Your message dated Wed, 16 Mar 2005 17:02:16 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#283582: fixed in udhcp 0.9.8cvs20050124-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 29 Nov 2004 23:58:28 +0000
>From [EMAIL PROTECTED] Mon Nov 29 15:58:28 2004
Return-path: <[EMAIL PROTECTED]>
Received: from webmail-outgoing.us4.outblaze.com [205.158.62.67]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CYvPY-0004N4-00; Mon, 29 Nov 2004 15:58:28 -0800
Received: from wfilter.us4.outblaze.com (wfilter.us4.outblaze.com
[205.158.62.180])
by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id 4A34A1800225
for <[EMAIL PROTECTED]>; Mon, 29 Nov 2004 23:57:58 +0000 (GMT)
X-OB-Received: from unknown (208.36.123.33)
by wfilter.us4.outblaze.com; 29 Nov 2004 23:57:57 -0000
Received: by ws7-4.us4.outblaze.com (Postfix, from userid 1001)
id 6D2ECCA077; Mon, 29 Nov 2004 23:57:57 +0000 (GMT)
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received: from [64.163.129.139] by ws7-4.us4.outblaze.com with http for
[EMAIL PROTECTED]; Mon, 29 Nov 2004 18:57:57 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Mon, 29 Nov 2004 18:57:57 -0500
Subject: Buffer overflow from command line argument parsing
X-Originating-Ip: 64.163.129.139
X-Originating-Server: ws7-4.us4.outblaze.com
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE,
NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: udhcpc
Version: 0.9.8cvs20040708-4
Severity: serious
Tags: security patch
In the current code, strcpy() is used to copy interface names from
the command line into local buffers with no length checking.
Andre McCurdy
--
[EMAIL PROTECTED]:~# uname -a
Linux has 2.4.27-vrs1 #1 Wed Nov 24 19:31:22 PST 2004 armv4l GNU/Linux
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# udhcpc -i "$(for ((i=3D0;i<1000;i++)); do echo -n "a";
done)"
udhcpc (v0.9.9-pre) started
udhcpc[250]: udhcpc (v0.9.9-pre) started
pc : [<40049084>] lr : [<40048fe4>] Tainted: PF
sp : 7ffff070 ip : 00000041 fp : 7ffff12c
r10: 4013e6bc r9 : 7ffff308 r8 : 00000006
r7 : 0000414c r6 : 4012edf6 r5 : 7ffffa94 r4 : 61616161
r3 : 61616161 r2 : 7ffffa94 r1 : 0000004c r0 : 00000008
Flags: nzCv IRQs on FIQs on Mode USER_32 Segment user
Control: 217F Table: C0DD0015 DAC: 00000015
Segmentation fault
[EMAIL PROTECTED]:~#
diff -ruN udhcp_0.9.8cvs20040708.orig/arpping.c udhcp_0.9.8cvs20040708/arpp=
ing.c
--- udhcp_0.9.8cvs20040708.orig/arpping.c 2004-05-19 01:26:01.000000000
-07=
00
+++ udhcp_0.9.8cvs20040708/arpping.c 2004-11-29 15:48:42.000000000 -0800
@@ -73,7 +73,7 @@
memcpy(arp.tInaddr, &yiaddr, sizeof(yiaddr)); /* target IP address */
=20
memset(&addr, 0, sizeof(addr));
- strcpy(addr.sa_data, interface);
+ strncpy(addr.sa_data, interface, sizeof(addr.sa_data)-1);
if (sendto(s, &arp, sizeof(arp), 0, &addr, sizeof(addr)) < 0)
rv =3D 0;
=20
diff -ruN udhcp_0.9.8cvs20040708.orig/socket.c udhcp_0.9.8cvs20040708/socke=
t.c
--- udhcp_0.9.8cvs20040708.orig/socket.c 2004-05-19 00:32:36.000000000
-0700
+++ udhcp_0.9.8cvs20040708/socket.c 2004-11-29 15:48:02.000000000 -0800
@@ -53,7 +53,7 @@
memset(&ifr, 0, sizeof(struct ifreq));
if((fd =3D socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) >=3D 0) {
ifr.ifr_addr.sa_family =3D AF_INET;
- strcpy(ifr.ifr_name, interface);
+ strncpy(ifr.ifr_name, interface, IFNAMSIZ-1);
=20
if (addr) {
if (ioctl(fd, SIOCGIFADDR, &ifr) =3D=3D 0) {
--=20
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.as=
p?SRC=3Dlycos10
---------------------------------------
Received: (at 283582-close) by bugs.debian.org; 16 Mar 2005 22:08:02 +0000
>From [EMAIL PROTECTED] Wed Mar 16 14:08:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DBggL-0002BH-00; Wed, 16 Mar 2005 14:08:02 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DBgam-0006Kg-00; Wed, 16 Mar 2005 17:02:16 -0500
From: Eric Van Buggenhaut <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#283582: fixed in udhcp 0.9.8cvs20050124-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 16 Mar 2005 17:02:16 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: udhcp
Source-Version: 0.9.8cvs20050124-1
We believe that the bug you reported is fixed in the latest version of
udhcp, which is due to be installed in the Debian FTP archive:
udhcp_0.9.8cvs20050124-1.diff.gz
to pool/main/u/udhcp/udhcp_0.9.8cvs20050124-1.diff.gz
udhcp_0.9.8cvs20050124-1.dsc
to pool/main/u/udhcp/udhcp_0.9.8cvs20050124-1.dsc
udhcp_0.9.8cvs20050124.orig.tar.gz
to pool/main/u/udhcp/udhcp_0.9.8cvs20050124.orig.tar.gz
udhcpc_0.9.8cvs20050124-1_i386.deb
to pool/main/u/udhcp/udhcpc_0.9.8cvs20050124-1_i386.deb
udhcpd_0.9.8cvs20050124-1_i386.deb
to pool/main/u/udhcp/udhcpd_0.9.8cvs20050124-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Van Buggenhaut <[EMAIL PROTECTED]> (supplier of updated udhcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 14 Mar 2005 22:51:51 +0100
Source: udhcp
Binary: udhcpc udhcpd
Architecture: source i386
Version: 0.9.8cvs20050124-1
Distribution: unstable
Urgency: low
Maintainer: Eric Van Buggenhaut <[EMAIL PROTECTED]>
Changed-By: Eric Van Buggenhaut <[EMAIL PROTECTED]>
Description:
udhcpc - very small DHCP client
udhcpd - very small DHCP server
Closes: 283582
Changes:
udhcp (0.9.8cvs20050124-1) unstable; urgency=low
.
* New upstream release
* Replace all strcpy by strncpy (closes: #283582)
Files:
7e04570e492501c159b6b17c236d9e72 565 net optional udhcp_0.9.8cvs20050124-1.dsc
31fc1ad19495b93cdbe8b473afcd0633 48442 net optional
udhcp_0.9.8cvs20050124.orig.tar.gz
609cd5c43f07ffe4749f1d49c3c48d9e 13566 net optional
udhcp_0.9.8cvs20050124-1.diff.gz
32c98fe6c6f6dd1012f4642417125323 22438 net optional
udhcpc_0.9.8cvs20050124-1_i386.deb
ffb6de064d171ff189dfe115c31120c8 24922 net optional
udhcpd_0.9.8cvs20050124-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCOKac4VLuWbCehTARAg+iAJwLFoT0cBx2l3e+uVoXDn7WJ4d8eQCfVUou
MWkgOjO/PsZwyax7DHafMn4=
=cuXH
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
