1 |
pva 10/10/29 13:41:07 |
2 |
|
3 |
Added: tcpreplay-3.4.4-crash.patch |
4 |
Log: |
5 |
Fix buffer overflow (bug #336605) in stable version. |
6 |
|
7 |
(Portage version: 2.1.9.22/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-analyzer/tcpreplay/files/tcpreplay-3.4.4-crash.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpreplay/files/tcpreplay-3.4.4-crash.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/tcpreplay/files/tcpreplay-3.4.4-crash.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: tcpreplay-3.4.4-crash.patch |
16 |
=================================================================== |
17 |
=== modified file 'src/common/cidr.c' |
18 |
--- src/common/cidr.c 2010-10-29 13:00:54 +0000 |
19 |
+++ src/common/cidr.c 2010-10-29 13:09:01 +0000 |
20 |
@@ -85,11 +85,12 @@ |
21 |
destroy_cidr(tcpr_cidr_t * cidr) |
22 |
{ |
23 |
|
24 |
- if (cidr != NULL) |
25 |
+ if (cidr != NULL) { |
26 |
if (cidr->next != NULL) |
27 |
destroy_cidr(cidr->next); |
28 |
|
29 |
- safe_free(cidr); |
30 |
+ safe_free(cidr); |
31 |
+ } |
32 |
return; |
33 |
|
34 |
} |
35 |
@@ -667,7 +668,7 @@ |
36 |
cidr2iplist(tcpr_cidr_t * cidr, char delim) |
37 |
{ |
38 |
char *list = NULL; |
39 |
- char ipaddr[16]; |
40 |
+ char ipaddr[16], tempbuff[20]; |
41 |
u_int32_t size, addr, first, last, numips; |
42 |
struct in_addr in; |
43 |
|
44 |
@@ -694,7 +695,8 @@ |
45 |
/* loop through all but the last one */ |
46 |
for (addr = first; addr < last; addr++) { |
47 |
in.s_addr = htonl(addr); |
48 |
- snprintf(ipaddr, 17, "%s%c", inet_ntoa(in), delim); |
49 |
+ snprintf(tempbuff, 17, "%s%c", inet_ntoa(in), delim); |
50 |
+ memcpy(ipaddr, tempbuff, 16); |
51 |
dbgx(2, "%s", ipaddr); |
52 |
strlcat(list, ipaddr, size); |
53 |
} |