| 1 |
pva 10/10/29 13:41:07 |
| 2 |
|
| 3 |
Added: tcpreplay-3.4.4-crash.patch |
| 4 |
Log: |
| 5 |
Fix buffer overflow (bug #336605) in stable version. |
| 6 |
|
| 7 |
(Portage version: 2.1.9.22/cvs/Linux x86_64) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 net-analyzer/tcpreplay/files/tcpreplay-3.4.4-crash.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpreplay/files/tcpreplay-3.4.4-crash.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpreplay/files/tcpreplay-3.4.4-crash.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: tcpreplay-3.4.4-crash.patch |
| 16 |
=================================================================== |
| 17 |
=== modified file 'src/common/cidr.c' |
| 18 |
--- src/common/cidr.c 2010-10-29 13:00:54 +0000 |
| 19 |
+++ src/common/cidr.c 2010-10-29 13:09:01 +0000 |
| 20 |
@@ -85,11 +85,12 @@ |
| 21 |
destroy_cidr(tcpr_cidr_t * cidr) |
| 22 |
{ |
| 23 |
|
| 24 |
- if (cidr != NULL) |
| 25 |
+ if (cidr != NULL) { |
| 26 |
if (cidr->next != NULL) |
| 27 |
destroy_cidr(cidr->next); |
| 28 |
|
| 29 |
- safe_free(cidr); |
| 30 |
+ safe_free(cidr); |
| 31 |
+ } |
| 32 |
return; |
| 33 |
|
| 34 |
} |
| 35 |
@@ -667,7 +668,7 @@ |
| 36 |
cidr2iplist(tcpr_cidr_t * cidr, char delim) |
| 37 |
{ |
| 38 |
char *list = NULL; |
| 39 |
- char ipaddr[16]; |
| 40 |
+ char ipaddr[16], tempbuff[20]; |
| 41 |
u_int32_t size, addr, first, last, numips; |
| 42 |
struct in_addr in; |
| 43 |
|
| 44 |
@@ -694,7 +695,8 @@ |
| 45 |
/* loop through all but the last one */ |
| 46 |
for (addr = first; addr < last; addr++) { |
| 47 |
in.s_addr = htonl(addr); |
| 48 |
- snprintf(ipaddr, 17, "%s%c", inet_ntoa(in), delim); |
| 49 |
+ snprintf(tempbuff, 17, "%s%c", inet_ntoa(in), delim); |
| 50 |
+ memcpy(ipaddr, tempbuff, 16); |
| 51 |
dbgx(2, "%s", ipaddr); |
| 52 |
strlcat(list, ipaddr, size); |
| 53 |
} |
Archives