_text(tree, tvb, offset, bytes_to_process, ++ "Address Prefix: length is invalid (%d, should be <= 128)", ++ prefix_length); ++ return; + } + +- buffer[bufpos]=0; +- proto_tree_add_text(tree, tvb, start_offset, ((prefix_length+31)/32)*4, "Address Prefix: %s",buffer); ++ memset(prefix.bytes, 0, sizeof prefix.bytes); ++ if (bytes_to_process != 0) { ++ tvb_memcpy(tvb, prefix.bytes, offset, bytes_to_process); ++ if (prefix_length % 8) { ++ prefix.bytes[bytes_to_process - 1] &= ++ ((0xff00 >> (prefix_length % 8)) & 0xff); ++ } ++ } ++ proto_tree_add_text(tree, tvb, offset, bytes_to_process, ++ "Address Prefix: %s", ip6_to_str(&prefix)); + + } + |