rpms/tcpick/devel tcpick-0.2.1-cpu-loop.patch, NONE, 1.1 tcpick-0.2.1-pointers.patch, NONE, 1.1 tcpick-0.2.1-ppc.patch, NONE, 1.1 tcpick-0.2.1-CVE-2006-0048.patch, 1.1, 1.2 tcpick.spec, 1.2, 1.3
Robert Scheck (robert)
fedora-extras-commits at redhat.com
Sat Sep 9 22:39:43 UTC 2006
- Previous message: owners owners.list,1.1581,1.1582
- Next message: rpms/tcpick/FC-5 tcpick-0.2.1-cpu-loop.patch, NONE, 1.1 tcpick-0.2.1-pointers.patch, NONE, 1.1 tcpick-0.2.1-ppc.patch, NONE, 1.1 tcpick-0.2.1-CVE-2006-0048.patch, 1.1, 1.2 tcpick.spec, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: robert
Update of /cvs/extras/rpms/tcpick/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16150
Modified Files:
tcpick-0.2.1-CVE-2006-0048.patch tcpick.spec
Added Files:
tcpick-0.2.1-cpu-loop.patch tcpick-0.2.1-pointers.patch
tcpick-0.2.1-ppc.patch
Log Message:
- Better workaround for CVE-2006-0048 to make tcpick usable again
- Added patches for double-free, broken pointers and getopt on ppc
tcpick-0.2.1-cpu-loop.patch:
--- NEW FILE tcpick-0.2.1-cpu-loop.patch ---
Re-merged patch by Robert Scheck <robert at fedoraproject.org> for tcpick <= 0.2.1,
which fixes a double-free error detected by glibc on runtime during the execute of
commands like "tcpick -wu -p -i eth0" causing a infinite loop after recording some
sessions. The patch is originally from Cédric Delfosse <cedric at debian.org>.
Further information:
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319864
- http://sourceforge.net/mailarchive/message.php?msg_id=20647778
--- tcpick-0.2.1/src/tracker.c 2004-12-31 14:53:30.000000000 +0100
+++ tcpick-0.2.1/src/tracker.c.cpu-loop 2006-09-10 00:17:59.000000000 +0200
@@ -99,8 +99,11 @@
if( curr->next == NULL )
last_conn = prev_ring;
- free_desc( &(curr->client) );
- free_desc( &(curr->server) );
+ free_desc( &(curr->client), 1);
+ if (flags.writer.type == UNIQUE)
+ free_desc( &(curr->server), 0);
+ else
+ free_desc( &(curr->server), 1);
S_free( curr );
conn = first_conn;
@@ -124,7 +127,7 @@
count_opened--;
}
-int free_desc( struct HOST_DESC * desc )
+int free_desc( struct HOST_DESC * desc, int freedescfilename )
/* frees the host descriptor and closes the file */
{
struct FRAGMENT * tmp;
@@ -134,7 +137,7 @@
if (flags.writer.type == UNIQUE)
desc->oth->file = NULL;
}
- if( desc->filename ) {
+ if( desc->filename && freedescfilename ) {
S_free( desc->filename );
desc->filename = NULL;
}
tcpick-0.2.1-pointers.patch:
--- NEW FILE tcpick-0.2.1-pointers.patch ---
Re-merged patch by Robert Scheck <robert at fedoraproject.org> for tcpick <= 0.2.1,
to fix multiple "implicitly converted to pointer" messages during build; patch is
originally from Dann Frazier <dannf at dannf.org>.
