Bug#714256: marked as done (packit: Off-by-one string error.)

Debian Bug Tracking System Tue, 15 Dec 2015 15:55:31 -0800

Your message dated Tue, 15 Dec 2015 23:51:18 +0000
with message-id <e1a8zng-00071g...@franck.debian.org>
and subject line Bug#714256: fixed in packit 1.0-3
has caused the Debian Bug report #714256,
regarding packit: Off-by-one string error.
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
714256: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714256
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: packit
Version: 1.0-2
Severity: important
Tags: patch

The package source allocates 17 bytes to strings intended
for hardware addresses, where in fact 18 are needed due
to the trailing null-character. The code is assigning a value
to hwadd[17], so errors do happen. Patches are included.

Please observe, that these two updating patches are conceived
together with a new patch submitted to #652510, so I ask the
maintainer to attend to both bugs. Taken together, the set of
three patches were instrumental in debugging the package rarpd.

Best regards,
  Mats Erik Andersson, DM

>From 1523448405c42d09079ec4a15a8f839657f0d14b Mon Sep 17 00:00:00 2001
From: Mats Erik Andersson <g...@gisladisker.se>
Date: Mon, 3 Jun 2013 23:03:18 +0200
Subject: [PATCH 1/3] Off-by-one string error.

Strings for hardware addresses are allocated
with 17 characters only, neglecting the trailing
null-character.

Remove tabs for better readability.
---
 src/inject_defs.h     | 10 +++++-----
 src/print_arp_hdr.c   |  4 ++--
 src/print_injection.c |  4 ++--
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/inject_defs.h b/src/inject_defs.h
index b2c4774..e9a56cf 100644
--- a/src/inject_defs.h
+++ b/src/inject_defs.h
@@ -132,9 +132,9 @@ struct enethdr_opts
     u_int16_t rand_d_addr;
 
     u_int8_t *s_addr;                   /* source ethernet address string */
-    u_int8_t shw_addr[17];
+    u_int8_t shw_addr[18];
     u_int8_t *d_addr;                   /* destination ethernet address string */
-    u_int8_t dhw_addr[17];
+    u_int8_t dhw_addr[18];
 } ehdr_o;
 
 struct arphdr_opts
@@ -153,8 +153,8 @@ struct arphdr_opts
     u_int8_t *r_eaddr;                  /* receiver ethernet address */
     u_int16_t rand_r_eaddr;
 
-    u_int8_t shw_addr[17];
-    u_int8_t rhw_addr[17];
+    u_int8_t shw_addr[18];
+    u_int8_t rhw_addr[18];
 } ahdr_o;
 
 libnet_t *pkt_d;
@@ -174,7 +174,7 @@ u_int16_t payload_len;
 u_int8_t *payload;
 u_int8_t hex_payload;
 u_int8_t *s_d_port;
-u_int8_t hwaddr_p[17];
+u_int8_t hwaddr_p[18];
 u_int8_t rawip;
 
 struct timeval bf_pcap;
diff --git a/src/print_arp_hdr.c b/src/print_arp_hdr.c
index 36c3fb8..24f52d2 100644
--- a/src/print_arp_hdr.c
+++ b/src/print_arp_hdr.c
@@ -39,11 +39,11 @@ print_arp_hdr(u_int8_t *packet)
     arp_hw_t = retrieve_arp_hw_type(htons(ahdr->ar_hrd));
 
     fprintf(stdout, "ARP header:  Type: %s(%d)\n", arp_t, htons(ahdr->ar_op));
-    fprintf(stdout, "\t     Hardware Format: %s  Length: %d\n", 
+    fprintf(stdout, "     Hardware Format: %s  Length: %d\n",
         arp_hw_t, 
 	ahdr->ar_hln);
     
-    fprintf(stdout, "\t     Protocol Format: %d  Length: %d\n", 
+    fprintf(stdout, "     Protocol Format: %d  Length: %d\n",
         ahdr->ar_pro, 
 	ahdr->ar_pln);
 
diff --git a/src/print_injection.c b/src/print_injection.c
index e019fca..a1d8cd8 100644
--- a/src/print_injection.c
+++ b/src/print_injection.c
@@ -179,11 +179,11 @@ print_injection_details()
 	arp_t = retrieve_arp_type(ahdr_o.op_type);
 
 	fprintf(stdout, "ARP header:  Type: %s(%d)\n", arp_t, ahdr_o.op_type);
-	fprintf(stdout, "\t     Sender:  Protocol Address: %s  Hardware Address: %s\n",
+	fprintf(stdout, "     Sender:  Protocol Address: %s  Hardware Address: %.17s\n",
 	    ahdr_o.s_paddr,
 	    ahdr_o.shw_addr); 
 	
