Package: release.debian.org Affects: dmitry
The <URL: https://tracker.debian.org/pkg/dmitry > package in stable, version 1.3a-1.2, got a few security issues that could be fixed. These are CVE-2024-31837, CVE-2020-14931 and CVE-2017-7938. I would like to update these in bookworm, and have prepared the change in the git repository, in the debian/bookworm branch. Here is the complete proposed patch, including an update of the maintainer to reflect that the package is orphaned. diff --git a/debian/changelog b/debian/changelog index 2ebd04d..5f23771 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +dmitry (1.3a-1.2+deb12u1) UNRELEASED; urgency=medium + + * QA upload. + + * Fix format string bug (#3). + * Fix handling externally-controlled format strings and buffer overflows + * Do not let frmtdbuff overflow in nic_format_buff. + * Switched maintainer to QA group, to reflect the packages orphaned state. + + -- Petter Reinholdtsen <p...@debian.org> Sat, 13 Jul 2024 12:09:18 +0200 + dmitry (1.3a-1.2) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/control b/debian/control index 7381f4a..1e69a3f 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: dmitry Section: net Priority: extra -Maintainer: Runa Sandvik <runa.sand...@gmail.com> +Maintainer: Debian QA Group <packa...@qa.debian.org> Build-Depends: debhelper-compat (= 13) Standards-Version: 3.8.0 Homepage: http://www.mor-pah.net/index.php?file=projects/dmitry diff --git a/src/dmitry.c b/src/dmitry.c index 2e82f60..d47f231 100644 --- a/src/dmitry.c +++ b/src/dmitry.c @@ -95,7 +95,8 @@ int main(int argc, char **argv) snprintf(outputfile, sizeof(outputfile), "%s.txt", argv[argc-1]); } else { - strcpy(outputfile, optarg); + strncpy(outputfile, optarg, sizeof(outputfile) - 1); + outputfile[sizeof(outputfile) - 1] = '\0'; } break; case 'v': @@ -142,14 +143,16 @@ int main(int argc, char **argv) print_line("ERROR: Unable to locate Host IP addr. for %s\n", argv[argc - 1]); print_line("Continuing with limited modules\n"); } - strcpy(host_name, argv[argc - 1]); + strncpy(host_name, argv[argc - 1], MAXNAMELEN - 1); + host_name[MAXNAMELEN - 1] = '\0'; break; default: if (! get_host(argv[argc - 1], host_name) ) { print_line("ERROR: Unable to locate Host Name for %s\n", argv[argc - 1]); print_line("Continuing with limited modules\n"); } - strcpy(host_ip, argv[argc - 1]); + strncpy(host_ip, argv[argc - 1], MAXIPLEN - 1); + host_ip[MAXIPLEN - 1] = '\0'; break; } print_line("HostIP:%s\n", host_ip); diff --git a/src/iwhois.c b/src/iwhois.c index 6b25e7e..c629013 100644 --- a/src/iwhois.c +++ b/src/iwhois.c @@ -9,11 +9,11 @@ int get_iwhois(char *host) /* Print introduction to function */ memset(linebuff, '\0', sizeof(linebuff)); snprintf(linebuff, sizeof(linebuff), "\nGathered Inet-whois information for %s\n", host); - print_line(linebuff); + print_line("%s", linebuff); memset(linebuff, '\0', sizeof(linebuff)); snprintf(linebuff, sizeof(linebuff), "---------------------------------\n\n"); - print_line(linebuff); + print_line("%s", linebuff); if (! host[0] ){ print_line("ERROR: No Host IP to work from\n"); if ( strlen(outputfile) ) file_close(); diff --git a/src/mailsearch.c b/src/mailsearch.c index 8b72d94..4dcb734 100644 --- a/src/mailsearch.c +++ b/src/mailsearch.c @@ -20,7 +20,10 @@ int get_emails(char *host) } while ( host[ctr] != '\n' && host[ctr] != '\0' ); hostwww[strlen(hostwww)] = '\0'; } - else strcpy(hostwww, host); + else { + strncpy(hostwww, host, sizeof(hostwww) - 1); + hostwww[sizeof(hostwww) - 1] = '\0'; + } if (strlen(outputfile)) file_open(); @@ -76,7 +79,7 @@ int get_emails(char *host) memset(sendbuff, '\0', sizeof(sendbuff)); snprintf(sendbuff, sizeof(sendbuff), "Found %d E-Mail(s) for host %s, Searched %d pages containing %d results\n", emailcount, hostwww, totalpages, totalpages*100); - print_line(sendbuff); + print_line("%s", sendbuff); if (strlen(outputfile)) file_close(); return 0; } @@ -177,7 +180,7 @@ int emaillist(char *email, char *host) strcpy(emailbuff[emailcount], email); snprintf(output, sizeof(output), "%s%s\n", emailbuff[emailcount], host); - print_line(output); + print_line("%s", output); emailcount++; return 0; } diff --git a/src/nwhois.c b/src/nwhois.c index 193f953..54d574a 100644 --- a/src/nwhois.c +++ b/src/nwhois.c @@ -25,11 +25,11 @@ int get_nwhois(char *host) /* Print introduction to function */ memset(linebuff, '\0', sizeof(linebuff)); snprintf(linebuff, sizeof(linebuff), "\nGathered Inic-whois information for %s\n", fhost); - print_line(linebuff); + print_line("%s", linebuff); memset(linebuff, '\0', sizeof(linebuff)); snprintf(linebuff, sizeof(linebuff), "---------------------------------\n"); - print_line(linebuff); + print_line("%s", linebuff); /* TopLevelDomain output */ if (!( hostn = get_td(fhost) )){ @@ -137,6 +137,11 @@ int nic_format_buff(char *buff, int listn) } frmtdbuff[strlen(frmtdbuff)] = buff[ctr]; ctr++; + if (strlen(frmtdbuff) >= sizeof(frmtdbuff) - 1) { + /* frmtdbuff is full, do not let it overflow */ + print_line("%s", frmtdbuff); + memset(frmtdbuff, '\0', sizeof(frmtdbuff)); + } } if ( strlen(frmtdbuff) ) linetodo = 1; return 0; diff --git a/src/subsearch.c b/src/subsearch.c index df6bdff..be42303 100644 --- a/src/subsearch.c +++ b/src/subsearch.c @@ -20,7 +20,10 @@ int get_subdomains(char *host) } while ( host[ctr] != '\n' && host[ctr] != '\0' ); hostwww[strlen(hostwww)] = '\0'; } - else strcpy(hostwww, host); + else { + strncpy(hostwww, host, sizeof(hostwww) - 1); + hostwww[sizeof(hostwww) - 1] = '\0'; + } if (strlen(outputfile)) file_open(); @@ -74,7 +77,7 @@ int get_subdomains(char *host) if (subcount == -1) subcount = 0; memset(sendbuff, '\0', sizeof(sendbuff)); snprintf(sendbuff, sizeof(sendbuff), "Found %d possible subdomain(s) for host %s, Searched %d pages containing %d results\n", subcount, hostwww, totalpages, totalpages*100); - print_line(sendbuff); + print_line("%s", sendbuff); if (strlen(outputfile)) file_close(); return 0; } -- Happy hacking Petter Reinholdtsen
