rpms/hunt/devel hunt-1.5-signness.patch, NONE, 1.1 hunt-1.5-listlen.patch, NONE, 1.1 hunt-1.5-cleanup.patch, NONE, 1.1 hunt-1.5-badcmp.patch, NONE, 1.1 hunt-1.5-arridx.patch, NONE, 1.1 hunt.spec, 1.4, 1.5
Enrico Scholz (ensc)
fedora-extras-commits at redhat.com
Thu Mar 3 13:44:46 UTC 2005
Author: ensc
Update of /cvs/extras/rpms/hunt/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3018
Modified Files:
hunt.spec
Added Files:
hunt-1.5-signness.patch hunt-1.5-listlen.patch
hunt-1.5-cleanup.patch hunt-1.5-badcmp.patch
hunt-1.5-arridx.patch
Log Message:
- fixed out-of-range array subscript (BZ #149777)
- fixed lots of warnings regarding different signedness
- fixed some minor compilation warnings
- fixed bad handling of hosts-lists when start-host > end-host
hunt-1.5-signness.patch:
--- NEW FILE hunt-1.5-signness.patch ---
--- hunt-1.5/addpolicy.c.signness 1999-02-13 13:23:15.000000000 +0100
+++ hunt-1.5/addpolicy.c 2005-03-03 14:36:18.000000000 +0100
@@ -105,7 +105,7 @@ void addpolicy_add_item(void)
struct add_policy_info *api;
unsigned int src_ip, dst_ip;
unsigned int src_mask, dst_mask;
- int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
+ unsigned int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
int nr;
@@ -138,7 +138,7 @@ void addpolicy_mod_item(void)
struct add_policy_info *api;
unsigned int src_ip, dst_ip;
unsigned int src_mask, dst_mask;
- int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
+ unsigned int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
int nr;
addpolicy_list_items();
--- hunt-1.5/arphijack.c.signness 1999-06-13 16:53:20.000000000 +0200
+++ hunt-1.5/arphijack.c 2005-03-03 14:36:18.000000000 +0100
@@ -23,8 +23,8 @@
*
*/
-int user_arp_hijack(struct user_conn_info *uci, char *src_fake_mac,
- char *dst_fake_mac, int input_mode)
+int user_arp_hijack(struct user_conn_info *uci, unsigned char *src_fake_mac,
+ unsigned char *dst_fake_mac, int input_mode)
{
struct conn_info *ci;
int retval;
@@ -44,7 +44,7 @@ int user_arp_hijack(struct user_conn_inf
*/
struct watch_tty_data {
- char *src_fake_mac;
+ unsigned char *src_fake_mac;
struct conn_info *ci;
int input_mode;
};
@@ -100,7 +100,7 @@ static struct arp_spoof_info *asi_src; /
static struct arp_spoof_info *asi_dst; /* dst in src host */
static struct arp_dont_relay *dont_relay;
-int arp_hijack(struct conn_info *ci, char *src_fake_mac, char *dst_fake_mac,
+int arp_hijack(struct conn_info *ci, unsigned char *src_fake_mac, unsigned char *dst_fake_mac,
int input_mode)
{
struct iphdr *iph;
@@ -253,12 +253,12 @@ int arp_hijack(struct conn_info *ci, cha
}
-void user_arp_hijack_done(char *src_fake_mac, char *dst_fake_mac)
+void user_arp_hijack_done(unsigned char *src_fake_mac, unsigned char *dst_fake_mac)
{
arp_hijack_done(src_fake_mac, dst_fake_mac);
}
-void arp_hijack_done(char *src_fake_mac, char *dst_fake_mac)
+void arp_hijack_done(unsigned char *src_fake_mac, unsigned char *dst_fake_mac)
{
arp_dont_relay_remove(dont_relay);
if (asi_src && src_fake_mac) {
--- hunt-1.5/arpspoof.c.signness 2000-05-26 13:29:29.000000000 +0200
+++ hunt-1.5/arpspoof.c 2005-03-03 14:36:18.000000000 +0100
@@ -22,7 +22,7 @@ struct arp_spoof_range {
unsigned int dst_start_addr;
unsigned int dst_end_addr;
unsigned int src_addr;
- char src_fake_mac[ETH_ALEN];
+ unsigned char src_fake_mac[ETH_ALEN];
int refresh;
int can_forward;
struct arp_spoof_range *next;
@@ -395,7 +395,7 @@ static void asi_wait_for_release(struct
struct arp_spoof_info *start_arp_spoof(unsigned int src_addr,
unsigned int dst_addr,
- char *src_mac, char *dst_mac, char *src_fake_mac,
