Package: desproxy
Version: 0.1.0~pre3-3
Severity: important
Tags: patch
The 20-compile-fixes.patch (originating from #561389) had the
unfortunate side-effect of breaking the desproxy-socksserver
program. The reason for this is that it changed the type of
'buffer' from unsigned char to char. A number of places in
desproxy-socksserver.c assume that it is not signed, for example when
extracting the remote host IP from the buffer:
sprintf (remote_host, "%d.%d.%d.%d", buffer[2], buffer[3], buffer[4],
buffer[5]);
If any of buffer[2] - buffer[5] are > 127 then this will result in some
strange looking IP addresses containing negative numbers!
The approach that I took to fix this problem was to change 'buffer' back
from char to unsigned char and fix the original warnings. I believe
that this is a safer approach than just changing the "%d"s to "%u"s in
the sprintf because there might be any number of other parts of the code
which also work on the assumption that the variable is unsigned.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages desproxy depends on:
ii libc6 2.10.2-6 Embedded GNU C Library:
Shared lib
desproxy recommends no packages.
desproxy suggests no packages.
-- no debconf information
Confidentiality Notice: This message (including attachments) is a private communication solely for use of the intended recipient(s).
If you are not the intended recipient(s) or believe you received this message in error, notify the sender immediately and then delete this
message. Any other use, retention, dissemination or copying is prohibited and may be a violation of law, including the Electronic
Communication Privacy Act of 1986."
Only in desproxy-0.1.0-pre3.fixed/: config.log
Only in desproxy-0.1.0-pre3.fixed/: config.status
Only in desproxy-0.1.0-pre3.fixed/: Makefile
diff -ru desproxy-0.1.0-pre3.orig//src/desproxy-dns.c
desproxy-0.1.0-pre3.fixed//src/desproxy-dns.c
--- desproxy-0.1.0-pre3.orig//src/desproxy-dns.c 2004-06-11
06:51:40.000000000 +1000
+++ desproxy-0.1.0-pre3.fixed//src/desproxy-dns.c 2010-08-08
15:38:04.000000000 +1000
@@ -57,6 +57,7 @@
int count;
int htons_size;
char buffer[MAXREQUESTLEN + 2];
+ unsigned short int* ptr;
debug_printf (">answer_request(%d,%d)\n", connection, size);
if (connection == UDP_CONNECTION)
@@ -98,7 +99,8 @@
perror ("read");
return (-3);
}
- size = ntohs (*((unsigned short int *) buffer));
+ ptr = (unsigned short int*)buffer;
+ size = ntohs (*ptr);
debug_printf ("size=%d\n", size);
if ((count = read (proxy_socket[connection], &buffer[2], size)) == -1)
{
@@ -258,10 +260,8 @@
requests[connection].bib + count;
if (requests[connection].bib > 2) // if at least 2 bib
(Bytes In Buffer), we have request size
{
- requests[connection].size =
- htons (*
- ((unsigned short int *)
- &requests[connection].buffer[0]));
+ unsigned short int* ptr = (unsigned short
int*)&requests[connection].buffer[0];
+ requests[connection].size = htons (*ptr);
if (requests[connection].size ==
requests[connection].bib - 2)
{
diff -ru desproxy-0.1.0-pre3.orig//src/desproxy.h
desproxy-0.1.0-pre3.fixed//src/desproxy.h
--- desproxy-0.1.0-pre3.orig//src/desproxy.h 2010-08-08 15:35:26.000000000
+1000
+++ desproxy-0.1.0-pre3.fixed//src/desproxy.h 2010-08-08 15:34:15.000000000
+1000
@@ -84,7 +84,7 @@
char console_line[256];
char HTTP_return_code[4];
char string[256];
-char buffer[BUFFER_SIZE];
+unsigned char buffer[BUFFER_SIZE];
unsigned char client_socket_is_free[MAX_CONNECTIONS];
fd_set mask, rmask;
diff -ru desproxy-0.1.0-pre3.orig//src/desproxy-socksserver.c
desproxy-0.1.0-pre3.fixed//src/desproxy-socksserver.c
--- desproxy-0.1.0-pre3.orig//src/desproxy-socksserver.c 2003-09-17
19:55:01.000000000 +1000
+++ desproxy-0.1.0-pre3.fixed//src/desproxy-socksserver.c 2010-08-08
15:26:08.000000000 +1000
@@ -238,7 +238,7 @@
EOC (connection);
return;
}
- strncat (remote_host, buffer, 1);
+ strncat (remote_host, (char*)buffer, 1);
}
strncat (remote_host, "\x00", 1);
debug_printf ("remote_host %s\n", remote_host);
Only in desproxy-0.1.0-pre3.fixed//src: Makefile