-	fprintf(stdout, "\t     Target:  Protocol Address: %s  Hardware Address: %s\n",
+	fprintf(stdout, "     Target:  Protocol Address: %s  Hardware Address: %.17s\n",
 	    ahdr_o.r_paddr,
 	    ahdr_o.rhw_addr); 
 
-- 
1.8.1

>From 9517bdefdaf9be9b5905b2f11f0766d5a52a8630 Mon Sep 17 00:00:00 2001
From: Mats Erik Andersson <g...@gisladisker.se>
Date: Thu, 27 Jun 2013 11:34:37 +0200
Subject: [PATCH 2/3] Allow contemporary autotools.

---
 configure.in    | 2 +-
 src/Makefile.am | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/configure.in b/configure.in
index 49edd02..5295a0b 100644
--- a/configure.in
+++ b/configure.in
@@ -25,7 +25,7 @@ dnl Copyright (c) 2002-2003 Darren Bounds
 dnl All rights reserved.
 
 AC_INIT(src/main.c)
-AM_CONFIG_HEADER(config.h)
+AC_CONFIG_HEADERS(config.h)
 PACKIT_VERSION=`cat VERSION`
 AC_MSG_RESULT(beginning auto-configuration process for packit-$PACKIT_VERSION...)
 AM_INIT_AUTOMAKE(packit, $PACKIT_VERSION)
diff --git a/src/Makefile.am b/src/Makefile.am
index 4ff931c..2af09a9 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -61,7 +61,6 @@ packit_LDFLAGS=
 INCLUDES=@INCLUDES@
 
 all:
-	#strip @BINS@
 	cp @BINS@ $(top_srcdir)
 