+ unsigned char *src_mac, unsigned char *dst_mac, unsigned char *src_fake_mac,
int refresh, int can_forward, int in_range)
{
struct arp_spoof_info *asi, *tmp;
--- hunt-1.5/hostup.c.signness 1999-06-03 12:10:35.000000000 +0200
+++ hunt-1.5/hostup.c 2005-03-03 14:36:18.000000000 +0100
@@ -118,7 +118,7 @@ static void perform_ping(struct host_up_
printf("\n");
}
-static void send_arp_message(unsigned int ip, char *dst_mac)
+static void send_arp_message(unsigned int ip, unsigned char *dst_mac)
{
struct arp_spec as;
@@ -226,7 +226,8 @@ void host_up(void)
struct host_up_info *hui;
struct timespec ts;
unsigned int len;
- unsigned char buf_mac[BUFSIZE], fake_mac[ETH_ALEN];
+ char buf_mac[BUFSIZE];
+ unsigned char fake_mac[ETH_ALEN];
if ((start_ip = menu_choose_hostname("start ip addr", host_lookup(start_ip_def, HL_MODE_NR))) == -1)
return;
--- hunt-1.5/hunt.c.signness 2000-05-26 15:56:35.000000000 +0200
+++ hunt-1.5/hunt.c 2005-03-03 14:36:18.000000000 +0100
@@ -644,7 +644,7 @@ static inline void fast_tcp_process(stru
list_unlock(&l_ifunc_fast_tcp);
}
-static void mac_table_update(unsigned int ip, char *mac)
+static void mac_table_update(unsigned int ip, unsigned char *mac)
{
struct mac_info *mi;
@@ -685,7 +685,7 @@ void mac_info_release(struct mac_info *m
static void mac_arp_learn(struct packet *p)
{
unsigned int ip;
- char *mac;
+ unsigned char *mac;
struct arpeth_hdr *arpethh;
arpethh = (struct arpeth_hdr *)(p->p_arph + 1);
@@ -704,7 +704,7 @@ static void mac_arp_learn(struct packet
static void mac_ip_learn(struct packet *p)
{
unsigned int ip;
- char *mac;
+ unsigned char *mac;
ip = p->p_iph->saddr;
mac = p->p_ethh->h_source;
--- hunt-1.5/hunt.h.signness 2005-03-03 14:36:18.000000000 +0100
+++ hunt-1.5/hunt.h 2005-03-03 14:36:32.000000000 +0100
@@ -235,7 +235,7 @@ struct arpeth_hdr {
};
struct mac_info {
- char mac[ETH_ALEN];
+ unsigned char mac[ETH_ALEN];
pthread_mutex_t mutex;
};
@@ -355,7 +355,7 @@ int menu_choose_string(char *label, char
int menu(char *head, char *str_menu, char *label, char *opt, char dfl);
void press_key(char *label);
unsigned int menu_choose_hostname(char *label, char *dfl);
-int menu_choose_ports(char *label, int *ret_ports, char *dfl);
+int menu_choose_ports(char *label, unsigned int *ret_ports, char *dfl);
int menu_choose_mac(char *label, unsigned char *mac_ret, char *dfl);
int menu_choose_sdb(char *label, char dfl);
@@ -363,7 +363,7 @@ int menu_choose_host_mask_ports(char *la
unsigned int *ret_mask, unsigned int *ret_ports, char *dfl);
int menu_choose_host_mask_ports_dfl(char *label, unsigned int *ret_ip,
unsigned int *ret_mask, unsigned int *ret_ports,
- unsigned int dfl_ip, unsigned int dfl_mask, int *dfl_ports);
+ unsigned int dfl_ip, unsigned int dfl_mask, unsigned int *dfl_ports);
void clear_new_conn_ind(void);
void print_new_conn_ind(int add_new);
@@ -415,9 +415,9 @@ int print_eth_mac(unsigned char *mac);
int sprintf_eth_mac(char *b, unsigned char *mac);
int tap(char *device, int promisc_mode);
int rawsock(void);
-int get_ifc_info(char *ifc_name, unsigned int *ip, char *mac);
+int get_ifc_info(char *ifc_name, unsigned int *ip, unsigned char *mac);
-int port_match(int port, unsigned int *db_ports);
+int port_match(unsigned int port, unsigned int *db_ports);
void port_htons(unsigned int *db_ports);
extern unsigned char __suggest_mac[ETH_ALEN];
@@ -493,11 +493,11 @@ void func_hijack_src(struct packet *p, s
#define INPUT_MODE_RAW 0
#define INPUT_MODE_LINEECHOR 1
#define INPUT_MODE_LINEECHO 2
-int user_arp_hijack(struct user_conn_info *uci, char *src_fake_mac,