Further information:
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326927
--- tcpick-0.2.1/src/display.c 2004-12-31 14:53:30.000000000 +0100
+++ tcpick-0.2.1/src/display.c.pointers 2006-09-10 00:04:55.000000000 +0200
@@ -28,6 +28,7 @@
/* FIXME: most code is duplicated: find a better solution! */
#include "tcpick.h"
+#include "lookup.h"
#include "extern.h"
char *
--- tcpick-0.2.1/src/tcpick.c 2005-01-18 13:25:36.000000000 +0100
+++ tcpick-0.2.1/src/tcpick.c.pointers 2006-09-10 00:06:02.000000000 +0200
@@ -49,6 +49,7 @@
#include "tcpick.h"
#include "globals.h"
+#include "datalink.h"
char *errbuf[PCAP_ERRBUF_SIZE];
struct bpf_program filter_compiled;
--- tcpick-0.2.1/src/write.c 2005-01-09 00:54:47.000000000 +0100
+++ tcpick-0.2.1/src/write.c.pointers 2006-09-10 00:06:47.000000000 +0200
@@ -25,8 +25,11 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
+#define _GNU_SOURCE
+#include <string.h>
#include "tcpick.h"
#include "extern.h"
+#include "lookup.h"
__inline__ char *
avail_filename(struct CONN * conn_ptr,
--- tcpick-0.2.1/src/lookup.h 2004-12-31 14:53:30.000000000 +0100
+++ tcpick-0.2.1/src/lookup.h.pointers 2006-09-10 00:07:38.000000000 +0200
@@ -26,6 +26,8 @@
* USA.
*/
+#ifndef _LOOKUP_H
+#define _LOOKUP_H
struct _l_node /* the node/leaf of the tree */
{
@@ -40,3 +42,9 @@
char * name;
struct in_addr ip;
};
+
+char *lookup(struct in_addr ia);
+struct _l_node *_l_alloc(struct in_addr, char *);
+char *_l_get(struct in_addr);
+
+#endif
--- tcpick-0.2.1/src/datalink.h 1970-01-01 01:00:00.000000000 +0100
+++ tcpick-0.2.1/src/datalink.h.pointers 2006-09-10 00:08:22.000000000 +0200
@@ -0,0 +1,29 @@
+/*
+ * datalink.h -- calculates datalink offsets
+ * Part of the tcpick project
+ *
+ * Author: Francesco Stablum <duskdruid @ despammed.com>
+ *
+ * Copyright (C) 2003, 2004 Francesco Stablum
+ * Licensed under the GPL
+ *
+ */
+
+/*
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at you option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111,
+ * USA.
+ */
+
+char *datalink2str(int dl_id);
tcpick-0.2.1-ppc.patch:
--- NEW FILE tcpick-0.2.1-ppc.patch ---
Re-merged patch by Robert Scheck <robert at fedoraproject.org> for tcpick <= 0.2.1,
because tcpick is possibly unusable on ppc architectures while it never gets past
the getopt loop; patch is originally from Cédric Delfosse <cedric at debian.org>.
Further information:
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327327
--- tcpick-0.2.1/src/args.c 2005-01-16 16:19:35.000000000 +0100
+++ tcpick-0.2.1/src/args.c.ppc 2006-09-09 23:51:42.000000000 +0200
@@ -149,7 +149,7 @@
void
parse_args(int argc, char ** argv)
{
- char opt;
+ int opt;
#ifdef HAVE_GETOPT_LONG
static struct option long_options[]=
tcpick-0.2.1-CVE-2006-0048.patch:
Index: tcpick-0.2.1-CVE-2006-0048.patch
===================================================================
RCS file: /cvs/extras/rpms/tcpick/devel/tcpick-0.2.1-CVE-2006-0048.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- tcpick-0.2.1-CVE-2006-0048.patch 20 Jun 2006 14:55:18 -0000 1.1
+++ tcpick-0.2.1-CVE-2006-0048.patch 9 Sep 2006 22:39:43 -0000 1.2
@@ -3,28 +3,25 @@
The patch is originally from Cédric Delfosse <cedric at debian.org> after the report
by Andrea Barisani <andrea at inversepath.com> about the possibility maybe to trigger
-remotely the segfault condition in tcpick.
+remotely the segfault condition in tcpick. It's also a better temporary fix rather
+the initial quick fix posted at the tcpick mailing list, which makes tcpick nearly
+unusable.
