Hello again, on second thought I would like to suggest a better patch. The part touching netmask calculation is now more in accord with the solution I have chosen for the upcoming IPv6 patch intended for Tcpspy.
Best regards, Mats Erik Andersson, DM
Description: Recover from stack underflow fault. When applied with a single rule like tcpspy -e 'raddr 10.1.2.3' an incorrect bytecode BC_OR is still put on the stack. This causes the rule traversal to pop an empty stack, thus causing a segmentation fault. The good remedy is initially to push a FALSE onto the empty stack, serving as a guard against a later evaluation. Composite rules tcpspy -e 'raddr 10.1.2.3 and laddr 10.1.2.33' are never causing this segfault. . In addition, to simplify for the user, the netmask is applied to both addresses, the observed address and the stored address. This avoids false negatives due to miscalculation by the administrator. Author: Mats Erik Andersson <[email protected]> Forwarded: no Last-Update: 2011-03-04 diff -Naur tcpspy-1.7d.debian/rule.c tcpspy-1.7d/rule.c --- tcpspy-1.7d.debian/rule.c 2002-01-25 02:00:50.000000000 +0100 +++ tcpspy-1.7d/rule.c 2011-03-04 12:35:53.000000000 +0100 @@ -293,6 +293,8 @@ static size_t stack_size = 0, stack_ptr = 0; stack_ptr = 0; + PUSH(0); /* Put a single FALSE on the stack. This protects + * against a segfault from a simple rule. */ for (ip = 0; ip < code_length; ) { c = NEXTCODE; diff -Naur tcpspy-1.7d.debian/rule_lexer.l tcpspy-1.7d/rule_lexer.l --- tcpspy-1.7d.debian/rule_lexer.l 2002-01-25 02:01:02.000000000 +0100 +++ tcpspy-1.7d/rule_lexer.l 2011-03-04 12:37:25.000000000 +0100 @@ -166,7 +166,7 @@ } else rulelval.addr.mask = 0xFFFFFFFF; if (inet_aton (yytext, &in) == 0) YY_FATAL_ERROR ("bad IP address"); - rulelval.addr.addr = in.s_addr; + rulelval.addr.addr = in.s_addr & rulelval.addr.mask; return ADDR_SPEC; }
signature.asc
Description: Digital signature