- char *dst_fake_mac, int input_mode);
-void user_arp_hijack_done(char *src_fake_mac, char *dst_fake_mac);
-int arp_hijack(struct conn_info *ci, char *src_fake_mac, char *dst_fake_mac, int input_mode);
-void arp_hijack_done(char *src_fake_mac, char *dst_fake_mac);
+int user_arp_hijack(struct user_conn_info *uci, unsigned char *src_fake_mac,
+ unsigned char *dst_fake_mac, int input_mode);
+void user_arp_hijack_done(unsigned char *src_fake_mac, unsigned char *dst_fake_mac);
+int arp_hijack(struct conn_info *ci, unsigned char *src_fake_mac, unsigned char *dst_fake_mac, int input_mode);
+void arp_hijack_done(unsigned char *src_fake_mac, unsigned char *dst_fake_mac);
/*
* synchijack
@@ -512,7 +512,7 @@ extern unsigned char mac_broadcast[ETH_A
extern unsigned char mac_zero[ETH_ALEN];
struct arp_spoof_info *start_arp_spoof(unsigned int src_addr,
unsigned int dst_addr,
- char *src_mac, char *dst_mac, char *src_fake_mac,
+ unsigned char *src_mac, unsigned char *dst_mac, unsigned char *src_fake_mac,
int refresh, int can_forward, int in_range);
struct arp_spoof_info *get_arp_spoof(unsigned int src_addr, unsigned int dst_addr);
void stop_arp_spoof(struct arp_spoof_info *asi);
@@ -650,8 +650,8 @@ struct tcp_spec {
unsigned long daddr;
unsigned short sport;
unsigned short dport;
- char *src_mac;
- char *dst_mac;
+ unsigned char *src_mac;
+ unsigned char *dst_mac;
unsigned long seq;
unsigned long ack_seq;
unsigned short window;
@@ -669,8 +669,8 @@ int send_tcp_packet(struct tcp_spec *ts)
struct icmp_spec {
unsigned int src_addr;
unsigned int dst_addr;
- char *src_mac;
- char *dst_mac;
+ unsigned char *src_mac;
+ unsigned char *dst_mac;
short type;
short code;
@@ -688,19 +688,19 @@ struct icmp_spec {
int send_icmp_packet(struct icmp_spec *is);
void send_icmp_request(unsigned int src_addr, unsigned int dst_addr,
- char *src_mac, char *dst_mac, unsigned short seq);
+ unsigned char *src_mac, unsigned char *dst_mac, unsigned short seq);
int is_icmp_reply(struct packet *p, unsigned int src_addr, unsigned int dst_addr,
- char *src_mac, char *dst_mac);
+ unsigned char *src_mac, unsigned char *dst_mac);
struct arp_spec {
- char *src_mac;
- char *dst_mac;
+ unsigned char *src_mac;
+ unsigned char *dst_mac;
int oper;
- char *sender_mac;
+ unsigned char *sender_mac;
unsigned long sender_addr;
- char *target_mac;
+ unsigned char *target_mac;
unsigned long target_addr;
};
--- hunt-1.5/menu.c.signness 1999-06-06 18:04:00.000000000 +0200
+++ hunt-1.5/menu.c 2005-03-03 14:36:18.000000000 +0100
@@ -170,7 +170,7 @@ unsigned int parse_hostname(char *buf)
}
}
-int parse_mac(char *buf, char *mac_ret)
+int parse_mac(char *buf, unsigned char *mac_ret)
{
unsigned char mac[ETH_ALEN];
char *p, *tmp, *buf_p;
@@ -271,7 +271,7 @@ unsigned int menu_choose_hostname(char *
}
-int menu_choose_ports(char *label, int *ret_ports, char *dfl)
+int menu_choose_ports(char *label, unsigned int *ret_ports, char *dfl)
{
char buf[BUFSIZE];
@@ -336,7 +336,7 @@ int menu_choose_host_mask_ports(char *la
int menu_choose_host_mask_ports_dfl(char *label, unsigned int *ret_ip,
unsigned int *ret_mask, unsigned int *ret_ports,
- unsigned int dfl_ip, unsigned int dfl_mask, int *dfl_ports)
+ unsigned int dfl_ip, unsigned int dfl_mask, unsigned int *dfl_ports)
{
char dfl[256], *buf_p;
--- hunt-1.5/net.c.signness 1999-06-08 14:18:42.000000000 +0200
+++ hunt-1.5/net.c 2005-03-03 14:36:18.000000000 +0100
@@ -162,7 +162,7 @@ int send_icmp_packet(struct icmp_spec *i
}
void send_icmp_request(unsigned int src_addr, unsigned int dst_addr,
- char *src_mac, char *dst_mac, unsigned short seq)
