[Frugalware-darcs] frugalware-0.6: tcpdump-3.9.5-3terminus1-i686

VMiklos vmiklos at frugalware.org
Sun Jul 29 16:53:23 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070729145206-e2957-6068a2a9ebe5e0486b3f076bb794ddbb08c21f3d.gz;

[tcpdump-3.9.5-3terminus1-i686
VMiklos <vmiklos at frugalware.org>**20070729145206
 added CVE-2007-3798.patch
 closes #2270
] {
addfile ./source/network/tcpdump/CVE-2007-3798.patch
hunk ./source/network/tcpdump/CVE-2007-3798.patch 1
+===================================================================
+RCS file: /tcpdump/master/tcpdump/print-bgp.c,v
+retrieving revision 1.91.2.11
+retrieving revision 1.91.2.12
+diff -u -r1.91.2.11 -r1.91.2.12
+--- tcpdump/print-bgp.c	2007/02/26 13:31:33	1.91.2.11
++++ tcpdump/print-bgp.c	2007/07/14 22:26:35	1.91.2.12
+@@ -36,7 +36,7 @@
+ 
+ #ifndef lint
+ static const char rcsid[] _U_ =
+-     "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.91.2.9 2006/02/02 12:36:46 hannes Exp $";
++     "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.91.2.12 2007/07/14 22:26:35 guy Exp $";
+ #endif
+ 
+ #include <tcpdump-stdinc.h>
+@@ -609,6 +609,26 @@
+ 	return -2;
+ }
+ 
++/*
++ * As I remember, some versions of systems have an snprintf() that
++ * returns -1 if the buffer would have overflowed.  If the return
++ * value is negative, set buflen to 0, to indicate that we've filled
++ * the buffer up.
++ *
++ * If the return value is greater than buflen, that means that
++ * the buffer would have overflowed; again, set buflen to 0 in
++ * that case.
++ */
++#define UPDATE_BUF_BUFLEN(buf, buflen, strlen) \
++    if (strlen<0) \
++       	buflen=0; \
++    else if ((u_int)strlen>buflen) \
++        buflen=0; \
++    else { \
++        buflen-=strlen; \
++	buf+=strlen; \
++    }
++
+ static int
+ decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
+ {
+@@ -619,11 +639,13 @@
+         tlen=plen;
+         pptr+=2;
+ 	TCHECK2(pptr[0],15);
++	buf[0]='\0';
+         strlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u",
+                         bgp_vpn_rd_print(pptr),
+                         EXTRACT_16BITS(pptr+8),
+                         EXTRACT_16BITS(pptr+10),
+                         EXTRACT_24BITS(pptr+12)>>4); /* the label is offsetted by 4 bits so lets shift it right */
++        UPDATE_BUF_BUFLEN(buf, buflen, strlen);
+         pptr+=15;
+         tlen-=15;
+ 
+@@ -639,23 +661,32 @@
+ 
+             switch(tlv_type) {
+             case 1:
+-                strlen+=snprintf(buf+strlen,buflen-strlen, "\n\t\tcircuit status vector (%u) length: %u: 0x",
+-                                 tlv_type,
+-                                 tlv_len);
++                if (buflen!=0) {
++                    strlen=snprintf(buf,buflen, "\n\t\tcircuit status vector (%u) length: %u: 0x",
++                                    tlv_type,
++                                    tlv_len);
++                    UPDATE_BUF_BUFLEN(buf, buflen, strlen);
++                }
+                 ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */
+                 while (ttlv_len>0) {
+                     TCHECK(pptr[0]);
+-                    strlen+=snprintf(buf+strlen,buflen-strlen, "%02x",*pptr++);
++                    if (buflen!=0) {
++                        strlen=snprintf(buf,buflen, "%02x",*pptr++);
++                        UPDATE_BUF_BUFLEN(buf, buflen, strlen);
++                    }
+                     ttlv_len--;
+                 }
+                 break;
+             default:
+-                snprintf(buf+strlen,buflen-strlen, "\n\t\tunknown TLV #%u, length: %u",
+-                         tlv_type,
+-                         tlv_len);
++                if (buflen!=0) {
++                    strlen=snprintf(buf,buflen, "\n\t\tunknown TLV #%u, length: %u",
++                                    tlv_type,
++                                    tlv_len);
++                    UPDATE_BUF_BUFLEN(buf, buflen, strlen);
++                }
+                 break;
+             }
+-            tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so lets shift it tright */
++            tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so lets shift it right */
+         }
+         return plen+2;
+
hunk ./source/network/tcpdump/FrugalBuild 7
-pkgrel=2
+pkgrel=3terminus1
hunk ./source/network/tcpdump/FrugalBuild 13
-source=($url/release/$pkgname-$pkgver.tar.gz CVE-2007-1218.patch)
+source=($url/release/$pkgname-$pkgver.tar.gz CVE-2007-1218.patch CVE-2007-3798.patch)
hunk ./source/network/tcpdump/FrugalBuild 16
-sha1sums=('a9850177809196008ed3e6212cb651ed1500353c'\
-          '329385e248a9e28793095caa618fbd7826cd937f')
+sha1sums=('a9850177809196008ed3e6212cb651ed1500353c' \
+          '329385e248a9e28793095caa618fbd7826cd937f' \
+          'e347e948bf47994c770d35d3a5d1753e723b51e3')
}


More information about the Frugalware-darcs mailing list