Package: cfingerd
Version: 1.4.3-3
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu raring ubuntu-patch
*** /tmp/tmpntc4Ea/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: fix buffer overflow in rfc1413 (ident) client
(LP: #1104425).
- CVE-2013-1049
This vulnerability to have been introduced by the following:
* Applied IPv6 patch from Mats Erik Andersson
<mats.anders...@gisladisker.se> (closes: Bug#570024)
See dowstream bug report for more information:
https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425
Thanks for considering the patch.
-- System Information:
Debian Release: wheezy/sid
APT prefers quantal-updates
APT policy: (500, 'quantal-updates'), (500, 'quantal-security'), (500,
'quantal-proposed'), (500, 'quantal'), (100, 'quantal-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.5.0-23-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u cfingerd-1.4.3/debian/changelog cfingerd-1.4.3/debian/changelog
diff -u cfingerd-1.4.3/src/rfc1413.c cfingerd-1.4.3/src/rfc1413.c
--- cfingerd-1.4.3/src/rfc1413.c
+++ cfingerd-1.4.3/src/rfc1413.c
@@ -25,7 +25,9 @@
* the implementation. Completely rewritten by yours truly to be self-
* contained in a single program. Simple, easy to use.
*/
-#define BUFLEN (2 * INET6_ADDRSTRLEN)
+#define UNAMELEN 64
+#define BUFLEN UNAMELEN + INET6_ADDRSTRLEN + 2
+#define INPUTLEN 256
char *get_rfc1413_data(struct sockaddr_storage * local_addr,
struct sockaddr_storage * peer_addr )
{
@@ -34,7 +36,7 @@
struct sockaddr_storage sin;
struct sockaddr_in *sa4 = (struct sockaddr_in *) &sin;
struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) &sin;
- char buffer[1024], buf[BUFLEN], uname[64], *bleah;
+ char buffer[1024], buf[INPUTLEN], uname[UNAMELEN], *bleah;
char *cp, *xp;
struct servent *serv;