+ unsigned char *src_mac, unsigned char *dst_mac, unsigned short seq)
{
struct icmp_spec icmp;
@@ -181,7 +181,7 @@ void send_icmp_request(unsigned int src_
}
int is_icmp_reply(struct packet *p, unsigned int src_addr, unsigned int dst_addr,
- char *src_mac, char *dst_mac)
+ unsigned char *src_mac, unsigned char *dst_mac)
{
struct iphdr *iph = p->p_iph;
struct icmphdr *icmph = p->p_hdr.p_icmph;
--- hunt-1.5/pktrelay.c.signness 1999-11-12 11:09:18.000000000 +0100
+++ hunt-1.5/pktrelay.c 2005-03-03 14:36:18.000000000 +0100
@@ -259,9 +259,9 @@ static void relay_add_item(void)
struct relay_item *ri;
unsigned int src_ip, dst_ip;
unsigned int src_mask, dst_mask;
- int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
+ unsigned int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
char name_buf[128], name_buf2[256];
- char ethtap_mac[ETH_ALEN];
+ unsigned char ethtap_mac[ETH_ALEN];
int flags_c;
int nr, ethtap_fd;
@@ -318,7 +318,7 @@ static void relay_mod_item(void)
struct relay_item *ri;
unsigned int src_ip, dst_ip;
unsigned int src_mask, dst_mask;
- int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
+ unsigned int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
char name_buf[128], name_buf2[256];
int nr;
char flags_dfl;
--- hunt-1.5/rstd.c.signness 1999-07-13 09:22:57.000000000 +0200
+++ hunt-1.5/rstd.c 2005-03-03 14:36:18.000000000 +0100
@@ -256,7 +256,7 @@ static void rst_add_item(void)
struct rst_db_item *dbi;
unsigned int src_ip, dst_ip;
unsigned int src_mask, dst_mask;
- int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
+ unsigned int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
int mode, syn_mode;
int nr;
@@ -301,7 +301,7 @@ static void rst_mod_item(void)
struct rst_db_item *dbi;
unsigned int src_ip, dst_ip;
unsigned int src_mask, dst_mask;
- int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
+ unsigned int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
int mode, syn_mode;
int nr;
--- hunt-1.5/sniff.c.signness 1999-04-02 13:58:48.000000000 +0200
+++ hunt-1.5/sniff.c 2005-03-03 14:36:18.000000000 +0100
@@ -42,8 +42,8 @@ struct sniff_info {
unsigned int dst_addr;
int src_mask;
int dst_mask;
- int src_ports[MAX_PORTS + 1];
- int dst_ports[MAX_PORTS + 1];
+ unsigned int src_ports[MAX_PORTS + 1];
+ unsigned int dst_ports[MAX_PORTS + 1];
int srch_mode;
char *search;
@@ -653,8 +653,8 @@ static void sniff_add_item(void)
char file_name[BUFSIZE], file_name_buf[BUFSIZE];
struct sniff_info *si;
unsigned int src_ip, dst_ip;
- int src_mask, dst_mask;
- int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
+ unsigned int src_mask, dst_mask;
+ unsigned int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
int srch_mode, len;
int log_mode, log_bytes;
int nr;
@@ -732,8 +732,8 @@ static void sniff_mod_item(void)
struct sniff_info *si;
struct sniff_log *slog;
unsigned int src_ip, dst_ip;
- int src_mask, dst_mask;
- int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
+ unsigned int src_mask, dst_mask;
+ unsigned int src_ports[MAX_PORTS + 1], dst_ports[MAX_PORTS + 1];
int srch_mode, len;
int log_mode, log_bytes;
int nr;
--- hunt-1.5/tap.c.signness 1999-09-23 13:55:38.000000000 +0200
+++ hunt-1.5/tap.c 2005-03-03 14:36:18.000000000 +0100
@@ -107,7 +107,7 @@ int tap(char *device, int promisc_mode)
}
}
-int get_ifc_info(char *ifc_name, unsigned int *ip, char *mac)
+int get_ifc_info(char *ifc_name, unsigned int *ip, unsigned char *mac)
{
int fd;
struct ifreq ifr;
--- hunt-1.5/util.c.signness 2005-03-03 14:36:18.000000000 +0100
+++ hunt-1.5/util.c 2005-03-03 14:37:23.000000000 +0100