Further information:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0048
- http://sourceforge.net/mailarchive/forum.php?thread_id=9989610&forum_id=37151
- http://www.securityfocus.com/bid/17665
+ - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360571
---- tcpick-0.2.1/src/loop.c 2005-01-16 16:26:56.000000000 +0100
-+++ tcpick-0.2.1/src/loop.c.CVE-2006-0048 2006-05-31 16:56:26.000000000 +0200
-@@ -69,7 +69,6 @@
- payload = (u_char *)(packet + datalink_size + IP_SIZE + tcp_size);
- payload_len = iplen - IP_SIZE - tcp_size;
+--- tcpick-0.2.1/src/write.c 2005-01-09 00:54:47.000000000 +0100
++++ tcpick-0.2.1/src/write.c.CVE-2006-0048 2006-09-09 23:43:07.000000000 +0200
+@@ -241,6 +241,9 @@
+ if( flags.separator && ( out == stdout ) ) /* FIXME: sucks? */
+ color( c_SEPARATOR, stdout, SEPARATOR "\n" );
--#ifdef TCPICK_DEBUG
- if( payload_len != (hdr->len - (int)( payload - packet ) ) ) {
- suicide( "got_packet",
- "payload lenght calculated with iplen and hdr->len\n"
-@@ -92,7 +91,6 @@
- );
- }
-
--#endif /* TCPICK_DEBUG */
-
- if( flags.header > 0 )
- display_header( stdout, ippacket, tcppacket,
++ if (buflen < 0)
++ buflen = 0;
++
+ switch ( flavour ) {
+ case HEX_ASCII_DUMP:
+ out_xa( out, buf, buflen );
Index: tcpick.spec
===================================================================
RCS file: /cvs/extras/rpms/tcpick/devel/tcpick.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- tcpick.spec 3 Sep 2006 21:16:54 -0000 1.2
+++ tcpick.spec 9 Sep 2006 22:39:43 -0000 1.3
@@ -1,12 +1,15 @@
Name: tcpick
Version: 0.2.1
-Release: 9%{?dist}
+Release: 10%{?dist}
Summary: A tcp stream sniffer, tracker and capturer
License: GPL
Group: Applications/Internet
URL: http://tcpick.sourceforge.net/
Source: http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}.tar.gz
-Patch: tcpick-0.2.1-CVE-2006-0048.patch
+Patch0: tcpick-0.2.1-CVE-2006-0048.patch
+Patch1: tcpick-0.2.1-ppc.patch
+Patch2: tcpick-0.2.1-pointers.patch
+Patch3: tcpick-0.2.1-cpu-loop.patch
%if "%{?fedora}" <= "5"
BuildRequires: libpcap
%else
@@ -26,7 +29,10 @@
%prep
%setup -q
-%patch -p1 -b .CVE-2006-0048
+%patch0 -p1 -b .CVE-2006-0048
+%patch1 -p1 -b .ppc
+%patch2 -p1 -b .pointers
+%patch3 -p1 -b .cpu-loop
%build
%configure --bindir=%{_sbindir}
@@ -51,6 +57,10 @@
%{_mandir}/it/man8/%{name}.8.gz
%changelog
+* Sun Sep 10 2006 Robert Scheck <robert at fedoraproject.org> 0.2.1-10
+- Better workaround for CVE-2006-0048 to make tcpick usable again
+- Added patches for double-free, broken pointers and getopt on ppc
+
* Sun Sep 03 2006 Robert Scheck <robert at fedoraproject.org> 0.2.1-9
- Rebuild for Fedora Core 6
- Previous message: owners owners.list,1.1581,1.1582
- Next message: rpms/tcpick/FC-5 tcpick-0.2.1-cpu-loop.patch, NONE, 1.1 tcpick-0.2.1-pointers.patch, NONE, 1.1 tcpick-0.2.1-ppc.patch, NONE, 1.1 tcpick-0.2.1-CVE-2006-0048.patch, 1.1, 1.2 tcpick.spec, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list