OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Michael Schloh
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 07-Apr-2004 17:44:02
Branch: OPENPKG_1_3_SOLID Handle: 2004040716440200
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/tcpdump tcpdump.patch tcpdump.spec
Log:
OpenPKG-SA-2004.010-tcpdump (CAN-2004-0183 and CAN-2004-0184): Integrate
patch code from debian's tcpdump_3.7.2-4.diff.gz to avoid denial of service
from reading ISAKMP packets with malformed delete payloads and
identification payloads
Summary:
Revision Changes Path
1.1.6.2.2.2 +495 -11 openpkg-src/tcpdump/tcpdump.patch
1.25.2.3.2.3+1 -1 openpkg-src/tcpdump/tcpdump.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/tcpdump/tcpdump.patch
============================================================================
$ cvs diff -u -r1.1.6.2.2.1 -r1.1.6.2.2.2 tcpdump.patch
--- openpkg-src/tcpdump/tcpdump.patch 16 Jan 2004 12:38:59 -0000 1.1.6.2.2.1
+++ openpkg-src/tcpdump/tcpdump.patch 7 Apr 2004 15:44:02 -0000 1.1.6.2.2.2
@@ -19,17 +19,19 @@
tcpdump patch patrix; [EMAIL PROTECTED]
- tcpdump 371 371 372 381
- OpenPKG 120 121 130 20020822
- --- --- --- ---
- CAN-2002-0380 nfs y n n n see past OpenPKG-SA-2003.014-tcpdump
- CAN-2002-1350 bgp y n n n see past OpenPKG-SA-2003.014-tcpdump
- CAN-2003-0108 isakmp y n n n see past OpenPKG-SA-2003.014-tcpdump
- depth y y y n (*)
- CAN-2003-0989 isakmp y y y n updates CAN-2003-0108-isakmp
- CAN-2003-1029 l2tp y y n n
- CAN-2004-0055 radius y y y y
- CAN-2004-0057 isakmp y y y y
+ tcpdump 371 371 372 372 381
+ OpenPKG 120 121 130 131 20020822
+ --- --- --- --- ---
+ CAN-2002-0380 nfs y n n n n see past OpenPKG-SA-2003.014-tcpdump
+ CAN-2002-1350 bgp y n n n n see past OpenPKG-SA-2003.014-tcpdump
+ CAN-2003-0108 isakmp y n n n n see past OpenPKG-SA-2003.014-tcpdump
+ depth y y y n n (*)
+ CAN-2003-0989 isakmp y y y n n updates CAN-2003-0108-isakmp
+ CAN-2003-1029 l2tp y y n n n
+ CAN-2004-0055 radius y y y y y
+ CAN-2004-0057 isakmp y y y y y
+ CAN-2004-0183 isakmp y y y y y
+ CAN-2004-0184 isakmp y y y y y
(*) the vendor code fix for CAN-2003-0108 had two other unrelated code
changes piggybacked. We removed the cosmetics (constify) and
@@ -492,3 +494,485 @@
static char *
+Index: print-isakmp.c
+diff -Nau print-isakmp.c.CAN-2004-0183 print-isakmp.c
+--- print-isakmp.c.CAN-2004-0183 2004-04-07 16:29:55.000000000 +0200
++++ print-isakmp.c 2004-04-07 17:16:45.000000000 +0200
+@@ -326,7 +326,7 @@
+ return 0;
+ }
+
+-static void
++static int
+ rawprint(caddr_t loc, size_t len)
+ {
+ static u_char *p;
+@@ -337,8 +337,9 @@
+ p = (u_char *)loc;
+ for (i = 0; i < len; i++)
+ printf("%02x", p[i] & 0xff);
++ return 1;
+ trunc:
+- return;
++ return 0;
+ }
+
+ struct attrmap {
+@@ -430,6 +431,7 @@
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_SA));
+
+ p = (struct isakmp_pl_sa *)ext;
++ TCHECK(*p);
