[gentoo-commits] gentoo-x86 commit in net-ftp/netkit-tftp/files: netkit-tftp-0.17-overflow.patch - gentoo-commits

From:	"Diego Petteno (flameeyes)" <flameeyes@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-ftp/netkit-tftp/files: netkit-tftp-0.17-overflow.patch
Date:	Sun, 08 Jul 2012 17:42:22
Message-Id:	`20120708174200.8239520066@flycatcher.gentoo.org`

1

flameeyes    12/07/08 17:42:00

2

3

  Added:                netkit-tftp-0.17-overflow.patch

4

  Log:

5

  Add a patch to fix the overflow reported in bug #425184. Probably still worth of last riting though.

6

7

  (Portage version: 2.2.0_alpha116/cvs/Linux x86_64)

8

9

Revision  Changes    Path

10

1.1                  net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch?rev=1.1&content-type=text/plain

14

15

Index: netkit-tftp-0.17-overflow.patch

16

===================================================================

17

Index: netkit-tftp-0.17/tftp/tftp.c

18

===================================================================

19

--- netkit-tftp-0.17.orig/tftp/tftp.c

20

+++ netkit-tftp-0.17/tftp/tftp.c

21

@@ -56,6 +56,7 @@ char tftp_rcsid[] =

22

 #include <setjmp.h>

23

 #include <unistd.h>

24

 #include <string.h>

25

+#include <stddef.h>

26

27

 #include "tftpsubs.h"

28

29

@@ -78,7 +79,7 @@ static sigjmp_buf timeoutbuf;

30

31

32

 static int makerequest(int request, char *name, 

33

-		       struct tftphdr *tp, char *mode);

34

+		       char *hdr, char *mode);

35

 static void nak(int errnor);

36

 static void tpacket(const char *s, struct tftphdr *tp, int n);

37

 static void startclock(void);

38

@@ -126,7 +127,7 @@ sendfile(int fd, char *name, char *mode)

39

 	mysignal(SIGALRM, timer);

40

 	do {

41

 		if (firsttrip) {

42

-			size = makerequest(WRQ, name, dp, mode) - 4;

43

+		  size = makerequest(WRQ, name, (char*)dp, mode) - 4;

44

}

45

 		else {

46

 		/*      size = read(fd, dp->th_data, SEGSIZE);   */

47

@@ -238,7 +239,7 @@ recvfile(int fd, char *name, char *mode)

48

 	mysignal(SIGALRM, timer);

49

 	do {

50

 		if (firsttrip) {

51

-			size = makerequest(RRQ, name, ap, mode);

52

+			size = makerequest(RRQ, name, ackbuf, mode);

53

 			firsttrip = 0;

54

 		} else {

55

 			ap->th_opcode = htons((u_short)ACK);

56

@@ -320,12 +321,13 @@ abort:

57

}

58

59

int

60

-makerequest(int request, char *name, struct tftphdr *tp, char *mode)

61

+makerequest(int request, char *name, char *hdr, char *mode)

62

{

63

 	register char *cp;

64

+	struct tftphdr *tp = (struct tftphdr*)hdr;

65

66

 	tp->th_opcode = htons((u_short)request);

67

-	cp = tp->th_stuff;

68

+	cp = hdr + offsetof(struct tftphdr, th_stuff);

69

 	strcpy(cp, name);

70

 	cp += strlen(name);

71

 	*cp++ = '\0';

1	flameeyes 12/07/08 17:42:00
2
3	Added: netkit-tftp-0.17-overflow.patch
4	Log:
5	Add a patch to fix the overflow reported in bug #425184. Probably still worth of last riting though.
6
7	(Portage version: 2.2.0_alpha116/cvs/Linux x86_64)
8
9	Revision Changes Path
10	1.1 net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-ftp/netkit-tftp/files/netkit-tftp-0.17-overflow.patch?rev=1.1&content-type=text/plain
14
15	Index: netkit-tftp-0.17-overflow.patch
16	===================================================================
17	Index: netkit-tftp-0.17/tftp/tftp.c
18	===================================================================
19	--- netkit-tftp-0.17.orig/tftp/tftp.c
20	+++ netkit-tftp-0.17/tftp/tftp.c
21	@@ -56,6 +56,7 @@ char tftp_rcsid[] =
22	#include <setjmp.h>
23	#include <unistd.h>
24	#include <string.h>
25	+#include <stddef.h>
26
27	#include "tftpsubs.h"
28
29	@@ -78,7 +79,7 @@ static sigjmp_buf timeoutbuf;
30
31
32	static int makerequest(int request, char *name,
33	- struct tftphdr tp, char mode);
34	+ char hdr, char mode);
35	static void nak(int errnor);
36	static void tpacket(const char s, struct tftphdr tp, int n);
37	static void startclock(void);
38	@@ -126,7 +127,7 @@ sendfile(int fd, char name, char mode)
39	mysignal(SIGALRM, timer);
40	do {
41	if (firsttrip) {
42	- size = makerequest(WRQ, name, dp, mode) - 4;
43	+ size = makerequest(WRQ, name, (char*)dp, mode) - 4;
44	}
45	else {
46	/* size = read(fd, dp->th_data, SEGSIZE); */
47	@@ -238,7 +239,7 @@ recvfile(int fd, char name, char mode)
48	mysignal(SIGALRM, timer);
49	do {
50	if (firsttrip) {
51	- size = makerequest(RRQ, name, ap, mode);
52	+ size = makerequest(RRQ, name, ackbuf, mode);
53	firsttrip = 0;
54	} else {
55	ap->th_opcode = htons((u_short)ACK);
56	@@ -320,12 +321,13 @@ abort:
57	}
58
59	int
60	-makerequest(int request, char name, struct tftphdr tp, char *mode)
61	+makerequest(int request, char name, char hdr, char *mode)
62	{
63	register char *cp;
64	+ struct tftphdr tp = (struct tftphdr)hdr;
65
66	tp->th_opcode = htons((u_short)request);
67	- cp = tp->th_stuff;
68	+ cp = hdr + offsetof(struct tftphdr, th_stuff);
69	strcpy(cp, name);
70	cp += strlen(name);
71	*cp++ = '\0';

Gentoo Archives: gentoo-commits