rpms/sipp/EL-5 sipp--Do-not-include-bogus-library-paths-and-include-pat.patch, NONE, 1.1 sipp--Fix-for-CVE-2008-2085.patch, NONE, 1.1 sipp--Initial-fix-for-RHBZ-559620.patch, NONE, 1.1 import.log, 1.3, 1.4 sipp.spec, 1.9, 1.10 sipp--CVE-2008-2085-fix.diff, 1.2, NONE sipp--Makefile-fix-paths.diff, 1.2, NONE

Peter Lemenkov peter at fedoraproject.org
Fri Jan 29 16:42:35 UTC 2010 

Author: peter

Update of /cvs/pkgs/rpms/sipp/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32580/EL-5

Modified Files:
	import.log sipp.spec 
Added Files:
	sipp--Do-not-include-bogus-library-paths-and-include-pat.patch 
	sipp--Fix-for-CVE-2008-2085.patch 
	sipp--Initial-fix-for-RHBZ-559620.patch 
Removed Files:
	sipp--CVE-2008-2085-fix.diff sipp--Makefile-fix-paths.diff 
Log Message:
Fix for rhbz #559620

sipp--Do-not-include-bogus-library-paths-and-include-pat.patch:
 Makefile |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

--- NEW FILE sipp--Do-not-include-bogus-library-paths-and-include-pat.patch ---
>From 81153fa6c7908b0f62b5b87782265e68336493cb Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Mon, 11 Jan 2010 14:45:45 +0300
Subject: [PATCH 1/3] Do not include bogus library paths and include paths.

Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
 Makefile |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 23a3fac..6975fa0 100644
--- a/Makefile
+++ b/Makefile
@@ -138,7 +138,7 @@ LFLAGS_Darwin=
 LFLAGS=$(LFLAGS_$(SYSTEM)) $(EXTRALFLAGS)
 
 #Link Libraries
-LIBS_linux= -ldl -lpthread -lncurses -lstdc++ -lm -L /usr/local/lib -L /usr/lib -L /usr/lib64
+LIBS_linux= -ldl -lpthread -lncurses -lstdc++ -lm
 LIBS_hpux= -lcurses -lpthread -L /opt/openssl/lib -L /usr/local/lib
 LIBS_tru64= -lcurses -lpthread
 LIBS_freebsd= -lcurses -pthread -L /usr/local/lib
@@ -148,7 +148,7 @@ LIBS_Darwin= -lcurses
 LIBS=$(LIBS_$(SYSTEM)) $(EXTRALIBS)
 
 # Include directories
-INCDIR_linux=-I. -I/usr/include/openssl
+INCDIR_linux=-I.
 INCDIR_freebsd=-I. -I/usr/local/include
 INCDIR_hpux=-I. -I/usr/local/include -I/opt/openssl/include
 INCDIR_tru64=-I. -I/opt/openssl/include
-- 
1.6.2.5


sipp--Fix-for-CVE-2008-2085.patch:
 call.cpp |   42 +++++++++++++++++++++++++++++++++---------
 1 file changed, 33 insertions(+), 9 deletions(-)

--- NEW FILE sipp--Fix-for-CVE-2008-2085.patch ---
>From dce23af786559873071b3ea5e4641e4ecdca5ee6 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Wed, 27 Jan 2010 09:46:03 +0300
Subject: [PATCH 2/3] Fix for CVE-2008-2085.

Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
 call.cpp |   41 +++++++++++++++++++++++++++++++++--------
 1 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/call.cpp b/call.cpp
index 6830304..408f23c 100644
--- a/call.cpp
+++ b/call.cpp
@@ -133,17 +133,26 @@ uint32_t get_remote_ip_media(char *msg)
     char pattern[] = "c=IN IP4 ";
     char *begin, *end;
     char ip[32];
-    begin = strstr(msg, pattern);
+    char *tmp = strdup(msg);
+
+    if(!tmp) return INADDR_NONE;
+    begin = strstr(tmp, pattern);
     if (!begin) {
+      free(tmp);
       /* Can't find what we're looking at -> return no address */
       return INADDR_NONE;
     }
     begin += sizeof("c=IN IP4 ") - 1;
     end = strstr(begin, "\r\n");
-    if (!end)
+    if (!end){
+      free(tmp);
       return INADDR_NONE;
+    }
+    *end = 0;
     memset(ip, 0, 32);
-    strncpy(ip, begin, end - begin);
+    strncpy(ip, begin, sizeof(ip) - 1);
+    ip[sizeof(ip) - 1] = 0;
+    free(tmp);
     return inet_addr(ip);
 }
 