@@ -286,7 +286,7 @@ int sprintf_db_ports(unsigned int *ports
return buf - buf_orig;
}
-int port_match(int port, unsigned int *db_ports)
+int port_match(unsigned int port, unsigned int *db_ports)
{
int start, end;
int pass;
hunt-1.5-listlen.patch:
--- NEW FILE hunt-1.5-listlen.patch ---
2005-03-03 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>
* hostup.c: make the len of the host-list to be checked signed;
else the 'len < 0' check would be always false
--- hunt-1.5/hostup.c.listlen 2005-03-03 14:07:54.000000000 +0100
+++ hunt-1.5/hostup.c 2005-03-03 14:13:38.000000000 +0100
@@ -225,7 +225,7 @@ void host_up(void)
struct ifunc_item ifunc_arp;
struct host_up_info *hui;
struct timespec ts;
- unsigned int len;
+ int len;
char buf_mac[BUFSIZE];
unsigned char fake_mac[ETH_ALEN];
hunt-1.5-cleanup.patch:
--- NEW FILE hunt-1.5-cleanup.patch ---
2005-03-03 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>
* util.c, hunt.h: remove unused log2() function as it conflicts
with the built-in log2(3) one
* timer.c: include <stdlib.h> for declaration of exit(3)
--- hunt-1.5/util.c.cleanup 2000-05-30 15:02:27.000000000 +0200
+++ hunt-1.5/util.c 2005-03-03 13:35:26.000000000 +0100
@@ -70,23 +70,6 @@ int is_power2(unsigned int i)
return i ? 0 : 1;
}
-int log2(unsigned int i)
-{
- int l = 0;
-
- if (!i)
- return -1;
- while (!(i & 1)) {
- l++;
- i >>= 1;
- }
- i >>= 1;
- if (i)
- return 0;
- else
- return l;
-}
-
int count_mask(unsigned int mask)
{
int retval;
--- hunt-1.5/hunt.h.cleanup 2000-05-30 14:54:54.000000000 +0200
+++ hunt-1.5/hunt.h 2005-03-03 13:35:26.000000000 +0100
@@ -401,7 +401,6 @@ void set_tty_color(enum TTY_COLOR color)
void set_tty_color_bg(enum TTY_COLOR fg, enum TTY_COLOR bg);
int is_power2(unsigned int i);
-int log2(unsigned int i);
int count_mask(unsigned int mask);
--- hunt-1.5/timer.c.cleanup 1999-02-15 14:31:20.000000000 +0100
+++ hunt-1.5/timer.c 2005-03-03 13:36:16.000000000 +0100
@@ -8,6 +8,7 @@
*/
#include <stdio.h>
#include <unistd.h>
+#include <stdlib.h>
#include "hunt.h"
struct list timejob_list = LIST_INIT(struct timejob, j_next);
hunt-1.5-badcmp.patch:
--- NEW FILE hunt-1.5-badcmp.patch ---
2005-03-03 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>
* fixed various places where signed and unsigned variables are
compared; most if them cause compiler warnings also, bad
other might cause buffer overflows also
diff -ur hunt-1.5badcmp/arphijack.c hunt-1.5/arphijack.c
--- hunt-1.5badcmp/arphijack.c 2005-03-03 14:21:00.000000000 +0100
+++ hunt-1.5/arphijack.c 2005-03-03 14:27:29.000000000 +0100
@@ -57,7 +57,7 @@
if (wtd->input_mode == INPUT_MODE_RAW)
tty_raw(0, 1, 0);
- while ((nr = read(0, buf, sizeof(buf)))) {
+ while ((nr = read(0, buf, sizeof(buf)))>0) {
if (buf[0] == 29) /* ^] */
break;
if (wtd->input_mode == INPUT_MODE_LINEECHO ||
@@ -67,7 +67,7 @@
break;
if (wtd->input_mode == INPUT_MODE_LINEECHOR &&
- nr < sizeof(buf) && buf[nr - 1] == '\n') {
+ (size_t)nr < sizeof(buf) && buf[nr - 1] == '\n') {
buf[nr - 1] = '\r';
buf[nr++] = '\n';
}
diff -ur hunt-1.5badcmp/arpspoof.c hunt-1.5/arpspoof.c
--- hunt-1.5badcmp/arpspoof.c 2005-03-03 14:21:00.000000000 +0100
+++ hunt-1.5/arpspoof.c 2005-03-03 14:31:43.000000000 +0100
@@ -970,7 +970,7 @@
char buf[BUFSIZE];
int refresh, can_forward;
- if ((src_ip = menu_choose_hostname("host to spoof", NULL)) == -1)
+ if ((src_ip = menu_choose_hostname("host to spoof", NULL)) == (unsigned int)(-1))
return;
sprintf_eth_mac(buf, suggest_mac());
if (menu_choose_mac("fake mac", src_fake_mac, buf) < 0)
@@ -980,7 +980,7 @@