+ safememcpy(&sa, ext, sizeof(sa));
+ doi = ntohl(sa.doi);
+ sit = ntohl(sa.sit);
+@@ -456,16 +458,21 @@
+
+ np = (u_char *)ext + sizeof(sa);
+ if (sit != 0x01) {
++ TCHECK2(*(ext + 1), sizeof(ident));
+ safememcpy(&ident, ext + 1, sizeof(ident));
+ printf(" ident=%u", (u_int32_t)ntohl(ident));
+ np += sizeof(ident);
+ }
+
+ ext = (struct isakmp_gen *)np;
++ TCHECK(*ext);
+
+ cp = isakmp_sub_print(ISAKMP_NPTYPE_P, ext, ep, phase, doi, proto0, depth);
+
+ return cp;
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_SA));
++ return NULL;
+ }
+
+ static u_char *
+@@ -478,20 +485,26 @@
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_P));
+
+ p = (struct isakmp_pl_p *)ext;
++ TCHECK(*p);
+ safememcpy(&prop, ext, sizeof(prop));
+ printf(" #%d protoid=%s transform=%d",
+ prop.p_no, PROTOIDSTR(prop.prot_id), prop.num_t);
+ if (prop.spi_size) {
+ printf(" spi=");
+- rawprint((caddr_t)(p + 1), prop.spi_size);
++ if (!rawprint((caddr_t)(p + 1), prop.spi_size))
++ goto trunc;
+ }
+
+ ext = (struct isakmp_gen *)((u_char *)(p + 1) + prop.spi_size);
++ TCHECK(*ext);
+
+ cp = isakmp_sub_print(ISAKMP_NPTYPE_T, ext, ep, phase, doi0,
+ prop.prot_id, depth);
+
+ return cp;
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_P));
++ return NULL;
+ }
+
+ static char *isakmp_p_map[] = {
+@@ -564,6 +577,7 @@
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_T));
+
+ p = (struct isakmp_pl_t *)ext;
++ TCHECK(*p);
+ safememcpy(&t, ext, sizeof(t));
+
+ switch (proto) {
+@@ -610,6 +624,9 @@
+ if (ep < ep2)
+ printf("...");
+ return cp;
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_T));
++ return NULL;
+ }
+
+ static u_char *
+@@ -620,13 +637,18 @@
+
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_KE));
+
++ TCHECK(*ext);
+ safememcpy(&e, ext, sizeof(e));
+ printf(" key len=%d", ntohs(e.len) - 4);
+ if (2 < vflag && 4 < ntohs(e.len)) {
+ printf(" ");
+- rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
++ if (!rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4))
++ goto trunc;
+ }
+ return (u_char *)ext + ntohs(e.len);
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_KE));
++ return NULL;
+ }
+
+ static u_char *
+@@ -649,12 +671,15 @@
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_ID));
+
+ p = (struct isakmp_pl_id *)ext;
++ TCHECK(*p);
+ safememcpy(&id, ext, sizeof(id));
+- if (sizeof(*p) < id.h.len)
++ if (sizeof(*p) < ntohs(id.h.len)) {
+ data = (u_char *)(p + 1);
+- else
++ len = ntohs(id.h.len) - sizeof(*p);
++ } else {
+ data = NULL;
+- len = ntohs(id.h.len) - sizeof(*p);
++ len = 0;
++ }
+
+ #if 0 /*debug*/
+ printf(" [phase=%d doi=%d proto=%d]", phase, doi, proto);
+@@ -678,6 +703,7 @@
+ struct protoent *pe;
+
+ p = (struct ipsecdoi_id *)ext;
++ TCHECK(*p);
+ safememcpy(&id, ext, sizeof(id));
+ printf(" idtype=%s", STR_OR_ID(id.type, ipsecidtypestr));
+ if (id.proto_id) {
+@@ -693,9 +719,15 @@
