[chkrootkit] Patch update.

Jon Ciesla limb at fedoraproject.org
Tue Oct 19 13:09:51 UTC 2010


commit fcff464f25f05cd9ba97698fbd5943597afe55d3
Author: Jon Ciesla <limb at jcomserv.net>
Date:   Tue Oct 19 08:09:32 2010 -0500

    Patch update.

 chkrootkit-0.49-chkutmp-outofbounds.patch |   70 +++++++++++++++++++++++++++--
 chkrootkit.spec                           |    7 ++-
 2 files changed, 71 insertions(+), 6 deletions(-)
---
diff --git a/chkrootkit-0.49-chkutmp-outofbounds.patch b/chkrootkit-0.49-chkutmp-outofbounds.patch
index 367ae26..ffb620a 100644
--- a/chkrootkit-0.49-chkutmp-outofbounds.patch
+++ b/chkrootkit-0.49-chkutmp-outofbounds.patch
@@ -1,12 +1,74 @@
---- chkutmp.c~	2009-07-22 08:09:41.000000000 -0500
-+++ chkutmp.c	2009-07-22 08:11:17.000000000 -0500
-@@ -60,3 +60,3 @@
+diff -Nur chkrootkit-0.49-orig/chkutmp.c chkrootkit-0.49/chkutmp.c
+--- chkrootkit-0.49-orig/chkutmp.c	2009-07-30 15:43:17.000000000 +0200
++++ chkrootkit-0.49/chkutmp.c	2010-10-14 22:31:16.000000000 +0200
+@@ -43,7 +43,6 @@
+ #endif
+ #include <ctype.h>
+ 
+-#define MAXREAD 1024
+ #define MAXBUF 4096
+ #define MAXLENGTH 256
+ #define UT_PIDSIZE 12
+@@ -58,13 +57,13 @@
+ #endif
+ 
+ struct ps_line {
 -    char ps_tty[UT_LINESIZE];
 -    char ps_user[UT_NAMESIZE];
 -    char ps_args[MAXLENGTH];
 +    char ps_tty[UT_LINESIZE+2];
 +    char ps_user[UT_NAMESIZE+2];
 +    char ps_args[MAXLENGTH+2];
-@@ -66 +66 @@
+     int ps_pid;
+ };
+ struct utmp_line {
 -    char ut_tty[UT_LINESIZE];
 +    char ut_tty[UT_LINESIZE+2];
+     int ut_pid;
+     int ut_type;
+ };
+@@ -78,7 +77,9 @@
+ int fetchps(struct ps_line *psl_p)
+ {
+     FILE *ps_fp;
+-    char line[MAXREAD + 1], pid[UT_PIDSIZE];
++    char *line = NULL;
++    size_t linelen = 0;
++    char pid[UT_PIDSIZE+2];
+     char *s, *d;
+     struct ps_line *curp = &psl_p[0];
+     struct ps_line *endp = &psl_p[MAXBUF-1];
+@@ -86,8 +87,8 @@
+ 
+     i = 0;
+     if ((ps_fp = (popen(cmd[PS_CMD], "r"))) != NULL) {
+-	fgets(line, MAXREAD, ps_fp);	/* skip header */
+-	while (fgets(line, MAXREAD, ps_fp)) {
++	getline(&line, &linelen, ps_fp);	/* skip header */
++	while (getline(&line, &linelen, ps_fp) != -1) {
+ 	    s = line;
+ 	    if (*s != '\?' && curp <= endp) {	/* only interested in lines that
+ 						 * have a tty */
+@@ -98,7 +99,7 @@
+ 		while (isspace(*s))	/* skip spaces */
+ 		    s++;
+ 		d = pid;
+-		for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_LINESIZE; x++)	/* grab pid */
++		for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_PIDSIZE; x++)	/* grab pid */
+ 		    ;
+ 		*d = '\0';
+ 		curp->ps_pid = atoi(pid);
+@@ -113,11 +114,13 @@
+ 		    s++;
+ 		for (x = 0; (*d++ = *s++) && x <= MAXLENGTH; x++)	/* cmd + args */
+ 		    ;
++		*d = '\0';
+ 		i++;
+ 		curp++;
+ 	    }
+ 	}
+ 	pclose(ps_fp);
++    free(line);
+     } else {
+ 	fprintf(stderr, "\nfailed running 'ps' !\n");
+ 	exit(EXIT_FAILURE);
diff --git a/chkrootkit.spec b/chkrootkit.spec
index 0558587..b5cce91 100644
--- a/chkrootkit.spec
+++ b/chkrootkit.spec
@@ -1,6 +1,6 @@
 Name:           chkrootkit
 Version:        0.49
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Tool to locally check for signs of a rootkit
 Group:          Applications/System
 License:        BSD and GPLv2+ and Python
@@ -57,7 +57,7 @@ It contains:
 #%patch7 -p1 -b .anomalies
 %patch8 -p0 -b .nophpcheck
 %patch9 -p0 -b .chkproc-psver
-%patch10 -p0
+%patch10 -p1
 sed -i -e 's!\s\+ at strip.*!!g' Makefile
 
 
@@ -125,6 +125,9 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Tue Oct 18 2010 Jon Ciesla <limb at jcomserv.net> 0.49-2
+- Updated outofbounds patch, BZ 577979 and 626067.
+
 * Thu Mar 18 2010 Jon Ciesla <limb at jcomserv.net> 0.49-1
 - New upstream, including upstreamed patches.
 


More information about the scm-commits mailing list