return;
} else
can_forward = 1;
- if ((dst_ip = menu_choose_hostname("target - where to insert the spoof", NULL)) == -1)
+ if ((dst_ip = menu_choose_hostname("target - where to insert the spoof", NULL)) == (unsigned int)(-1))
return;
if ((refresh = menu_choose_unr("refresh interval sec", 0, 100000, 0)) < 0)
return;
@@ -1024,7 +1024,7 @@
char buf[BUFSIZE];
int refresh, can_forward;
- if ((src_ip = menu_choose_hostname("host to spoof", NULL)) == -1)
+ if ((src_ip = menu_choose_hostname("host to spoof", NULL)) == (unsigned int)(-1))
return;
sprintf_eth_mac(buf, suggest_mac());
if (menu_choose_mac("fake mac", src_fake_mac, buf) < 0)
@@ -1034,9 +1034,9 @@
return;
} else
can_forward = 1;
- if ((dst_start_ip = menu_choose_hostname("start target where to insert the spoof", NULL)) == -1)
+ if ((dst_start_ip = menu_choose_hostname("start target where to insert the spoof", NULL)) == (unsigned int)(-1))
return;
- if ((dst_end_ip = menu_choose_hostname("end target where to insert the spoof", NULL)) == -1)
+ if ((dst_end_ip = menu_choose_hostname("end target where to insert the spoof", NULL)) == (unsigned int)(-1))
return;
if ((refresh = menu_choose_unr("refresh interval sec", 0, 100000, 0)) < 0)
return;
@@ -1120,7 +1120,7 @@
struct mac_info *mi_src, *mi_dst;
int refresh, src_can_forward, dst_can_forward;
- if ((src_ip = menu_choose_hostname("src/dst host1 to arp spoof", NULL)) == -1)
+ if ((src_ip = menu_choose_hostname("src/dst host1 to arp spoof", NULL)) == (unsigned int)(-1))
return;
sprintf_eth_mac(buf, suggest_mac());
if (menu_choose_mac("host1 fake mac", src_fake_mac, buf) < 0)
@@ -1130,7 +1130,7 @@
return;
} else
src_can_forward = 1;
- if ((dst_ip = menu_choose_hostname("src/dst host2 to arp spoof", NULL)) == -1)
+ if ((dst_ip = menu_choose_hostname("src/dst host2 to arp spoof", NULL)) == (unsigned int)(-1))
return;
sprintf_eth_mac(buf, suggest_mac());
if (menu_choose_mac("host2 fake mac", dst_fake_mac, buf) < 0)
@@ -1183,9 +1183,9 @@
i = menu_choose_unr("item nr. with src/dst or [cr]", 0,
arp_spoof_count() - 1, -1);
if (i < 0) {
- if ((ip1 = menu_choose_hostname("src/dst host1 to remove", NULL)) == -1)
+ if ((ip1 = menu_choose_hostname("src/dst host1 to remove", NULL)) == (unsigned int)(-1))
return;
- if ((ip2 = menu_choose_hostname("src/dst host2 to remove", NULL)) == -1)
+ if ((ip2 = menu_choose_hostname("src/dst host2 to remove", NULL)) == (unsigned int)(-1))
return;
} else {
asi = list_at(&l_arp_spoof, i);
@@ -1257,17 +1257,17 @@
if (range_test)
dst_addr = (unsigned int) -1;
else
- if ((dst_addr = menu_choose_hostname("host to test", NULL)) == -1)
+ if ((dst_addr = menu_choose_hostname("host to test", NULL)) == (unsigned int)(-1))
return;
for (i = 0; i < asr->asi_count; i++) {
- if (dst_addr == -1 && asr->asi[i]->dst_mac_valid)
+ if (dst_addr == (unsigned int)(-1) && asr->asi[i]->dst_mac_valid)
do_test_or_refresh(asr->asi[i]);
else if (asr->asi[i]->dst_addr == dst_addr) {
do_test_or_refresh(asr->asi[i]);
break;
}
}
- if (dst_addr != -1 && i >= asr->asi_count)
+ if (dst_addr != (unsigned int)(-1) && i >= asr->asi_count)
printf("host not found in range database\n");
}
diff -ur hunt-1.5badcmp/hostup.c hunt-1.5/hostup.c
--- hunt-1.5badcmp/hostup.c 2005-03-03 14:21:00.000000000 +0100
+++ hunt-1.5/hostup.c 2005-03-03 14:24:44.000000000 +0100
@@ -229,9 +229,9 @@
char buf_mac[BUFSIZE];
unsigned char fake_mac[ETH_ALEN];
- if ((start_ip = menu_choose_hostname("start ip addr", host_lookup(start_ip_def, HL_MODE_NR))) == -1)
+ if ((start_ip = menu_choose_hostname("start ip addr", host_lookup(start_ip_def, HL_MODE_NR))) == (unsigned int)(-1))