+ printf(" port=%d", ntohs(id.port));
+ if (!len)
+ break;
++ if (data == NULL)
++ goto trunc;
++ TCHECK2(*data, len);
+ switch (id.type) {
+ case IPSECDOI_ID_IPV4_ADDR:
+- printf(" len=%d %s", len, ipaddr_string(data));
++ if (len < 4)
++ printf(" len=%d [bad: < 4]", len);
++ else
++ printf(" len=%d %s", len, ipaddr_string(data));
+ len = 0;
+ break;
+ case IPSECDOI_ID_FQDN:
+@@ -711,39 +743,58 @@
+ case IPSECDOI_ID_IPV4_ADDR_SUBNET:
+ {
+ u_char *mask;
+- mask = data + sizeof(struct in_addr);
+- printf(" len=%d %s/%u.%u.%u.%u", len,
+- ipaddr_string(data),
+- mask[0], mask[1], mask[2], mask[3]);
++ if (len < 8)
++ printf(" len=%d [bad: < 8]", len);
++ else {
++ mask = data + sizeof(struct in_addr);
++ printf(" len=%d %s/%u.%u.%u.%u", len,
++ ipaddr_string(data),
++ mask[0], mask[1], mask[2], mask[3]);
++ }
+ len = 0;
+ break;
+ }
+ #ifdef INET6
+ case IPSECDOI_ID_IPV6_ADDR:
+- printf(" len=%d %s", len, ip6addr_string(data));
++ if (len < 16)
++ printf(" len=%d [bad: < 16]", len);
++ else
++ printf(" len=%d %s", len, ip6addr_string(data));
+ len = 0;
+ break;
+ case IPSECDOI_ID_IPV6_ADDR_SUBNET:
+ {
+ u_int32_t *mask;
+- mask = (u_int32_t *)(data + sizeof(struct in6_addr));
+- /*XXX*/
+- printf(" len=%d %s/0x%08x%08x%08x%08x", len,
+- ip6addr_string(data),
+- mask[0], mask[1], mask[2], mask[3]);
++ if (len < 20)
++ printf(" len=%d [bad: < 20]", len);
++ else {
++ mask = (u_int32_t *)(data + sizeof(struct in6_addr));
++ /*XXX*/
++ printf(" len=%d %s/0x%08x%08x%08x%08x", len,
++ ip6addr_string(data),
++ mask[0], mask[1], mask[2], mask[3]);
++ }
+ len = 0;
+ break;
+ }
+ #endif /*INET6*/
+ case IPSECDOI_ID_IPV4_ADDR_RANGE:
+- printf(" len=%d %s-%s", len, ipaddr_string(data),
+- ipaddr_string(data + sizeof(struct in_addr)));
++ if (len < 8)
++ printf(" len=%d [bad: < 8]", len);
++ else {
++ printf(" len=%d %s-%s", len, ipaddr_string(data),
++ ipaddr_string(data + sizeof(struct in_addr)));
++ }
+ len = 0;
+ break;
+ #ifdef INET6
+ case IPSECDOI_ID_IPV6_ADDR_RANGE:
+- printf(" len=%d %s-%s", len, ip6addr_string(data),
+- ip6addr_string(data + sizeof(struct in6_addr)));
++ if (len < 32)
++ printf(" len=%d [bad: < 32]", len);
++ else {
++ printf(" len=%d %s-%s", len, ip6addr_string(data),
++ ip6addr_string(data + sizeof(struct
in6_addr)));
++ }
+ len = 0;
+ break;
+ #endif /*INET6*/
+@@ -759,10 +810,14 @@
+ printf(" len=%d", len);
+ if (2 < vflag) {
+ printf(" ");
+- rawprint((caddr_t)data, len);
++ if (!rawprint((caddr_t)data, len))
++ goto trunc;
+ }
+ }
+ return (u_char *)ext + ntohs(id.h.len);
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_ID));
++ return NULL;
+ }
+
+ static u_char *
+@@ -779,14 +834,19 @@
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_CERT));
+
+ p = (struct isakmp_pl_cert *)ext;
++ TCHECK(*p);
+ safememcpy(&cert, ext, sizeof(cert));
+ printf(" len=%d", ntohs(cert.h.len) - 4);
