summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author Matteo Bernardini2018-05-10 13:18:28 +0200
committer Matteo Bernardini2019-08-18 07:53:15 +0200
commitc010ffec1deaf8392d260e739fe51331d510374c (patch)
tree5312a2bee652925ae6118a571dc61ff0187ff0b2
parentd04189e642ca17186cb9b2b5899fa9c12aceb782 (diff)
downloadslackbuilds-ettercap.tar.gz
network/ettercap: Patch for openssl-1.1.x and two CVEs.ettercap
Signed-off-by: Matteo Bernardini <ponce@slackbuilds.org>
-rw-r--r--network/ettercap/ettercap.SlackBuild3
-rw-r--r--network/ettercap/patches/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch257
-rw-r--r--network/ettercap/patches/CVE-2017-6430.patch68
-rw-r--r--network/ettercap/patches/CVE-2017-8366.patch258
4 files changed, 586 insertions, 0 deletions
diff --git a/network/ettercap/ettercap.SlackBuild b/network/ettercap/ettercap.SlackBuild
index f841ef5396..07cb9ca2de 100644
--- a/network/ettercap/ettercap.SlackBuild
+++ b/network/ettercap/ettercap.SlackBuild
@@ -72,6 +72,9 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+# apply some patches from archlinux
+for i in $CWD/patches/*; do patch -p1 < $i ; done
+
mkdir -p build
cd build
cmake \
diff --git a/network/ettercap/patches/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch b/network/ettercap/patches/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch
new file mode 100644
index 0000000000..effc04ec19
--- /dev/null
+++ b/network/ettercap/patches/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch
@@ -0,0 +1,257 @@
+From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001
+From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
+Date: Mon, 27 Jun 2016 12:41:33 +0200
+Subject: [PATCH] First draft of openssl 1.1 compatibility layer (from
+ https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc)
+ Closes: #739
+
+---
+ src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ src/ec_sslwrap.c | 14 ++++++++
+ 2 files changed, 106 insertions(+), 1 deletion(-)
+
+diff --git a/src/dissectors/ec_ssh.c b/src/dissectors/ec_ssh.c
+index f89200dc..26c86491 100644
+--- a/src/dissectors/ec_ssh.c
++++ b/src/dissectors/ec_ssh.c
+@@ -36,6 +36,10 @@
+ #include <openssl/md5.h>
+ #include <zlib.h>
+
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define SMSG_PUBLIC_KEY 2
+ #define CMSG_SESSION_KEY 3
+ #define CMSG_USER 4
+@@ -138,6 +142,11 @@ FUNC_DECODER(dissector_ssh)
+ char tmp[MAX_ASCII_ADDR_LEN];
+ u_int32 ssh_len, ssh_mod;
+ u_char ssh_packet_type, *ptr, *key_to_put;
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *h_n, *s_n, *m_h_n, *m_s_n;
++ BIGNUM *h_e, *s_e, *m_h_e, *m_s_e;
++ BIGNUM *h_d, *s_d, *m_h_d, *m_s_d;
++#endif
+
+ /* don't complain about unused var */
+ (void) DECODE_DATA;
+@@ -383,12 +392,25 @@ FUNC_DECODER(dissector_ssh)
+ if (session_data->ptrkey == NULL) {
+ /* Initialize RSA key structures (other fileds are set to 0) */
+ session_data->serverkey = RSA_new();
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ s_n = BN_new();
++ s_e = BN_new();
++ RSA_set0_key(session_data->serverkey, s_n, s_e, s_d);
++#else
+ session_data->serverkey->n = BN_new();
+ session_data->serverkey->e = BN_new();
++#endif
+
+ session_data->hostkey = RSA_new();
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ h_n = BN_new();
++ h_e = BN_new();
++ RSA_set0_key(session_data->hostkey, h_n, h_e, h_d);
++#else
+ session_data->hostkey->n = BN_new();
+ session_data->hostkey->e = BN_new();
++#endif
+
+ /* Get the RSA Key from the packet */
+ NS_GET32(server_mod,ptr);
+@@ -396,19 +418,37 @@ FUNC_DECODER(dissector_ssh)
+ DEBUG_MSG("Dissector_ssh Bougs Server_Mod");
+ return NULL;
+ }
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d);
++ get_bn(s_e, &ptr);
++ get_bn(s_n, &ptr);
++#else
+ get_bn(session_data->serverkey->e, &ptr);
+ get_bn(session_data->serverkey->n, &ptr);
++#endif
+
+ NS_GET32(host_mod,ptr);
+ if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) {
+ DEBUG_MSG("Dissector_ssh Bougs Host_Mod");
+ return NULL;
+ }
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d);
++ get_bn(h_e, &ptr);
++ get_bn(h_n, &ptr);
++#else
+ get_bn(session_data->hostkey->e, &ptr);
+ get_bn(session_data->hostkey->n, &ptr);