@@ -156,20 +165,28 @@ uint8_t get_remote_ipv6_media(char *msg, struct in6_addr *addr)
     char pattern[] = "c=IN IP6 ";
     char *begin, *end;
     char ip[128];
+    char *tmp = strdup(msg);
 
     memset(addr, 0, sizeof(*addr));
     memset(ip, 0, 128);
 
-    begin = strstr(msg, pattern);
+    if(!tmp) return 0;
+    begin = strstr(tmp, pattern);
     if (!begin) {
+      free(tmp);
       /* Can't find what we're looking at -> return no address */
       return 0;
     }
     begin += sizeof("c=IN IP6 ") - 1;
     end = strstr(begin, "\r\n");
-    if (!end)
+    if (!end){
+      free(tmp);
       return 0;
-    strncpy(ip, begin, end - begin);
+    }
+    *end = 0;
+    strncpy(ip, begin, sizeof(ip) - 1);
+    ip[sizeof(ip) - 1] = 0;
+    free(tmp);
     if (!inet_pton(AF_INET6, ip, addr)) {
       return 0;
     }
@@ -196,17 +213,25 @@ uint16_t get_remote_port_media(char *msg, int pattype)
 	ERROR("Internal error: Undefined media pattern %d\n", 3);
     }
 
-    begin = strstr(msg, pattern);
+    char *tmp = strdup(msg);
+    if(!tmp) return 0;
+    begin = strstr(tmp, pattern);
     if (!begin) {
+      free(tmp);
       /* m=audio not found */
       return 0;
     }
     begin += strlen(pattern) - 1;
     end = strstr(begin, "\r\n");
-    if (!end)
+    if (!end){
+      free(tmp);
       ERROR("get_remote_port_media: no CRLF found");
+    }
+    *end = 0;
     memset(number, 0, sizeof(number));
     strncpy(number, begin, sizeof(number) - 1);
+    number[sizeof(number) - 1] = 0;
+    free(tmp);
     return atoi(number);
 }
 
-- 
1.6.2.5


sipp--Initial-fix-for-RHBZ-559620.patch:
 auth.c |   14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

--- NEW FILE sipp--Initial-fix-for-RHBZ-559620.patch ---
>From 2b9333c4b1e3dffbd078cb4a747cc4254f3aa78f Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Fri, 29 Jan 2010 19:16:18 +0300
Subject: [PATCH 3/3] Initial fix for RHBZ #559620.

Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
 auth.c |   13 +++++++++----
 1 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/auth.c b/auth.c
index 3e96037..6283d50 100644
--- a/auth.c
+++ b/auth.c
@@ -223,6 +223,7 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
     static unsigned int mync = 1;
     int has_opaque = 0;
     MD5_CTX Md5Ctx;
+    char tmpbuf[2048];
 
     // Extract the Auth Type - If not present, using 'none' 
     cnonce[0] = '\0';
@@ -254,7 +255,8 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
 
     sprintf(result, "Digest username=\"%s\",realm=\"%s\"",user,tmp);
     if (cnonce[0] != '\0') {
-        sprintf(result, "%s,cnonce=\"%s\",nc=%s,qop=%s",result,cnonce,nc,authtype);
+        snprintf(tmpbuf, 2048, "%s,cnonce=\"%s\",nc=%s,qop=%s",result,cnonce,nc,authtype);
+        strcpy(result,tmpbuf);
     }
 
     // Construct the URI 
@@ -284,7 +286,8 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
     MD5_Final(ha2, &Md5Ctx);
     hashToHex(&ha2[0], &ha2_hex[0]);
 
-    sprintf(result, "%s,uri=\"%s\"",result,tmp);
+    snprintf(tmpbuf, 2048, "%s,uri=\"%s\"",result,tmp);
+    strcpy(result,tmpbuf);
 