return;
- if ((end_ip = menu_choose_hostname("end ip addr", host_lookup(end_ip_def, HL_MODE_NR))) == -1)
+ if ((end_ip = menu_choose_hostname("end ip addr", host_lookup(end_ip_def, HL_MODE_NR))) == (unsigned int)(-1))
return;
if ((len = ntohl(end_ip) - ntohl(start_ip) + 1) < 0) {
printf("bad addresses\n");
diff -ur hunt-1.5badcmp/hunt.h hunt-1.5/hunt.h
--- hunt-1.5badcmp/hunt.h 2005-03-03 14:21:00.000000000 +0100
+++ hunt-1.5/hunt.h 2005-03-03 14:25:04.000000000 +0100
@@ -566,7 +566,7 @@
* macdisc
*/
void mac_discover(unsigned int ip, int count);
-void mac_discover_range(unsigned int start_ip, unsigned int end_ip, int count);
+void mac_discover_range(unsigned int start_ip, unsigned int end_ip, unsigned int count);
void mac_disc_menu(void);
void print_mac_daemon();
diff -ur hunt-1.5badcmp/macdisc.c hunt-1.5/macdisc.c
--- hunt-1.5badcmp/macdisc.c 1999-02-21 20:21:37.000000000 +0100
+++ hunt-1.5/macdisc.c 2005-03-03 14:24:44.000000000 +0100
@@ -14,7 +14,7 @@
#include <assert.h>
#include <errno.h>
-void mac_discover_range(unsigned int start_ip, unsigned int end_ip, int count)
+void mac_discover_range(unsigned int start_ip, unsigned int end_ip, unsigned int count)
{
unsigned int addr, j;
struct timespec ts;
@@ -184,9 +184,9 @@
struct mac_disc_info *mdi;
unsigned int start_ip, end_ip;
- if ((start_ip = menu_choose_hostname("start ip addr", NULL)) == -1)
+ if ((start_ip = menu_choose_hostname("start ip addr", NULL)) == (unsigned int)(-1))
return;
- if ((end_ip = menu_choose_hostname("end ip addr", NULL)) == -1)
+ if ((end_ip = menu_choose_hostname("end ip addr", NULL)) == (unsigned int)(-1))
return;
mdi = malloc(sizeof(struct mac_disc_info));
assert(mdi);
@@ -207,9 +207,9 @@
if (!(mdi = list_at(&l_mdi, nr)))
return;
- if ((start_ip = menu_choose_hostname("start ip addr", host_lookup(mdi->start_addr, hl_mode))) == -1)
+ if ((start_ip = menu_choose_hostname("start ip addr", host_lookup(mdi->start_addr, hl_mode))) == (unsigned int)(-1))
return;
- if ((end_ip = menu_choose_hostname("end ip addr", host_lookup(mdi->end_addr, hl_mode))) == -1)
+ if ((end_ip = menu_choose_hostname("end ip addr", host_lookup(mdi->end_addr, hl_mode))) == (unsigned int)(-1))
return;
mdi->start_addr = start_ip;
mdi->end_addr = end_ip;
diff -ur hunt-1.5badcmp/main.c hunt-1.5/main.c
--- hunt-1.5badcmp/main.c 2000-05-26 16:06:39.000000000 +0200
+++ hunt-1.5/main.c 2005-03-03 14:31:19.000000000 +0100
@@ -145,7 +145,7 @@
* packet from source
*/
if (!dst_packet && p->p_data_len && !same_chars) {
- pbuf_len = p->p_data_len < sizeof(pbuf) ? p->p_data_len : sizeof(pbuf);
+ pbuf_len = ((size_t)(p->p_data_len) < sizeof(pbuf)) ? (size_t)p->p_data_len : sizeof(pbuf);
memcpy(pbuf, p->p_data, pbuf_len);
} else
pbuf_len = 0;
diff -ur hunt-1.5badcmp/menu.c hunt-1.5/menu.c
--- hunt-1.5badcmp/menu.c 2005-03-03 14:21:00.000000000 +0100
+++ hunt-1.5/menu.c 2005-03-03 14:24:44.000000000 +0100
@@ -264,7 +264,7 @@
while (1) {
if (menu_prompt(label, buf, sizeof(buf), dfl) < 0)
return -1;
- if ((ip = parse_hostname(buf)) != -1)
+ if ((ip = parse_hostname(buf)) != (unsigned int)(-1))
break;
}
return ip;
@@ -302,7 +302,7 @@
if (!(host_name = strtok(buf, " /\t\n")))
continue;
- if ((ip = parse_hostname(host_name)) == -1)
+ if ((ip = parse_hostname(host_name)) == (unsigned int)(-1))
continue;
if (with_mask) {
if (!(mask_str = strtok(NULL, " \t\n")))
diff -ur hunt-1.5badcmp/resolv.c hunt-1.5/resolv.c
--- hunt-1.5badcmp/resolv.c 1999-02-14 13:59:13.000000000 +0100
+++ hunt-1.5/resolv.c 2005-03-03 14:30:37.000000000 +0100