 clean:
-- 
1.8.1

--- End Message ---

--- Begin Message ---

Source: packit
Source-Version: 1.0-3

We believe that the bug you reported is fixed in the latest version of
packit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 714...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joao Eriberto Mota Filho <eribe...@debian.org> (supplier of updated packit 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 14 Dec 2015 00:35:18 -0200
Source: packit
Binary: packit
Architecture: source
Version: 1.0-3
Distribution: unstable
Urgency: medium
Maintainer: Joao Eriberto Mota Filho <eribe...@debian.org>
Changed-By: Joao Eriberto Mota Filho <eribe...@debian.org>
Description:
 packit     - network injection and capture tool
Closes: 298799 386150 497793 497797 652510 714256 807844
Changes:
 packit (1.0-3) unstable; urgency=medium
 .
   * New maintainer. LaMont Jones is co-maintainer now. Thanks a lot for your
       work over this package since 2003.
   * Migrations:
       - debian/copyright to 1.0 format.
       - debian/rules to (new) reduced format.
       - DebSrc to 3.0.
       - DH level to 9.
       - Using dh-autoreconf now.
   * debian/clean: add to remove some files created when building and forgotten
       by upstream when running the cleaning actions.
   * debian/control:
       - Added a comma as separator in Depends field.
       - Added a Homepage field.
       - Bumped Standards-Version to 3.9.6.
       - Changed from XS-Vcs-* fields to Vcs-*. Using collab-maint now.
       - Improved the descriptions.
       - Moved the Section field from binary to source field.
       - Removed the (now) unnecessary minimal version for libnet1-dev.
       - Reorganized the Build-Depends field.
       - Replaced from libpcap-dev to libpcap0.8-dev in Build-Depends field.
   * debian/copyright: updated all information, including the upstream email
       address.
   * debian/docs: created to install the upstream docs/ICMP.txt file. Thanks to
       Olivier Macchioni <m...@dax.tuxfinder.com>. (Closes: #497797)
   * debian/patches/:
       - The old packaging stile allowed direct changes in upstream source code.
         Now, several patches were created to avoid these direct changes. So,
         the following new patches are being provided:
           ~ 010_fix_id_field_in_manpage.patch
           ~ 020_fix_header_field_in_pcap-int.h.patch
           ~ 030_fix_FTBFS_pcap_h.patch
           ~ 040_fix_call_to_pcap-bpf_h.patch
           ~ 050_honor_nostrip.patch
       - There are these new patches too:
           ~ 060_fix_spelling_errors.patch: added to fix spelling errors in some
             files.
           ~ 070_RARP_support.patch: added to implement RARP support. Thanks to
             Mats Erik Andersson <mats.anders...@gisladisker.se>.
             (Closes: #652510)
           ~ 080_off-by-one_string_error.patch: added to fix off-by-one string
             error and update autotools. Thanks to Mats Erik Andersson
             <mats.anders...@gisladisker.se>. (Closes: #714256)
           ~ 090_fix_typo_in_source_code.patch added to fix a typo in option
             parsing code which made -D always random when random -S was used.
             Thanks to Dennis Vshivkov <wal...@amur.ru> (Closes: #298799)
           ~ 100_fix_segfault.patch: added to fix segfault when using 
inject-mode
             with no arguments. Thanks to Deniz Adrian <adr...@netzquadrat.de>.
             (Closes: #386150)
           ~ 110_remove_duplication_in_manpage_and_fix_a_path.patch: added to
             remove duplicate lines in the man page and to fix the path of the
             ICMP.txt file. Thanks to Olivier Macchioni <m...@dax.tuxfinder.com>
             (Closes: #497793, #497797)
           ~ 120_update_homepage.patch: added to update the upstream homepage in
             program help and manpage.
           ~ 130_avoid_buffer_overflow.patch: added to avoid a buffer overflow
             and allows one to build using GCC hardening. (Closes: #807844)
   * debian/watch: created.
Checksums-Sha1:
 dac24bcbb38fe9db1bf1cc8d923aff2b67b239c7 1899 packit_1.0-3.dsc
 e3d1815dadc7fb0526460b649068bc627f70080b 9288 packit_1.0-3.debian.tar.xz
Checksums-Sha256:
 c883c7dfdde9197e3aecea8ee22c36199c5ac562c5a2675345a817704b6f93fc 1899 
packit_1.0-3.dsc
 1f067554a247c4be6e38fbc007c5143ca4e711ca3fdb013611d8e438b314c8e6 9288 
packit_1.0-3.debian.tar.xz
Files:
 55dbfa2c7c4ce79d40adf20acdd48b2a 1899 net optional packit_1.0-3.dsc
 14a40d2e74ce55734f1bd1f5fa2f6eed 9288 net optional packit_1.0-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWcKWgAAoJEN5juccE6+nvGG4P/jLJUxXj3o/kO1cGnZ1xn23q
lymYu4oxX2uLETp6pWIKPqmlPmmXiCswju2nxSCaKIEy+HZiy+7EmITO+PIVb+3R
uhQ22EmRdh6NNKxEfLd5MeMZ9z4jz22UJzS3dhcwKtFhkEvBHICfqw63CjZEPX58
AMyQNrvL1KLGw5bVGmc+/GlZiCe2Hv0Wh+YvkFN90BRzkBGq1Gij6av9XAI9fuwR
rg8a+tyGw7XWAzg6LSuG5RYvkVq2nrBJrT9ibUtQbJ/EuoaAh6ZXw6XH7y+pkvPV
TeEZgzEp/y2nFPSCoDkvLfvYaSz/U5FHLHaMthjZcy/VW1w7L3ZI4PLi9qPUcH2e
UeVNE/YxrEpwlupXEL0kkn3LrHKWA2bzVOQkO/cu4+HhdASEcYsm/Lp7Lf62JTM+
ixIKNyIyzTeT+vzDKZ0QMgeLbZiAWi1ryhbwUm0+dz8aZwKYMO6KlSWNJtdjYoIb
fowV4hQySb6DvGO28SX6Av46/TDUyI5jKpeiiYgG8P2Q1kawMhLno/VPnZOQgIIC
yzcK+LGb1wOHYG5cCil3NVYjuCdvpJj9GquMLcNjH8kya48eO08v3leYEPnFVvTb
yz+jAbFN0MjM7NWnkWAOUOfCyCMTXAYDU/FR9v5bpFgmRXVVsKWayP2FRdCqnVDD
lsso6eNF/sHfUeNVAjEr
=1YYc
-----END PGP SIGNATURE-----

--- End Message ---

Bug#714256: marked as done (packit: Off-by-one string error.)

Reply via email to