++#endif
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ server_exp = BN_get_word(s_e);
++ host_exp = BN_get_word(h_e);
++#else
+ server_exp = *(session_data->serverkey->e->d);
+ host_exp = *(session_data->hostkey->e->d);
++#endif
+
+ /* Check if we already have a suitable RSA key to substitute */
+ index_ssl = &ssh_conn_key;
+@@ -424,7 +464,7 @@ FUNC_DECODER(dissector_ssh)
+ SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key));
+
+ /* Generate the new key */
+- (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL);
++ (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL);
+ (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL);
+ (*index_ssl)->server_mod = server_mod;
+ (*index_ssl)->host_mod = host_mod;
+@@ -443,11 +483,25 @@ FUNC_DECODER(dissector_ssh)
+
+ /* Put our RSA key in the packet */
+ key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d);
++ put_bn(m_s_e, &key_to_put);
++ put_bn(m_s_n, &key_to_put);
++#else
+ put_bn(session_data->ptrkey->myserverkey->e, &key_to_put);
+ put_bn(session_data->ptrkey->myserverkey->n, &key_to_put);
++#endif
+ key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d);
++ put_bn(m_h_e, &key_to_put);
++ put_bn(m_h_n, &key_to_put);
++#else
+ put_bn(session_data->ptrkey->myhostkey->e, &key_to_put);
+ put_bn(session_data->ptrkey->myhostkey->n, &key_to_put);
++#endif
+
+ /* Recalculate SSH crc */
+ *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO));
+@@ -482,19 +536,34 @@ FUNC_DECODER(dissector_ssh)
+ key_to_put = ptr;
+
+ /* Calculate real session id and our fake session id */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ temp_session_id = ssh_session_id(cookie, h_n, s_n);
++#else
+ temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n);
++#endif
+ if (temp_session_id)
+ memcpy(session_id1, temp_session_id, 16);
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n);
++#else
+ temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n);
++#endif
++
+ if (temp_session_id)
+ memcpy(session_id2, temp_session_id, 16);
+
+ /* Get the session key */
+ enckey = BN_new();
++
+ get_bn(enckey, &ptr);
+
+ /* Decrypt session key */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ if (BN_cmp(m_s_n, m_h_n) > 0) {
++#else
+ if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) {
++#endif
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey);
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey);
+ } else {
+@@ -534,7 +603,11 @@ FUNC_DECODER(dissector_ssh)
+ BN_add_word(bn, sesskey[i]);
+ }
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ if (BN_cmp(s_n, h_n) < 0) {
++#else
+ if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) {
++#endif
+ rsa_public_encrypt(bn, bn, session_data->serverkey);
+ rsa_public_encrypt(bn, bn, session_data->hostkey);
+ } else {
+@@ -716,7 +789,16 @@ static void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
+ u_char *inbuf, *outbuf;
+ int32 len, ilen, olen;
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ RSA_get0_key(key, &n, &e, &d);
++ olen = BN_num_bytes(n);
++#else
+ olen = BN_num_bytes(key->n);
++#endif
++
+ outbuf = malloc(olen);
+ if (outbuf == NULL) /* oops, couldn't allocate memory */
+ return;
+@@ -744,7 +826,16 @@ static void rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
+ u_char *inbuf, *outbuf;
+ int32 len, ilen, olen;
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ RSA_get0_key(key, &n, &e, &d);
++ olen = BN_num_bytes(n);
++#else
+ olen = BN_num_bytes(key->n);
++#endif
++
+ outbuf = malloc(olen);
+ if (outbuf == NULL) /* oops, couldn't allocate memory */
+ return;
+diff --git a/src/ec_sslwrap.c b/src/ec_sslwrap.c
+index c6c74421..6369d251 100644
+--- a/src/ec_sslwrap.c
++++ b/src/ec_sslwrap.c
+@@ -56,6 +56,10 @@
+ #define OPENSSL_NO_KRB5 1
+ #include <openssl/ssl.h>
+
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define BREAK_ON_ERROR(x,y,z) do { \
+ if (x == -E_INVALID) { \
+ SAFE_FREE(z.DATA.disp_data); \
+@@ -1102,9 +1106,19 @@ static X509 *sslw_create_selfsigned(X509 *server_cert)
+ index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1);
+ if (index >=0) {
+ ext = X509_get_ext(server_cert, index);