+ printf(" type=%s", STR_OR_ID((cert.encode), certstr));
+ if (2 < vflag && 4 < ntohs(cert.h.len)) {
+ printf(" ");
+- rawprint((caddr_t)(ext + 1), ntohs(cert.h.len) - 4);
++ if (!rawprint((caddr_t)(ext + 1), ntohs(cert.h.len) - 4))
++ goto trunc;
+ }
+ return (u_char *)ext + ntohs(cert.h.len);
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_CERT));
++ return NULL;
+ }
+
+ static u_char *
+@@ -803,14 +863,19 @@
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_CR));
+
+ p = (struct isakmp_pl_cert *)ext;
++ TCHECK(*p);
+ safememcpy(&cert, ext, sizeof(cert));
+ printf(" len=%d", ntohs(cert.h.len) - 4);
+ printf(" type=%s", STR_OR_ID((cert.encode), certstr));
+ if (2 < vflag && 4 < ntohs(cert.h.len)) {
+ printf(" ");
+- rawprint((caddr_t)(ext + 1), ntohs(cert.h.len) - 4);
++ if (!rawprint((caddr_t)(ext + 1), ntohs(cert.h.len) - 4))
++ goto trunc;
+ }
+ return (u_char *)ext + ntohs(cert.h.len);
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_CR));
++ return NULL;
+ }
+
+ static u_char *
+@@ -821,13 +886,18 @@
+
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_HASH));
+
++ TCHECK(*ext);
+ safememcpy(&e, ext, sizeof(e));
+ printf(" len=%d", ntohs(e.len) - 4);
+ if (2 < vflag && 4 < ntohs(e.len)) {
+ printf(" ");
+- rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
++ if (!rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4))
++ goto trunc;
+ }
+ return (u_char *)ext + ntohs(e.len);
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_HASH));
++ return NULL;
+ }
+
+ static u_char *
+@@ -838,13 +908,18 @@
+
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_SIG));
+
++ TCHECK(*ext);
+ safememcpy(&e, ext, sizeof(e));
+ printf(" len=%d", ntohs(e.len) - 4);
+ if (2 < vflag && 4 < ntohs(e.len)) {
+ printf(" ");
+- rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
++ if (!rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4))
++ goto trunc;
+ }
+ return (u_char *)ext + ntohs(e.len);
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_SIG));
++ return NULL;
+ }
+
+ static u_char *
+@@ -855,13 +930,18 @@
+
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_NONCE));
+
++ TCHECK(*ext);
+ safememcpy(&e, ext, sizeof(e));
+ printf(" n len=%d", ntohs(e.len) - 4);
+ if (2 < vflag && 4 < ntohs(e.len)) {
+ printf(" ");
+- rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
++ if (!rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4))
++ goto trunc;
+ }
+ return (u_char *)ext + ntohs(e.len);
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_NONCE));
++ return NULL;
+ }
+
+ static u_char *
+@@ -904,6 +984,7 @@
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_N));
+
+ p = (struct isakmp_pl_n *)ext;
++ TCHECK(*p);
+ safememcpy(&n, ext, sizeof(n));
+ doi = ntohl(n.doi);
+ proto = n.prot_id;
+@@ -913,7 +994,8 @@
+ printf(" type=%s", NOTIFYSTR(ntohs(n.type)));
+ if (n.spi_size) {
