diff options
author | Matteo Bernardini | 2019-02-23 07:59:47 +0100 |
---|---|---|
committer | Matteo Bernardini | 2019-02-23 07:59:47 +0100 |
commit | 1e0504fb667c2e46b7658648e95f6bec2232b005 (patch) | |
tree | 59f57dadb63234845f17b82010dc7c5fc11e1446 /network/ettercap/patches/CVE-2017-8366.patch | |
parent | 56fec0e2e3a00a31f6b83d66093db60a3bbb19f4 (diff) | |
download | slackbuilds-current-20190223.1.tar.gz |
20190223.1 global branch merge.current-20190223.1
Signed-off-by: Matteo Bernardini <ponce@slackbuilds.org>
Diffstat (limited to 'network/ettercap/patches/CVE-2017-8366.patch')
-rw-r--r-- | network/ettercap/patches/CVE-2017-8366.patch | 258 |
1 files changed, 258 insertions, 0 deletions
diff --git a/network/ettercap/patches/CVE-2017-8366.patch b/network/ettercap/patches/CVE-2017-8366.patch new file mode 100644 index 0000000000..1897e81d79 --- /dev/null +++ b/network/ettercap/patches/CVE-2017-8366.patch @@ -0,0 +1,258 @@ +From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001 +From: Alexander Koeppe <format_c@online.de> +Date: Thu, 1 Jun 2017 08:56:23 +0200 +Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type + +--- + CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 90050590f..8e823669c 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -126,7 +126,7 @@ if(NOT DISABLE_RPATH) + set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) + set(CMAKE_MACOSX_RPATH 1) + endif(NOT DISABLE_RPATH) +-set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE) ++set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) + set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE) + + if(OS_DARWIN) + +From 044051d302da73e16b0577eb797cd42affba27e5 Mon Sep 17 00:00:00 2001 +From: Alexander Koeppe <format_c@online.de> +Date: Thu, 1 Jun 2017 08:56:57 +0200 +Subject: [PATCH 2/4] fix buffer over- / underflow conditions + +--- + include/ec_strings.h | 2 +- + src/ec_strings.c | 25 +++++++++++++++---------- + 2 files changed, 16 insertions(+), 11 deletions(-) + +diff --git a/include/ec_strings.h b/include/ec_strings.h +index f791739da..9ad245ef3 100644 +--- a/include/ec_strings.h ++++ b/include/ec_strings.h +@@ -43,7 +43,7 @@ + + EC_API_EXTERN int match_pattern(const char *s, const char *pattern); + EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded); +-EC_API_EXTERN int strescape(char *dst, char *src); ++EC_API_EXTERN int strescape(char *dst, char *src, size_t len); + EC_API_EXTERN int str_replace(char **text, const char *s, const char *d); + EC_API_EXTERN size_t strlen_utf8(const char *s); + EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr); +diff --git a/src/ec_strings.c b/src/ec_strings.c +index 53583851a..21b71926c 100644 +--- a/src/ec_strings.c ++++ b/src/ec_strings.c +@@ -167,13 +167,14 @@ static int hextoint(int c) + /* + * convert the escaped string into a binary one + */ +-int strescape(char *dst, char *src) ++int strescape(char *dst, char *src, size_t len) + { + char *olddst = dst; ++ char *oldsrc = src; + int c; + int val; + +- while ((c = *src++) != '\0') { ++ while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) { + if (c == '\\') { + switch ((c = *src++)) { + case '\0': +@@ -218,9 +219,11 @@ int strescape(char *dst, char *src) + if (c >= '0' && c <= '7') + val = (val << 3) | (c - '0'); + else +- --src; ++ if (src > oldsrc) /* protect against buffer underflow */ ++ --src; + } else +- --src; ++ if (src > oldsrc) /* protect against buffer underflow */ ++ --src; + *dst++ = (char) val; + break; + +@@ -232,15 +235,17 @@ int strescape(char *dst, char *src) + c = hextoint(*src++); + if (c >= 0) + val = (val << 4) + c; +- else +- --src; +- } else +- --src; ++ else if (src > oldsrc) /* protect against buffer underflow */ ++ --src; ++ } else if (src > oldsrc) /* protect against buffer underflow */ ++ --src; + *dst++ = (char) val; + break; + } +- } else if (c == 8 || c == 263) /* the backspace */ +- dst--; ++ } else if (c == 8 || c == 263) { /* the backspace */ ++ if (dst > oldsrc) /* protect against buffer underflow */ ++ dst--; ++ } + else + *dst++ = (char) c; + } + +From 19706cf53b189fbc996791cdb4b0d9a1f0feae5f Mon Sep 17 00:00:00 2001 +From: Alexander Koeppe <format_c@online.de> +Date: Thu, 1 Jun 2017 08:57:54 +0200 +Subject: [PATCH 3/4] adapt calls of strescape() adding strlen + +--- + src/ec_encryption.c | 2 +- + src/interfaces/curses/ec_curses_view_connections.c | 2 +- + src/interfaces/gtk/ec_gtk_view_connections.c | 2 +- + utils/etterfilter/ef_encode.c | 18 ++++++++++++------ + 4 files changed, 15 insertions(+), 9 deletions(-) + +diff --git a/src/ec_encryption.c b/src/ec_encryption.c +index 6c02529c1..3d5056030 100644 +--- a/src/ec_encryption.c ++++ b/src/ec_encryption.c +@@ -218,7 +218,7 @@ int set_wep_key(char *string) + + if (type == 's') { + /* escape the string and check its length */ +- if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len) ++ if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len) + SEMIFATAL_ERROR("Specified WEP key length does not match the given string"); + } else if (type == 'p') { + /* create the key from the passphrase */ +diff --git a/src/interfaces/curses/ec_curses_view_connections.c b/src/interfaces/curses/ec_curses_view_connections.c +index fb52331cf..011c0edf7 100644 +--- a/src/interfaces/curses/ec_curses_view_connections.c ++++ b/src/interfaces/curses/ec_curses_view_connections.c +@@ -614,7 +614,7 @@ static void inject_user(void) + size_t len; + + /* escape the sequnces in the buffer */ +- len = strescape((char*)injectbuf, (char*)injectbuf); ++ len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1); + + /* check where to inject */ + if (wdg_c1->flags & WDG_OBJ_FOCUSED) { +diff --git a/src/interfaces/gtk/ec_gtk_view_connections.c b/src/interfaces/gtk/ec_gtk_view_connections.c +index fa7dfdc58..b55e1755a 100644 +--- a/src/interfaces/gtk/ec_gtk_view_connections.c ++++ b/src/interfaces/gtk/ec_gtk_view_connections.c +@@ -1627,7 +1627,7 @@ static void gtkui_inject_user(int side) + size_t len; + + /* escape the sequnces in the buffer */ +- len = strescape(injectbuf, injectbuf); ++ len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1); + + /* check where to inject */ + if (side == 1 || side == 2) { +diff --git a/utils/etterfilter/ef_encode.c b/utils/etterfilter/ef_encode.c +index d4b9110cd..7e359e062 100644 +--- a/utils/etterfilter/ef_encode.c ++++ b/utils/etterfilter/ef_encode.c +@@ -136,7 +136,8 @@ int encode_const(char *string, struct filter_op *fop) + fop->op.test.string = (u_char*)strdup(string + 1); + + /* escape it in the structure */ +- fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string); ++ fop->op.test.slen = strescape((char*)fop->op.test.string, ++ (char*)fop->op.test.string, strlen(fop->op.test.string)+1); + + return E_SUCCESS; + +@@ -184,7 +185,8 @@ int encode_function(char *string, struct filter_op *fop) + fop->opcode = FOP_FUNC; + fop->op.func.op = FFUNC_SEARCH; + fop->op.func.string = (u_char*)strdup(dec_args[1]); +- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); ++ fop->op.func.slen = strescape((char*)fop->op.func.string, ++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); + ret = E_SUCCESS; + } else + SCRIPT_ERROR("Unknown offset %s ", dec_args[0]); +@@ -202,7 +204,8 @@ int encode_function(char *string, struct filter_op *fop) + fop->opcode = FOP_FUNC; + fop->op.func.op = FFUNC_REGEX; + fop->op.func.string = (u_char*)strdup(dec_args[1]); +- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); ++ fop->op.func.slen = strescape((char*)fop->op.func.string, ++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); + ret = E_SUCCESS; + } else + SCRIPT_ERROR("Unknown offset %s ", dec_args[0]); +@@ -272,9 +275,11 @@ int encode_function(char *string, struct filter_op *fop) + /* replace always operate at DATA level */ + fop->op.func.level = 5; + fop->op.func.string = (u_char*)strdup(dec_args[0]); +- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); ++ fop->op.func.slen = strescape((char*)fop->op.func.string, ++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); + fop->op.func.replace = (u_char*)strdup(dec_args[1]); +- fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace); ++ fop->op.func.rlen = strescape((char*)fop->op.func.replace, ++ (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1); + ret = E_SUCCESS; + } else + SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name); +@@ -328,7 +333,8 @@ int encode_function(char *string, struct filter_op *fop) + if (nargs == 1) { + fop->op.func.op = FFUNC_MSG; + fop->op.func.string = (u_char*)strdup(dec_args[0]); +- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); ++ fop->op.func.slen = strescape((char*)fop->op.func.string, ++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); + ret = E_SUCCESS; + } else + SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name); + +From b005d55d4eae444c5be14eb792b50657a14c7b1d Mon Sep 17 00:00:00 2001 +From: Alexander Koeppe <format_c@online.de> +Date: Sun, 4 Jun 2017 08:09:04 +0200 +Subject: [PATCH 4/4] Only add ASAN flags depeding on compiler version + +--- + CMakeLists.txt | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 8e823669c..8f7c7c368 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -126,7 +126,27 @@ if(NOT DISABLE_RPATH) + set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) + set(CMAKE_MACOSX_RPATH 1) + endif(NOT DISABLE_RPATH) +-set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) ++ ++# set general build flags for debug build-type ++set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE) ++# append ASAN build flags if compiler version has support ++if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") ++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) ++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) ++ message("Building with ASAN support (GNU compiler)") ++ else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) ++ message("Building without ASAN support (GNU compiler)") ++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) ++elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang") ++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) ++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) ++ message("Building with ASAN support (Clang compiler)") ++ elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) ++ message("Building without ASAN support (Clang compiler)") ++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) ++endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") ++ ++# set build flags for release build-type + set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE) + + if(OS_DARWIN) |