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ ASN1_OCTET_STRING* data;
++ data = X509_EXTENSION_get_data (ext);
++#endif
+ if (ext) {
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ data->data[7] = 0xe7;
++ data->data[8] = 0x7e;
++ X509_EXTENSION_set_data (ext, data);
++#else
+ ext->value->data[7] = 0xe7;
+ ext->value->data[8] = 0x7e;
++#endif
+ X509_add_ext(out_cert, ext, -1);
+ }
+ }
+--
+2.11.1
+
diff --git a/network/ettercap/patches/CVE-2017-6430.patch b/network/ettercap/patches/CVE-2017-6430.patch
new file mode 100644
index 0000000000..67483dcc02
--- /dev/null
+++ b/network/ettercap/patches/CVE-2017-6430.patch
@@ -0,0 +1,68 @@
+From 4ad7f85dc01202e363659aa473c99470b3f4e1f4 Mon Sep 17 00:00:00 2001
+From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
+Date: Tue, 7 Mar 2017 22:05:31 +0100
+Subject: [PATCH] Fix issue #782
+
+---
+ utils/etterfilter/ef_compiler.c | 4 +++-
+ utils/etterfilter/ef_main.c | 10 +++++++---
+ utils/etterfilter/ef_output.c | 3 +++
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/utils/etterfilter/ef_compiler.c b/utils/etterfilter/ef_compiler.c
+index db876636e..ddb73bd30 100644
+--- a/utils/etterfilter/ef_compiler.c
++++ b/utils/etterfilter/ef_compiler.c
+@@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop)
+ struct filter_op *array = NULL;
+ struct unfold_elm *ue;
+
+- BUG_IF(tree_root == NULL);
++ // invalid file
++ if (tree_root == NULL)
++ return 0;
+
+ fprintf(stdout, " Unfolding the meta-tree ");
+ fflush(stdout);
+diff --git a/utils/etterfilter/ef_main.c b/utils/etterfilter/ef_main.c
+index ae4591344..431084b91 100644
+--- a/utils/etterfilter/ef_main.c
++++ b/utils/etterfilter/ef_main.c
+@@ -39,7 +39,7 @@ struct globals *gbls;
+
+ int main(int argc, char *argv[])
+ {
+-
++ int ret_value = 0;
+ globals_alloc();
+ /* etterfilter copyright */
+ fprintf(stdout, "\n" EC_COLOR_BOLD "%s %s" EC_COLOR_END " copyright %s %s\n\n",
+@@ -84,8 +84,12 @@ int main(int argc, char *argv[])
+ fprintf(stdout, "\n\nThe script contains errors...\n\n");
+
+ /* write to file */
+- if (write_output() != E_SUCCESS)
+- FATAL_ERROR("Cannot write output file (%s)", GBL_OPTIONS->output_file);
++ ret_value = write_output();
++ if (ret_value == -E_NOTHANDLED)
++ FATAL_ERROR("Cannot write output file (%s): the filter is not correctly handled.", GBL_OPTIONS->output_file);
++ else if (ret_value == -E_INVALID)
++ FATAL_ERROR("Cannot write output file (%s): the filter format is not correct. ", GBL_OPTIONS->output_file);
++
+ globals_free();
+ return 0;
+ }
+diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c
+index 5ae591904..fcf19f010 100644
+--- a/utils/etterfilter/ef_output.c
++++ b/utils/etterfilter/ef_output.c
+@@ -51,6 +51,9 @@ int write_output(void)
+ if (fop == NULL)
+ return -E_NOTHANDLED;
+
++ if (ninst == 0)
++ return -E_INVALID;
++
+ /* create the file */
+ fd = open(GBL_OPTIONS->output_file, O_CREAT | O_RDWR | O_TRUNC | O_BINARY, 0644);
+ ON_ERROR(fd, -1, "Can't create file %s", GBL_OPTIONS->output_file);
diff --git a/network/ettercap/patches/CVE-2017-8366.patch b/network/ettercap/patches/CVE-2017-8366.patch
new file mode 100644
index 0000000000..1897e81d79
--- /dev/null
+++ b/network/ettercap/patches/CVE-2017-8366.patch
@@ -0,0 +1,258 @@
+From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe <format_c@online.de>
+Date: Thu, 1 Jun 2017 08:56:23 +0200
+Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type
+
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 90050590f..8e823669c 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -126,7 +126,7 @@ if(NOT DISABLE_RPATH)
+ set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+ set(CMAKE_MACOSX_RPATH 1)
+ endif(NOT DISABLE_RPATH)
+-set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
++set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+ set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+
+ if(OS_DARWIN)
+
+From 044051d302da73e16b0577eb797cd42affba27e5 Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe <format_c@online.de>
+Date: Thu, 1 Jun 2017 08:56:57 +0200
+Subject: [PATCH 2/4] fix buffer over- / underflow conditions
+
+---
+ include/ec_strings.h | 2 +-
