1
Description: <short summary of the patch>
2
TODO: Put a short summary on the line above and replace this paragraph
3
with a longer explanation of this change. Complete the meta-information
4
with other relevant fields (see below for details). To make it easier, the
5
information below has been extracted from the changelog. Adjust it or drop
8
ettercap (1:0.7.5.1-3) unstable; urgency=low
10
* remove bogus but harmlessly dead code from patch for CVE-2013-0722
11
Author: Barak A. Pearlmutter <bap@debian.org>
14
The information above should follow the Patch Tagging Guidelines, please
15
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
16
are templates for supplementary fields that you might want to add:
18
Origin: <vendor|upstream|other>, <url of original patch>
19
Bug: <url in upstream bugtracker>
20
Bug-Debian: http://bugs.debian.org/<bugnumber>
21
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
22
Forwarded: <no|not-needed|url proving that it has been forwarded>
23
Reviewed-By: <name and email of someone who approved the patch>
24
Last-Update: <YYYY-MM-DD>
26
--- ettercap-0.7.5.1.orig/include/ec_inet.h
27
+++ ettercap-0.7.5.1/include/ec_inet.h
40
+#define ETH_ADDR_LEN 6
41
+#define TR_ADDR_LEN 6
42
+#define FDDI_ADDR_LEN 6
43
+#define MEDIA_ADDR_LEN 6
47
- MAX_IP_ADDR_LEN = IP6_ADDR_LEN,
48
+#define IP_ADDR_LEN 4
49
+#define IP6_ADDR_LEN 16
50
+#define MAX_IP_ADDR_LEN IP6_ADDR_LEN
52
- ETH_ASCII_ADDR_LEN = sizeof("ff:ff:ff:ff:ff:ff")+1,
53
- IP_ASCII_ADDR_LEN = sizeof("255.255.255.255")+1,
54
- IP6_ASCII_ADDR_LEN = sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")+1,
55
- MAX_ASCII_ADDR_LEN = IP6_ASCII_ADDR_LEN,
57
+#define ETH_ASCII_ADDR_LEN 19 // sizeof("ff:ff:ff:ff:ff:ff")+1
58
+#define IP_ASCII_ADDR_LEN 17 // sizeof("255.255.255.255")+1
59
+#define IP6_ASCII_ADDR_LEN 47 // sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")+1
60
+#define MAX_ASCII_ADDR_LEN IP6_ASCII_ADDR_LEN
63
* Some predefined addresses here
64
--- ettercap-0.7.5.1.orig/include/ec.h
65
+++ ettercap-0.7.5.1/include/ec.h
68
#define SAFE_FREE(x) do{ if(x) { free(x); x = NULL; } }while(0)
71
+/* convert to string */
72
+#define EC_STRINGIFY(in) #in
73
+#define EC_TOSTRING(in) EC_STRINGIFY(in)
76
#define __init __attribute__((constructor(101)))
77
#define __init_last __attribute__((constructor(200))
78
--- ettercap-0.7.5.1.orig/src/ec_scan.c
79
+++ ettercap-0.7.5.1/src/ec_scan.c
80
@@ -630,7 +630,7 @@ int scan_load_hosts(char *filename)
81
for (nhosts = 0; !feof(hf); nhosts++) {
84
- if (fscanf(hf, "%s %s %s\n", ip, mac, name) != 3 ||
85
+ if (fscanf(hf, "%"EC_TOSTRING(MAX_ASCII_ADDR_LEN)"s %"EC_TOSTRING(ETH_ASCII_ADDR_LEN)"s %"EC_TOSTRING(MAX_HOSTNAME_LEN)"s\n", ip, mac, name) != 3 ||
86
*ip == '#' || *mac == '#' || *name == '#')
89
--- ettercap-0.7.5.1.orig/src/dissectors/ec_mongodb.c
90
+++ ettercap-0.7.5.1/src/dissectors/ec_mongodb.c
91
@@ -99,7 +99,7 @@ FUNC_DECODER(dissector_mongodb)
92
if (session_get(&s, ident, DISSECT_IDENT_LEN) == ESUCCESS) {
93
conn_status = (struct mongodb_status *) s->data;
94
if (PACKET->DATA.len < 16)
97
unsigned char *res = memmem(ptr, PACKET->DATA.len, "fails", 5);
98
unsigned char *gres = memmem(ptr, PACKET->DATA.len, "readOnly", 8);
99
if (conn_status->status == WAIT_RESULT && res) {
100
@@ -118,7 +118,7 @@ FUNC_DECODER(dissector_mongodb)
101
if (session_get(&s, ident, DISSECT_IDENT_LEN) == ESUCCESS) {
102
conn_status = (struct mongodb_status *) s->data;
103
if (PACKET->DATA.len < 16)
107
unsigned char *noncep = memmem(ptr, PACKET->DATA.len, "nonce", 5);
108
unsigned char *keyp = memmem(ptr, PACKET->DATA.len, "key\x00", 4);