← Back to branch summary

~ubuntu-branches/ubuntu/warty/iptables/warty

« back to all changes in this revision

Viewing changes to patches/004-minor_buffer_overflows.patch

  • Committer: Bazaar Package Importer
  • Author(s): Laurence J. Lane
  • Date: 2004-06-15 20:38:42 UTC
  • Revision ID: james.westby@ubuntu.com-20040615203842-o4o634vwht1cix5k
Tags: 1.2.9-10
http://bugs.debian.org/246037
* Closes: #246037, added default logging level to man pages, requested
  by Max Vozeler. Thanks.
* conslidated all man page patches to 003-man_pages.patch.
* added 006-64_32.patch, CVS pull, Sparc64 and HPPA makefile clean up
  for 64/32-bit builds. Reported by Igor Genibel. Thanks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
patches/004-minor_buffer_overflows.patch
 
1
diff -urN old/iptables-1.2.9/extensions/libip6t_owner.c new/iptables-1.2.9/extensions/libip6t_owner.c
 
2
--- old/iptables-1.2.9/extensions/libip6t_owner.c       2003-06-30 12:16:54.000000000 -0400
 
3
+++ new/iptables-1.2.9/extensions/libip6t_owner.c       2004-02-22 16:29:59.000000000 -0500
 
4
@@ -129,6 +129,7 @@
 
5
                        exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm));
 
6
                
 
7
                strncpy(ownerinfo->comm, optarg, sizeof(ownerinfo->comm));
 
8
+               ownerinfo->comm[sizeof(ownerinfo->comm)-1] = '\0';
 
9
 
 
10
                if (invert)
 
11
                        ownerinfo->invert |= IP6T_OWNER_COMM;
 
12
--- old/iptables-1.2.9/extensions/libipt_XOR.c  2003-05-31 13:11:49.000000000 -0400
 
13
+++ new/iptables-1.2.9/extensions/libipt_XOR.c  2004-02-22 16:29:59.000000000 -0500
 
14
@@ -47,6 +47,7 @@
 
15
        switch (c) {    
 
16
                case '1':
 
17
                        strncpy(info->key, optarg, 30);
 
18
+                       info->key[29] = '\0';
 
19
                        *flags |= IPT_KEY_SET;
 
20
                        break;
 
21
                case '2':
 
22
--- old/iptables-1.2.9/extensions/libipt_helper.c       2003-03-05 02:26:13.000000000 -0500
 
23
+++ new/iptables-1.2.9/extensions/libipt_helper.c       2004-02-22 16:29:59.000000000 -0500
 
24
@@ -46,6 +46,7 @@
 
25
        case '1':
 
26
                check_inverse(optarg, &invert, &invert, 0);
 
27
                strncpy(info->name, optarg, 29);
 
28
+               info->name[29] = '\0';
 
29
                if (invert)
 
30
                        info->invert = 1;
 
31
                *flags = 1;
 
32
--- old/iptables-1.2.9/extensions/libipt_owner.c        2003-05-03 14:52:15.000000000 -0400
 
33
+++ new/iptables-1.2.9/extensions/libipt_owner.c        2004-02-22 16:29:59.000000000 -0500
 
34
@@ -128,6 +128,7 @@
 
35
                        exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm));
 
36
 
 
37
                strncpy(ownerinfo->comm, optarg, sizeof(ownerinfo->comm));
 
38
+               ownerinfo->comm[sizeof(ownerinfo->comm)-1] = '\0';
 
39
 
 
40
                if (invert)
 
41
                        ownerinfo->invert |= IPT_OWNER_COMM;
 
42
--- old/iptables-1.2.9/extensions/libipt_recent.c       2003-06-14 18:39:35.000000000 -0400
 
43
+++ new/iptables-1.2.9/extensions/libipt_recent.c       2004-02-22 16:29:59.000000000 -0500
 
44
@@ -75,6 +75,9 @@
 
45
        *nfcache |= NFC_UNKNOWN;
 
46
 
 
47
        strncpy(info->name,"DEFAULT",IPT_RECENT_NAME_LEN);
 