+ src/ec_strings.c | 25 +++++++++++++++----------
+ 2 files changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/include/ec_strings.h b/include/ec_strings.h
+index f791739da..9ad245ef3 100644
+--- a/include/ec_strings.h
++++ b/include/ec_strings.h
+@@ -43,7 +43,7 @@
+
+ EC_API_EXTERN int match_pattern(const char *s, const char *pattern);
+ EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded);
+-EC_API_EXTERN int strescape(char *dst, char *src);
++EC_API_EXTERN int strescape(char *dst, char *src, size_t len);
+ EC_API_EXTERN int str_replace(char **text, const char *s, const char *d);
+ EC_API_EXTERN size_t strlen_utf8(const char *s);
+ EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr);
+diff --git a/src/ec_strings.c b/src/ec_strings.c
+index 53583851a..21b71926c 100644
+--- a/src/ec_strings.c
++++ b/src/ec_strings.c
+@@ -167,13 +167,14 @@ static int hextoint(int c)
+ /*
+ * convert the escaped string into a binary one
+ */
+-int strescape(char *dst, char *src)
++int strescape(char *dst, char *src, size_t len)
+ {
+ char *olddst = dst;
++ char *oldsrc = src;
+ int c;
+ int val;
+
+- while ((c = *src++) != '\0') {
++ while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) {
+ if (c == '\\') {
+ switch ((c = *src++)) {
+ case '\0':
+@@ -218,9 +219,11 @@ int strescape(char *dst, char *src)
+ if (c >= '0' && c <= '7')
+ val = (val << 3) | (c - '0');
+ else
+- --src;
++ if (src > oldsrc) /* protect against buffer underflow */
++ --src;
+ } else
+- --src;
++ if (src > oldsrc) /* protect against buffer underflow */
++ --src;
+ *dst++ = (char) val;
+ break;
+
+@@ -232,15 +235,17 @@ int strescape(char *dst, char *src)
+ c = hextoint(*src++);
+ if (c >= 0)
+ val = (val << 4) + c;
+- else
+- --src;
+- } else
+- --src;
++ else if (src > oldsrc) /* protect against buffer underflow */
++ --src;
++ } else if (src > oldsrc) /* protect against buffer underflow */
++ --src;
+ *dst++ = (char) val;
+ break;
+ }
+- } else if (c == 8 || c == 263) /* the backspace */
+- dst--;
++ } else if (c == 8 || c == 263) { /* the backspace */
++ if (dst > oldsrc) /* protect against buffer underflow */
++ dst--;
++ }
+ else
+ *dst++ = (char) c;
+ }
+
+From 19706cf53b189fbc996791cdb4b0d9a1f0feae5f Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe <format_c@online.de>
+Date: Thu, 1 Jun 2017 08:57:54 +0200
+Subject: [PATCH 3/4] adapt calls of strescape() adding strlen
+
+---
+ src/ec_encryption.c | 2 +-
+ src/interfaces/curses/ec_curses_view_connections.c | 2 +-
+ src/interfaces/gtk/ec_gtk_view_connections.c | 2 +-
+ utils/etterfilter/ef_encode.c | 18 ++++++++++++------
+ 4 files changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/src/ec_encryption.c b/src/ec_encryption.c
+index 6c02529c1..3d5056030 100644
+--- a/src/ec_encryption.c
++++ b/src/ec_encryption.c
+@@ -218,7 +218,7 @@ int set_wep_key(char *string)
+
+ if (type == 's') {
+ /* escape the string and check its length */
+- if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len)
++ if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len)
+ SEMIFATAL_ERROR("Specified WEP key length does not match the given string");
+ } else if (type == 'p') {
+ /* create the key from the passphrase */
+diff --git a/src/interfaces/curses/ec_curses_view_connections.c b/src/interfaces/curses/ec_curses_view_connections.c
+index fb52331cf..011c0edf7 100644
+--- a/src/interfaces/curses/ec_curses_view_connections.c
++++ b/src/interfaces/curses/ec_curses_view_connections.c
+@@ -614,7 +614,7 @@ static void inject_user(void)
+ size_t len;
+
+ /* escape the sequnces in the buffer */
+- len = strescape((char*)injectbuf, (char*)injectbuf);
++ len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1);
+
+ /* check where to inject */
+ if (wdg_c1->flags & WDG_OBJ_FOCUSED) {
+diff --git a/src/interfaces/gtk/ec_gtk_view_connections.c b/src/interfaces/gtk/ec_gtk_view_connections.c
+index fa7dfdc58..b55e1755a 100644
+--- a/src/interfaces/gtk/ec_gtk_view_connections.c
++++ b/src/interfaces/gtk/ec_gtk_view_connections.c
+@@ -1627,7 +1627,7 @@ static void gtkui_inject_user(int side)
+ size_t len;
+
+ /* escape the sequnces in the buffer */
+- len = strescape(injectbuf, injectbuf);
