commit: c02681fcb7839ac1829ec09394334ddbca1b0aea Author: Jeroen Roovers <jer <AT> gentoo <DOT> org> AuthorDate: Wed Jul 22 07:21:32 2020 +0000 Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org> CommitDate: Wed Jul 22 07:22:17 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c02681fc
net-libs/nDPI: Add fix for oob in kerberos dissector Package-Manager: Portage-3.0.0, Repoman-2.3.23 Bug: https://bugs.gentoo.org/719084 Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org> ...PI-3.2-0005-Fix-oob-in-kerberos-dissector.patch | 23 ++++++++ net-libs/nDPI/nDPI-3.2-r2.ebuild | 65 ++++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/net-libs/nDPI/files/nDPI-3.2-0005-Fix-oob-in-kerberos-dissector.patch b/net-libs/nDPI/files/nDPI-3.2-0005-Fix-oob-in-kerberos-dissector.patch new file mode 100644 index 00000000000..cd34875890c --- /dev/null +++ b/net-libs/nDPI/files/nDPI-3.2-0005-Fix-oob-in-kerberos-dissector.patch @@ -0,0 +1,23 @@ +From 6735bb35c65c60a777557c3277546d5801729995 Mon Sep 17 00:00:00 2001 +From: Alfredo Cardigliano <[email protected]> +Date: Tue, 21 Jul 2020 00:46:37 +0200 +Subject: [PATCH] Fix oob in kerberos dissector + +--- + src/lib/protocols/kerberos.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c +index 2bacbf51..2ed824fa 100644 +--- a/src/lib/protocols/kerberos.c ++++ b/src/lib/protocols/kerberos.c +@@ -185,7 +185,8 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, + + body_offset = koffsetp + 1 + pad_len; + +- for(i=0; i<10; i++) if(packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */ ++ for(i=0; i<10 && body_offset < packet->payload_packet_len; i++) ++ if(packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */ + #ifdef KERBEROS_DEBUG + printf("body_offset=%u [%02X %02X] [byte 0 must be 0x05]\n", body_offset, packet->payload[body_offset], packet->payload[body_offset+1]); + #endif diff --git a/net-libs/nDPI/nDPI-3.2-r2.ebuild b/net-libs/nDPI/nDPI-3.2-r2.ebuild new file mode 100644 index 00000000000..12a23bb316a --- /dev/null +++ b/net-libs/nDPI/nDPI-3.2-r2.ebuild @@ -0,0 +1,65 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit autotools multilib + +DESCRIPTION="Open Source Deep Packet Inspection Software Toolkit" +HOMEPAGE="https://www.ntop.org/"; +SRC_URI="https://github.com/ntop/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0/$(ver_cut 1)" +KEYWORDS="~amd64 ~x86" +IUSE="static-libs" + +DEPEND=" + dev-libs/json-c:= + net-libs/libpcap +" +RDEPEND=" + ${DEPEND} +" +PATCHES=( + "${FILESDIR}"/${PN}-3.2-0000-Check-NULL-strings-in-ndpi_serialize_string_string.patch + "${FILESDIR}"/${PN}-3.2-0001-Added-fix-for-serialization-loop.patch + "${FILESDIR}"/${PN}-3.2-0002-Refresh-of-ndpi_netbios_name_interpret.patch + "${FILESDIR}"/${PN}-3.2-0003-Fixed-invalid-allocation.patch + "${FILESDIR}"/${PN}-3.2-0004-Fix-for-serialization-of-strings-where-the-first-element-is-a-zero-le.patch + "${FILESDIR}"/${PN}-3.2-0005-Fix-oob-in-kerberos-dissector.patch +) + +src_prepare() { + eval $(grep '^NDPI_MAJOR=' autogen.sh) + eval $(grep '^NDPI_MINOR=' autogen.sh) + eval $(grep '^NDPI_PATCH=' autogen.sh) + NDPI_VERSION_SHORT="${NDPI_MAJOR}.${NDPI_MINOR}.${NDPI_PATCH}" + + sed \ + -e "s/@NDPI_MAJOR@/${NDPI_MAJOR}/g" \ + -e "s/@NDPI_MINOR@/${NDPI_MINOR}/g" \ + -e "s/@NDPI_PATCH@/${NDPI_PATCH}/g" \ + -e "s/@NDPI_VERSION_SHORT@/${NDPI_VERSION_SHORT}/g" \ + < "${S}/configure.seed" \ + > "${S}/configure.ac" || die + + sed -i \ + -e "s%^libdir\s*=\s*\${prefix}/lib\s*$%libdir = \${prefix}/$(get_libdir)%" \ + src/lib/Makefile.in || die + + default + eautoreconf + + # Taken from autogen.sh (bug #704074): + sed -i \ + -e "s/#define PACKAGE/#define NDPI_PACKAGE/g" \ + -e "s/#define VERSION/#define NDPI_VERSION/g" \ + configure || die +} + +src_install() { + default + if ! use static-libs; then + rm "${D}"/usr/$(get_libdir)/lib${PN,,}.a || die + fi +}
