wok-next view ettercap/stuff/patches/CVE-2017-8366.patch @ rev 21469

updated tinc (1.0.25 -> 1.0.36)
author Hans-G?nter Theisgen
date Wed May 13 07:41:00 2020 +0100 (2020-05-13)
parents
children
line source
1 From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001
2 From: Alexander Koeppe <format_c@online.de>
3 Date: Thu, 1 Jun 2017 08:56:23 +0200
4 Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type
5
6 ---
7 CMakeLists.txt | 2 +-
8 1 file changed, 1 insertion(+), 1 deletion(-)
9
10 diff --git a/CMakeLists.txt b/CMakeLists.txt
11 index 90050590f..8e823669c 100644
12 --- a/CMakeLists.txt
13 +++ b/CMakeLists.txt
14 @@ -126,7 +126,7 @@ if(NOT DISABLE_RPATH)
15 set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
16 set(CMAKE_MACOSX_RPATH 1)
17 endif(NOT DISABLE_RPATH)
18 -set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
19 +set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
20 set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
21
22 if(OS_DARWIN)
23
24 From 044051d302da73e16b0577eb797cd42affba27e5 Mon Sep 17 00:00:00 2001
25 From: Alexander Koeppe <format_c@online.de>
26 Date: Thu, 1 Jun 2017 08:56:57 +0200
27 Subject: [PATCH 2/4] fix buffer over- / underflow conditions
28
29 ---
30 include/ec_strings.h | 2 +-
31 src/ec_strings.c | 25 +++++++++++++++----------
32 2 files changed, 16 insertions(+), 11 deletions(-)
33
34 diff --git a/include/ec_strings.h b/include/ec_strings.h
35 index f791739da..9ad245ef3 100644
36 --- a/include/ec_strings.h
37 +++ b/include/ec_strings.h
38 @@ -43,7 +43,7 @@
39
40 EC_API_EXTERN int match_pattern(const char *s, const char *pattern);
41 EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded);
42 -EC_API_EXTERN int strescape(char *dst, char *src);
43 +EC_API_EXTERN int strescape(char *dst, char *src, size_t len);
44 EC_API_EXTERN int str_replace(char **text, const char *s, const char *d);
45 EC_API_EXTERN size_t strlen_utf8(const char *s);
46 EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr);
47 diff --git a/src/ec_strings.c b/src/ec_strings.c
48 index 53583851a..21b71926c 100644
49 --- a/src/ec_strings.c
50 +++ b/src/ec_strings.c
51 @@ -167,13 +167,14 @@ static int hextoint(int c)
52 /*
53 * convert the escaped string into a binary one
54 */
55 -int strescape(char *dst, char *src)
56 +int strescape(char *dst, char *src, size_t len)
57 {
58 char *olddst = dst;
59 + char *oldsrc = src;
60 int c;
61 int val;
62
63 - while ((c = *src++) != '\0') {
64 + while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) {
65 if (c == '\\') {
66 switch ((c = *src++)) {
67 case '\0':
68 @@ -218,9 +219,11 @@ int strescape(char *dst, char *src)
69 if (c >= '0' && c <= '7')
70 val = (val << 3) | (c - '0');
71 else
72 - --src;
73 + if (src > oldsrc) /* protect against buffer underflow */
74 + --src;
75 } else
76 - --src;
77 + if (src > oldsrc) /* protect against buffer underflow */
78 + --src;
79 *dst++ = (char) val;
80 break;
81
82 @@ -232,15 +235,17 @@ int strescape(char *dst, char *src)
83 c = hextoint(*src++);
84 if (c >= 0)
85 val = (val << 4) + c;
86 - else
87 - --src;
88 - } else
89 - --src;
90 + else if (src > oldsrc) /* protect against buffer underflow */
91 + --src;
92 + } else if (src > oldsrc) /* protect against buffer underflow */
93 + --src;
94 *dst++ = (char) val;
95 break;
96 }
97 - } else if (c == 8 || c == 263) /* the backspace */
98 - dst--;
99 + } else if (c == 8 || c == 263) { /* the backspace */
100 + if (dst > oldsrc) /* protect against buffer underflow */
101 + dst--;
102 + }
103 else
104 *dst++ = (char) c;
105 }
106
107 From 19706cf53b189fbc996791cdb4b0d9a1f0feae5f Mon Sep 17 00:00:00 2001
108 From: Alexander Koeppe <format_c@online.de>
109 Date: Thu, 1 Jun 2017 08:57:54 +0200
110 Subject: [PATCH 3/4] adapt calls of strescape() adding strlen
111
112 ---
113 src/ec_encryption.c | 2 +-
114 src/interfaces/curses/ec_curses_view_connections.c | 2 +-
115 src/interfaces/gtk/ec_gtk_view_connections.c | 2 +-
116 utils/etterfilter/ef_encode.c | 18 ++++++++++++------
117 4 files changed, 15 insertions(+), 9 deletions(-)
118
119 diff --git a/src/ec_encryption.c b/src/ec_encryption.c
120 index 6c02529c1..3d5056030 100644
121 --- a/src/ec_encryption.c
122 +++ b/src/ec_encryption.c
123 @@ -218,7 +218,7 @@ int set_wep_key(char *string)
124
125 if (type == 's') {
126 /* escape the string and check its length */
127 - if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len)
128 + if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len)
129 SEMIFATAL_ERROR("Specified WEP key length does not match the given string");
130 } else if (type == 'p') {
131 /* create the key from the passphrase */
132 diff --git a/src/interfaces/curses/ec_curses_view_connections.c b/src/interfaces/curses/ec_curses_view_connections.c
133 index fb52331cf..011c0edf7 100644
134 --- a/src/interfaces/curses/ec_curses_view_connections.c
135 +++ b/src/interfaces/curses/ec_curses_view_connections.c
136 @@ -614,7 +614,7 @@ static void inject_user(void)
137 size_t len;
138
139 /* escape the sequnces in the buffer */
140 - len = strescape((char*)injectbuf, (char*)injectbuf);
141 + len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1);
142
143 /* check where to inject */
144 if (wdg_c1->flags & WDG_OBJ_FOCUSED) {