+ printf(" spi=");
+- rawprint((caddr_t)(p + 1), n.spi_size);
++ if (!rawprint((caddr_t)(p + 1), n.spi_size))
++ goto trunc;
+ }
+ return (u_char *)(p + 1) + n.spi_size;
+ }
+@@ -932,7 +1014,8 @@
+ printf(" type=%s", NOTIFYSTR(ntohs(n.type)));
+ if (n.spi_size) {
+ printf(" spi=");
+- rawprint((caddr_t)(p + 1), n.spi_size);
++ if (!rawprint((caddr_t)(p + 1), n.spi_size))
++ goto trunc;
+ }
+
+ cp = (u_char *)(p + 1) + n.spi_size;
+@@ -969,6 +1052,9 @@
+ printf(")");
+ }
+ return (u_char *)ext + ntohs(n.h.len);
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_N));
++ return NULL;
+ }
+
+ static u_char *
+@@ -984,6 +1070,7 @@
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_D));
+
+ p = (struct isakmp_pl_d *)ext;
++ TCHECK(*p);
+ safememcpy(&d, ext, sizeof(d));
+ doi = ntohl(d.doi);
+ proto = d.prot_id;
+@@ -1001,10 +1088,14 @@
+ for (i = 0; i < ntohs(d.num_spi); i++) {
+ if (i != 0)
+ printf(",");
+- rawprint((caddr_t)q, d.spi_size);
++ if (!rawprint((caddr_t)q, d.spi_size))
++ goto trunc;
+ q += d.spi_size;
+ }
+ return q;
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_D));
++ return NULL;
+ }
+
+ static u_char *
+@@ -1015,13 +1106,18 @@
+
+ printf("%s:", NPSTR(ISAKMP_NPTYPE_VID));
+
++ TCHECK(*ext);
+ safememcpy(&e, ext, sizeof(e));
+ printf(" len=%d", ntohs(e.len) - 4);
+ if (2 < vflag && 4 < ntohs(e.len)) {
+ printf(" ");
+- rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4);
++ if (!rawprint((caddr_t)(ext + 1), ntohs(e.len) - 4))
++ goto trunc;
+ }
+ return (u_char *)ext + ntohs(e.len);
++trunc:
++ printf(" [|%s]", NPSTR(ISAKMP_NPTYPE_VID));
++ return NULL;
+ }
+
+ static u_char *
+@@ -1033,6 +1129,7 @@
+ u_int item_len;
+
+ cp = (u_char *)ext;
++ TCHECK(*ext);
+ safememcpy(&e, ext, sizeof(e));
+
+ /*
+@@ -1056,6 +1153,9 @@
+ cp += item_len;
+ }
+ return cp;
++trunc:
++ printf(" [|isakmp]");
++ return NULL;
+ }
+
+ static u_char *
+@@ -1069,15 +1169,12 @@
+ cp = (u_char *)ext;
+
+ while (np) {
+- TCHECK2(*ext, sizeof(e));
++ TCHECK(*ext);
+
+ safememcpy(&e, ext, sizeof(e));
+
+- if (ep < (u_char *)ext + ntohs(e.len)) {
+- printf(" [|%s]", NPSTR(np));
+- cp = ep + 1;
+- break;
+- }
++ TCHECK2(*ext, ntohs(e.len));
++
+ depth++;
+ printf("\n");
+ for (i = 0; i < depth; i++)
+@@ -1097,6 +1194,7 @@
+ }
+ return cp;
+ trunc:
++ printf(" [|%s]", NPSTR(np));
+ return NULL;
+ }
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/tcpdump/tcpdump.spec
============================================================================
$ cvs diff -u -r1.25.2.3.2.2 -r1.25.2.3.2.3 tcpdump.spec
--- openpkg-src/tcpdump/tcpdump.spec 16 Jan 2004 12:38:59 -0000 1.25.2.3.2.2
+++ openpkg-src/tcpdump/tcpdump.spec 7 Apr 2004 15:44:02 -0000 1.25.2.3.2.3
@@ -33,7 +33,7 @@
Group: Network
License: GPL
Version: 3.7.2
-Release: 1.3.1
+Release: 1.3.2
# list of sources
Source0: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