     // Extract the Nonce 
     if (!getAuthParameter("nonce", auth, tmp, sizeof(tmp))) {
@@ -309,10 +312,12 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
     MD5_Final(resp, &Md5Ctx);
     hashToHex(&resp[0], &resp_hex[0]);
 
-    sprintf(result, "%s,nonce=\"%s\",response=\"%s\",algorithm=%s",result,tmp,resp_hex,algo);
+    snprintf(tmpbuf, 2048, "%s,nonce=\"%s\",response=\"%s\",algorithm=%s",result,tmp,resp_hex,algo);
+    strcpy(result,tmpbuf);
 
     if (has_opaque) {
-        sprintf(result, "%s,opaque=\"%s\"",result,opaque);
+        snprintf(tmpbuf, 2048, "%s,opaque=\"%s\"",result,opaque);
+        strcpy(result,tmpbuf);
     }
 
     return 1;
-- 
1.6.2.5



Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/sipp/EL-5/import.log,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- import.log	26 Jan 2010 10:24:54 -0000	1.3
+++ import.log	29 Jan 2010 16:42:34 -0000	1.4
@@ -1,3 +1,4 @@
 sipp-3_1-2_fc9:EL-5:sipp-3.1-2.fc9.src.rpm:1215351879
 sipp-3_1-5_fc11:EL-5:sipp-3.1-5.fc11.src.rpm:1245321984
 sipp-3_1-8_svn586_fc12:EL-5:sipp-3.1-8.svn586.fc12.src.rpm:1264501445
+sipp-3_1-9_svn586_fc12:EL-5:sipp-3.1-9.svn586.fc12.src.rpm:1264783326


Index: sipp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sipp/EL-5/sipp.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- sipp.spec	26 Jan 2010 10:24:54 -0000	1.9
+++ sipp.spec	29 Jan 2010 16:42:34 -0000	1.10
@@ -1,15 +1,18 @@
 Summary:	SIP test tool / traffic generator
 Name:		sipp
 Version:	3.1
-Release:	8.svn586%{?dist}
+Release:	9.svn586%{?dist}
 License:	GPLv2+
 Group:		Applications/Communications
 URL:		http://sipp.sourceforge.net/
 Source0:	http://downloads.sourceforge.net/%{name}/%{name}.%{version}.src.tar.gz
-Patch0:		sipp--Makefile-fix-paths.diff
+Patch0:		sipp--3.1svn586.diff
+# Fedora-specific
+Patch1:		sipp--Do-not-include-bogus-library-paths-and-include-pat.patch
 # https://sourceforge.net/tracker/index.php?func=detail&aid=2011751&group_id=104305&atid=637566
-Patch2:		sipp--CVE-2008-2085-fix.diff
-Patch4:		sipp--3.1svn586.diff
+Patch2:		sipp--Fix-for-CVE-2008-2085.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=559620
+Patch3:		sipp--Initial-fix-for-RHBZ-559620.patch
 BuildRequires:	ncurses-devel
 %if 0%{?el4}
 BuildRequires:	libpcap
@@ -31,9 +34,10 @@ retransmission management and dynamicall
 
 %prep
 %setup -qn %{name}.svn
-%patch0 -p0 -b .fix_paths
-%patch4 -p1 -b .svn586
-%patch2 -p0 -b .cve20082085
+%patch0 -p1 -b .svn586
+%patch1 -p1 -b .fix_paths
+%patch2 -p1 -b .cve20082085
+%patch3 -p1 -b .rhbz559620
 sed -i s,^SVN_VERSION=.*,SVN_VERSION=586,g Makefile
 
 %build
@@ -55,6 +59,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/%{name}
 
 %changelog
+* Fri Jan 29 2010 Peter Lemenkov <lemenkov at gmail.com> 3.1-9.svn586
+- Fix for RHBZ #559620
+- Reorganized patches.
+
 * Mon Jan 25 2010 Peter Lemenkov <lemenkov at gmail.com> 3.1-8.svn586
 - Update to svn ver. 586 (fixes lots of small but nasty issues)
 - Removed patch1, patch3


--- sipp--CVE-2008-2085-fix.diff DELETED ---


--- sipp--Makefile-fix-paths.diff DELETED ---

More information about the scm-commits mailing list