48
+       /* eventhough IPT_RECENT_NAME_LEN is currently defined as 200,
 
49
+        * better be safe, than sorry */
 
50
+       info->name[IPT_RECENT_NAME_LEN-1] = '\0';
 
51
        info->side = IPT_RECENT_SOURCE;
 
52
 }
 
53
 
 
54
@@ -142,6 +145,7 @@
 
55
 
 
56
                case 208:
 
57
                        strncpy(info->name,optarg,IPT_RECENT_NAME_LEN);
 
58
+                       info->name[IPT_RECENT_NAME_LEN-1] = '\0';
 
59
                        break;
 
60
 
 
61
                case 209:
 
62
--- old/iptables-1.2.9/ip6tables-restore.c      2003-05-03 14:52:13.000000000 -0400
 
63
+++ new/iptables-1.2.9/ip6tables-restore.c      2004-02-22 16:29:59.000000000 -0500
 
64
@@ -182,6 +182,7 @@
 
65
                                exit(1);
 
66
                        }
 
67
                        strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
 
68
+                       curtable[IP6T_TABLE_MAXNAMELEN] = '\0';
 
69
 
 
70
                        if (handle)
 
71
                                ip6tc_free(&handle);
 
72
--- old/iptables-1.2.9/ip6tables.c      2004-02-22 16:29:21.000000000 -0500
 
73
+++ new/iptables-1.2.9/ip6tables.c      2004-02-22 16:29:59.000000000 -0500
 
74
@@ -675,6 +675,7 @@
 
75
        int i, j, n;
 
76
 
 
77
        strncpy(buf, name, sizeof(buf) - 1);
 
78
+       buf[sizeof(buf) - 1] = '\0';
 
79
        if ((p = strrchr(buf, '/')) != NULL) {
 
80
                *p = '\0';
 
81
                addrp = parse_mask(p + 1);
 
82
diff -urN old/iptables-1.2.9/iptables-restore.c new/iptables-1.2.9/iptables-restore.c
 
83
--- old/iptables-1.2.9/iptables-restore.c       2003-05-03 14:52:13.000000000 -0400
 
84
+++ new/iptables-1.2.9/iptables-restore.c       2004-02-22 16:29:59.000000000 -0500
 
85
@@ -179,6 +179,7 @@
 
86
                                exit(1);
 
87
                        }
 
88
                        strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
 
89
+                       curtable[IPT_TABLE_MAXNAMELEN] = '\0';
 
90
 
 
91
                        if (handle)
 
92
                                iptc_free(&handle);
 
93
--- old/iptables-1.2.9/iptables.c       2004-02-22 16:29:21.000000000 -0500
 
94
+++ new/iptables-1.2.9/iptables.c       2004-02-22 16:29:59.000000000 -0500
 
95
@@ -268,6 +268,7 @@
 
96
 
 
97
        /* copy dotted string, because we need to modify it */
 
98
        strncpy(buf, dotted, sizeof(buf) - 1);
 
99
+       buf[sizeof(buf) - 1] = '\0';
 
100
        addrp = (unsigned char *) &(addr.s_addr);
 
101
 
 
102
        p = buf;
 
103
@@ -633,6 +634,7 @@
 
104
        int i, j, k, n;
 
105
 
 
106
        strncpy(buf, name, sizeof(buf) - 1);
 
107
+       buf[sizeof(buf) - 1] = '\0';
 
108
        if ((p = strrchr(buf, '/')) != NULL) {
 
109
                *p = '\0';
 
110
                addrp = parse_mask(p + 1);
 
111
--- old/iptables-1.2.9/libiptc/libiptc.c        2003-07-05 16:11:11.000000000 -0400
 
112
+++ new/iptables-1.2.9/libiptc/libiptc.c        2004-02-22 16:29:59.000000000 -0500
 
113
@@ -526,6 +526,7 @@
 
114
        h->cache_num_chains++;
 
115
 
 
116
        strncpy(newcc->name, name, TABLE_MAXNAMELEN-1);
 
117
+       newcc->name[TABLE_MAXNAMELEN-1] = '\0';
 
118
        newcc->start_off = start_off;
 
119
        newcc->end_off = end_off;
 
120