145 diff --git a/src/interfaces/gtk/ec_gtk_view_connections.c b/src/interfaces/gtk/ec_gtk_view_connections.c
146 index fa7dfdc58..b55e1755a 100644
147 --- a/src/interfaces/gtk/ec_gtk_view_connections.c
148 +++ b/src/interfaces/gtk/ec_gtk_view_connections.c
149 @@ -1627,7 +1627,7 @@ static void gtkui_inject_user(int side)
150 size_t len;
151
152 /* escape the sequnces in the buffer */
153 - len = strescape(injectbuf, injectbuf);
154 + len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1);
155
156 /* check where to inject */
157 if (side == 1 || side == 2) {
158 diff --git a/utils/etterfilter/ef_encode.c b/utils/etterfilter/ef_encode.c
159 index d4b9110cd..7e359e062 100644
160 --- a/utils/etterfilter/ef_encode.c
161 +++ b/utils/etterfilter/ef_encode.c
162 @@ -136,7 +136,8 @@ int encode_const(char *string, struct filter_op *fop)
163 fop->op.test.string = (u_char*)strdup(string + 1);
164
165 /* escape it in the structure */
166 - fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string);
167 + fop->op.test.slen = strescape((char*)fop->op.test.string,
168 + (char*)fop->op.test.string, strlen(fop->op.test.string)+1);
169
170 return E_SUCCESS;
171
172 @@ -184,7 +185,8 @@ int encode_function(char *string, struct filter_op *fop)
173 fop->opcode = FOP_FUNC;
174 fop->op.func.op = FFUNC_SEARCH;
175 fop->op.func.string = (u_char*)strdup(dec_args[1]);
176 - fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
177 + fop->op.func.slen = strescape((char*)fop->op.func.string,
178 + (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
179 ret = E_SUCCESS;
180 } else
181 SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
182 @@ -202,7 +204,8 @@ int encode_function(char *string, struct filter_op *fop)
183 fop->opcode = FOP_FUNC;
184 fop->op.func.op = FFUNC_REGEX;
185 fop->op.func.string = (u_char*)strdup(dec_args[1]);
186 - fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
187 + fop->op.func.slen = strescape((char*)fop->op.func.string,
188 + (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
189 ret = E_SUCCESS;
190 } else
191 SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
192 @@ -272,9 +275,11 @@ int encode_function(char *string, struct filter_op *fop)
193 /* replace always operate at DATA level */
194 fop->op.func.level = 5;
195 fop->op.func.string = (u_char*)strdup(dec_args[0]);
196 - fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
197 + fop->op.func.slen = strescape((char*)fop->op.func.string,
198 + (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
199 fop->op.func.replace = (u_char*)strdup(dec_args[1]);
200 - fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace);
201 + fop->op.func.rlen = strescape((char*)fop->op.func.replace,
202 + (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1);
203 ret = E_SUCCESS;
204 } else
205 SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
206 @@ -328,7 +333,8 @@ int encode_function(char *string, struct filter_op *fop)
207 if (nargs == 1) {
208 fop->op.func.op = FFUNC_MSG;
209 fop->op.func.string = (u_char*)strdup(dec_args[0]);
210 - fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
211 + fop->op.func.slen = strescape((char*)fop->op.func.string,
212 + (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
213 ret = E_SUCCESS;
214 } else
215 SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
216
217 From b005d55d4eae444c5be14eb792b50657a14c7b1d Mon Sep 17 00:00:00 2001
218 From: Alexander Koeppe <format_c@online.de>
219 Date: Sun, 4 Jun 2017 08:09:04 +0200
220 Subject: [PATCH 4/4] Only add ASAN flags depeding on compiler version
221
222 ---
223 CMakeLists.txt | 22 +++++++++++++++++++++-
224 1 file changed, 21 insertions(+), 1 deletion(-)
225
226 diff --git a/CMakeLists.txt b/CMakeLists.txt
227 index 8e823669c..8f7c7c368 100644
228 --- a/CMakeLists.txt
229 +++ b/CMakeLists.txt
230 @@ -126,7 +126,27 @@ if(NOT DISABLE_RPATH)
231 set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
232 set(CMAKE_MACOSX_RPATH 1)
233 endif(NOT DISABLE_RPATH)
234 -set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
235 +
236 +# set general build flags for debug build-type
237 +set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
238 +# append ASAN build flags if compiler version has support
239 +if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
240 + if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
241 + set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
242 + message("Building with ASAN support (GNU compiler)")
243 + else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
244 + message("Building without ASAN support (GNU compiler)")
245 + endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
246 +elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
247 + if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
248 + set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
249 + message("Building with ASAN support (Clang compiler)")
250 + elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
251 + message("Building without ASAN support (Clang compiler)")
252 + endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
253 +endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
254 +
255 +# set build flags for release build-type
256 set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
257
258 if(OS_DARWIN)