@@ -411,10 +411,10 @@
char *host_lookup(unsigned int in, int use_mode)
{
static char hostname_buf[BUFSIZE] = {0};
- static int hostname_idx = 0;
+ static unsigned int hostname_idx = 0;
struct in_addr addr;
char *name, *retval;
- int len;
+ size_t len;
struct hostent *host_ent;
struct resolv_item *r;
@@ -495,10 +495,10 @@
char *port_lookup(unsigned short serv, int use_mode)
{
static char servname_buf[BUFSIZE] = {0};
- static int servname_idx = 0;
+ static unsigned int servname_idx = 0;
char name_buf[64];
char *name, *retval;
- int len;
+ size_t len;
struct servent *serv_ent;
if (serv == 0)
diff -ur hunt-1.5badcmp/synchijack.c hunt-1.5/synchijack.c
--- hunt-1.5badcmp/synchijack.c 1999-02-21 21:04:36.000000000 +0100
+++ hunt-1.5/synchijack.c 2005-03-03 14:30:37.000000000 +0100
@@ -197,7 +197,7 @@
{
struct tcp_spec ts;
char buf[1400];
- int len;
+ unsigned int len;
/*
* well - after sending something we get usualy ack storm
@@ -257,7 +257,7 @@
memset(buf, ' ', len);
#else
len = need_write;
- if (len > sizeof(buf)) {
+ if ((size_t)len > sizeof(buf)) {
len = sizeof(buf);
memset(buf, ' ', len);
} else {
@@ -377,7 +377,7 @@
print_data_packet(p, p->p_data_len, 0, 0);
if (last_read_ack == p->p_hdr.p_tcph->ack_seq && p->p_data_len) {
len = p->p_data_len;
- if (len > sizeof(buf))
+ if ((size_t)len > sizeof(buf))
len = sizeof(buf);
memcpy(buf, p->p_data, len);
w_data = buf;
hunt-1.5-arridx.patch:
--- NEW FILE hunt-1.5-arridx.patch ---
2005-03-03 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>
* c/hash.c: fixed out-of-range array subscript; reported in
https://bugzilla.redhat.com/beta/show_bug.cgi?id=149777
--- hunt-1.5/c/hash.c.arridx 2000-02-16 10:26:14.000000000 +0100
+++ hunt-1.5/c/hash.c 2005-03-03 13:26:09.000000000 +0100
@@ -26,7 +26,7 @@ static int __chose_table_size(int size)
int i;
if (size >= ht_size[sizeof(ht_size) / sizeof(ht_size[0]) - 1])
- return ht_size[sizeof(ht_size) / sizeof(ht_size[0])];
+ return ht_size[sizeof(ht_size) / sizeof(ht_size[0]) - 1];
for (i = 0; ht_size[i] < size; i++)
;
return ht_size[i];
Index: hunt.spec
===================================================================
RCS file: /cvs/extras/rpms/hunt/devel/hunt.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- hunt.spec 10 Dec 2004 22:03:03 -0000 1.4
+++ hunt.spec 3 Mar 2005 13:44:44 -0000 1.5
@@ -1,11 +1,20 @@
+## $Id$
+
+%{!?release_func:%define release_func() %1%{?disttag}}
+
Summary: A tool for demonstrating well known weaknesses in the TCP/IP protocol suite.
Name: hunt
Version: 1.5
-Release: 2
+Release: %release_func 3
Epoch: 0
License: GPL
Group: Applications/Internet
Source: http://lin.fsid.cvut.cz/~kra/hunt/%{name}-%{version}.tgz
+Patch0: hunt-1.5-arridx.patch
+Patch1: hunt-1.5-cleanup.patch
+Patch2: hunt-1.5-signness.patch
+Patch3: hunt-1.5-listlen.patch
+Patch4: hunt-1.5-badcmp.patch
URL: http://lin.fsid.cvut.cz/~kra/index.html
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -27,6 +36,11 @@
%prep
%setup -q
+%patch0 -p1 -b .arridx
+%patch1 -p1 -b .cleanup
+%patch2 -p1 -b .signness
+%patch3 -p1 -b .listlen
+%patch4 -p1 -b .badcmp
%build
@@ -58,6 +72,12 @@
%changelog
+* Thu Mar 3 2005 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0:1.5-3
+- fixed out-of-range array subscript (BZ #149777)
+- fixed lots of warnings regarding different signedness
+- fixed some minor compilation warnings
+- fixed bad handling of hosts-lists when start-host > end-host
+
* Fri May 9 2003 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> 0:1.5-0.fdr.2
- updated source-url
More information about the scm-commits
mailing list