Your message dated Mon, 14 Mar 2005 16:38:28 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Closed.
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Feb 2003 13:51:54 +0000
>From [EMAIL PROTECTED] Fri Feb 21 07:51:53 2003
Return-path: <[EMAIL PROTECTED]>
Received: from mail.cert.uni-stuttgart.de [129.69.16.17]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 18mDaj-0005YA-00; Fri, 21 Feb 2003 07:51:53 -0600
Received: from rusfw by Mail.CERT.Uni-Stuttgart.DE with local (Exim 4.10)
id 18mDag-000476-00; Fri, 21 Feb 2003 14:51:50 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Florian Weimer <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: ngrep: Read buffer overflow
X-Mailer: reportbug 2.10
Date: Fri, 21 Feb 2003 14:51:50 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-1.1 required=4.0
tests=HAS_PACKAGE,PATCH_UNIFIED_DIFF,SPAM_PHRASE_00_01
version=2.44
X-Spam-Level:
Package: ngrep
Version: 1.40.1-3
Severity: important
Tags: upstream patch
Apparently, libcap can call process() with packets of zero length. The
patch below takes this into account.
The buffer overflow happens during a read operation, so it's not really
security-relevant.
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux Login 2.4.18-xfs-1.1 #6 SMP Fri Jan 3 14:39:36 CET 2003 i686
Locale: LANG=C, LC_CTYPE=en_US
Versions of packages ngrep depends on:
ii libc6 2.3.1-10 GNU C Library: Shared libraries an
ii libpcap0.7 0.7.1-1 System interface for user-level pa
ii libpcre3 3.4-1.1 Philip Hazel's Perl Compatible Reg
-- no debconf information
--- debian/ngrep-1.40.1/ngrep.c 2003-02-21 14:50:27.000000000 +0100
+++ debian/ngrep-1.40.1/ngrep.c-hacked 2003-02-21 14:50:31.000000000 +0100
@@ -418,7 +418,9 @@
int len;
#define min(x,y) (x<y ? x : y)
- memmove( pkbuf, p+link_offset, 0xffff & (min(h->caplen, h->len) -
link_offset) ); /* move to an aligned buffer */
+ len = min(h->caplen, h->len);
+ if (len < link_offset) return;
+ memmove( pkbuf, p+link_offset, 0xffff & (len - link_offset) ); /* move to an
aligned buffer */
ip_packet = (struct ip *)pkbuf;
#if defined(AIX)
---------------------------------------
Received: (at 181887-done) by bugs.debian.org; 14 Mar 2005 16:38:30 +0000
>From [EMAIL PROTECTED] Mon Mar 14 08:38:30 2005
Return-path: <[EMAIL PROTECTED]>
Received: from www.steve.org.uk (skx.vm.bytemark.co.uk) [80.68.89.210]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DAsaL-0007LJ-00; Mon, 14 Mar 2005 08:38:29 -0800
Received: from steve by skx.vm.bytemark.co.uk with local (Exim 3.35 #1 (Debian))
id 1DAsaK-0001MW-00
for <[EMAIL PROTECTED]>; Mon, 14 Mar 2005 16:38:28 +0000
Date: Mon, 14 Mar 2005 16:38:28 +0000
From: Steve Kemp <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Closed.
Message-ID: <[EMAIL PROTECTED]>
Reply-To: Steve Kemp <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
Sender: Steve Kemp <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
As reported in the log this bug is no longer present in the upstream
release, so this may be safely closed.
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