++ len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1);
+
+ /* check where to inject */
+ if (side == 1 || side == 2) {
+diff --git a/utils/etterfilter/ef_encode.c b/utils/etterfilter/ef_encode.c
+index d4b9110cd..7e359e062 100644
+--- a/utils/etterfilter/ef_encode.c
++++ b/utils/etterfilter/ef_encode.c
+@@ -136,7 +136,8 @@ int encode_const(char *string, struct filter_op *fop)
+ fop->op.test.string = (u_char*)strdup(string + 1);
+
+ /* escape it in the structure */
+- fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string);
++ fop->op.test.slen = strescape((char*)fop->op.test.string,
++ (char*)fop->op.test.string, strlen(fop->op.test.string)+1);
+
+ return E_SUCCESS;
+
+@@ -184,7 +185,8 @@ int encode_function(char *string, struct filter_op *fop)
+ fop->opcode = FOP_FUNC;
+ fop->op.func.op = FFUNC_SEARCH;
+ fop->op.func.string = (u_char*)strdup(dec_args[1]);
+- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++ fop->op.func.slen = strescape((char*)fop->op.func.string,
++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+ ret = E_SUCCESS;
+ } else
+ SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
+@@ -202,7 +204,8 @@ int encode_function(char *string, struct filter_op *fop)
+ fop->opcode = FOP_FUNC;
+ fop->op.func.op = FFUNC_REGEX;
+ fop->op.func.string = (u_char*)strdup(dec_args[1]);
+- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++ fop->op.func.slen = strescape((char*)fop->op.func.string,
++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+ ret = E_SUCCESS;
+ } else
+ SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
+@@ -272,9 +275,11 @@ int encode_function(char *string, struct filter_op *fop)
+ /* replace always operate at DATA level */
+ fop->op.func.level = 5;
+ fop->op.func.string = (u_char*)strdup(dec_args[0]);
+- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++ fop->op.func.slen = strescape((char*)fop->op.func.string,
++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+ fop->op.func.replace = (u_char*)strdup(dec_args[1]);
+- fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace);
++ fop->op.func.rlen = strescape((char*)fop->op.func.replace,
++ (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1);
+ ret = E_SUCCESS;
+ } else
+ SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
+@@ -328,7 +333,8 @@ int encode_function(char *string, struct filter_op *fop)
+ if (nargs == 1) {
+ fop->op.func.op = FFUNC_MSG;
+ fop->op.func.string = (u_char*)strdup(dec_args[0]);
+- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++ fop->op.func.slen = strescape((char*)fop->op.func.string,
++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+ ret = E_SUCCESS;
+ } else
+ SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
+
+From b005d55d4eae444c5be14eb792b50657a14c7b1d Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe <format_c@online.de>
+Date: Sun, 4 Jun 2017 08:09:04 +0200
+Subject: [PATCH 4/4] Only add ASAN flags depeding on compiler version
+
+---
+ CMakeLists.txt | 22 +++++++++++++++++++++-
+ 1 file changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 8e823669c..8f7c7c368 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -126,7 +126,27 @@ if(NOT DISABLE_RPATH)
+ set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+ set(CMAKE_MACOSX_RPATH 1)
+ endif(NOT DISABLE_RPATH)
+-set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
++
++# set general build flags for debug build-type
++set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
++# append ASAN build flags if compiler version has support
++if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
++ message("Building with ASAN support (GNU compiler)")
++ else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++ message("Building without ASAN support (GNU compiler)")
++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
++ message("Building with ASAN support (Clang compiler)")
++ elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++ message("Building without ASAN support (Clang compiler)")
++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
++
++# set build flags for release build-type
+ set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+
+ if(OS_DARWIN)