[dsniff] - Added a patch which adds further link layer offsets - Avoid opportunity for DoS in tabular data st
Robert Scheck
robert at fedoraproject.org
Mon Jul 30 21:23:30 UTC 2012
commit e5ec7df12afbd373a004e2a6a6bd9499e69009e9
Author: Robert Scheck <robert at fedoraproject.org>
Date: Mon Jul 30 23:23:18 2012 +0200
- Added a patch which adds further link layer offsets
- Avoid opportunity for DoS in tabular data stream protocol handler
- Added a memset in msgsnarf to correctly 0 out the C struct
- Patched urlsnarf to use timestamps from pcap file if available
dsniff-2.4-link_layer_offset.patch | 73 +++++++++++++++++++++++++++++++
dsniff-2.4-msgsnarf_segfault.patch | 13 ++++++
dsniff-2.4-tds_decoder.patch | 18 ++++++++
dsniff-2.4-urlsnarf_timestamp.patch | 80 +++++++++++++++++++++++++++++++++++
dsniff.spec | 20 +++++++-
5 files changed, 201 insertions(+), 3 deletions(-)
---
diff --git a/dsniff-2.4-link_layer_offset.patch b/dsniff-2.4-link_layer_offset.patch
new file mode 100644
index 0000000..13c3760
--- /dev/null
+++ b/dsniff-2.4-link_layer_offset.patch
@@ -0,0 +1,73 @@
+Patch by Robert Scheck <robert at fedoraproject.org> for dsniff >= 2.4b1, that
+adds further link layer offsets; inspirated from the original DLT_LINUX_SLL
+patch by Roland Kletzing <devzero at web.de>. This patch supersedes the Debian
+patch by Joerg Dorchain <joerg at dorchain.net> which adds tcpkill support for
+handling PPP interfaces. So for some further information, please also have
+a look to Debian bug ID #572516.
+
+--- dsniff-2.4/pcaputil.c 2001-03-15 09:33:04.000000000 +0100
++++ dsniff-2.4/pcaputil.c.ll_offset 2011-10-09 17:13:01.000000000 +0200
+@@ -46,12 +46,63 @@
+ case DLT_FDDI:
+ offset = 21;
+ break;
++#ifdef __amigaos__
++ case DLT_MIAMI:
++ offset = 16;
++ break;
++#endif
++ case DLT_RAW:
+ #ifdef DLT_LOOP
+ case DLT_LOOP:
+ #endif
+ case DLT_NULL:
+ offset = 4;
+ break;
++ case DLT_SLIP:
++#ifdef DLT_SLIP_BSDOS
++ case DLT_SLIP_BSDOS:
++#endif
++#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
++ offset = 16;
++#else
++ offset = 24;
++#endif
++ break;
++ case DLT_PPP:
++#ifdef DLT_PPP_BSDOS
++ case DLT_PPP_BSDOS:
++#endif
++#ifdef DLT_PPP_SERIAL
++ case DLT_PPP_SERIAL:
++#endif
++#ifdef DLT_PPP_ETHER
++ case DLT_PPP_ETHER:
++#endif
++#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__APPLE__)
++ offset = 4;
++#else
++#if defined(sun) || defined(__sun)
++ offset = 8;
++#else
++ offset = 24;
++#endif
++#endif
++ break;
++#ifdef DLT_ENC
++ case DLT_ENC:
++ offset = 12;
++ break;
++#endif
++#ifdef DLT_LINUX_SLL
++ case DLT_LINUX_SLL:
++ offset = 16;
++ break;
++#endif
++#ifdef DLT_IPNET
++ case DLT_IPNET:
++ offset = 24;
++ break;
++#endif
+ default:
+ warnx("unsupported datalink type");
+ break;
diff --git a/dsniff-2.4-msgsnarf_segfault.patch b/dsniff-2.4-msgsnarf_segfault.patch
new file mode 100644
index 0000000..f459638
--- /dev/null
+++ b/dsniff-2.4-msgsnarf_segfault.patch
@@ -0,0 +1,13 @@
+Patch by <bdefreese at debian2.bddebian.com> for dsniff >= 2.4b1, which adds
+a memset to correctly 0 out the C struct.
+
+--- dsniff-2.4/msgsnarf.c 2011-10-09 18:13:49.000000000 +0200
++++ dsniff-2.4/msgsnarf.c.segfault 2011-10-09 18:25:26.000000000 +0200
+@@ -584,6 +584,7 @@
+ if (i == 0) {
+ if ((c = malloc(sizeof(*c))) == NULL)
+ nids_params.no_mem("sniff_msgs");
++ memset(c, 0, sizeof(*c));
+ c->ip = ts->addr.saddr;
+ c->nick = strdup("unknown");
+ SLIST_INSERT_HEAD(&client_list, c, next);
diff --git a/dsniff-2.4-tds_decoder.patch b/dsniff-2.4-tds_decoder.patch
new file mode 100644
index 0000000..6dbb981
--- /dev/null
+++ b/dsniff-2.4-tds_decoder.patch
@@ -0,0 +1,18 @@
+Patch by Hilko Bengen <bengen at debian.org> for dsniff >= 2.4b1, to avoid a
+possible DoS opportunity in the Tabular Data Stream protocol handler. For
+further information, please have a look to Debian bug ID #609988.
+
+--- dsniff-2.4/decode_tds.c 2011-10-09 18:13:49.000000000 +0200
++++ dsniff-2.4/decode_tds.c.tds_decoder 2011-10-09 18:14:43.000000000 +0200
+@@ -140,6 +140,11 @@
+
+ obuf[0] = '\0';
+
++ if (th->size != 8) {
++ /* wrong header length */
++ return (strlen(obuf));
++ }
++
+ for (th = (struct tds_hdr *)buf;
+ len > sizeof(*th) && len >= ntohs(th->size);
+ buf += ntohs(th->size), len -= ntohs(th->size)) {
diff --git a/dsniff-2.4-urlsnarf_timestamp.patch b/dsniff-2.4-urlsnarf_timestamp.patch
new file mode 100644
index 0000000..e50cdc9
--- /dev/null
+++ b/dsniff-2.4-urlsnarf_timestamp.patch
@@ -0,0 +1,80 @@
+Patch by Hilko Bengen <bengen at debian.org> for dsniff >= 2.4b1, which adds
+the usage of timestamps from pcap file if available to urlsnarf. For some
+more information, please have a look to Debian bug ID #573365.
+
+--- dsniff-2.4/urlsnarf.c 2011-10-09 18:13:49.000000000 +0200
++++ dsniff-2.4/urlsnarf.c.timestamp 2011-10-09 18:37:33.000000000 +0200
+@@ -36,6 +36,7 @@
+ u_short Opt_dns = 1;
+ int Opt_invert = 0;
+ regex_t *pregex = NULL;
++time_t tt = 0;
+
+ static void
+ usage(void)
+@@ -57,9 +58,12 @@
+ {
+ static char tstr[32], sign;
+ struct tm *t, gmt;
+- time_t tt = time(NULL);
+ int days, hours, tz, len;
+
++ if (!nids_params.filename) {
++ tt = time(NULL);
++ }
++
+ gmt = *gmtime(&tt);
+ t = localtime(&tt);
+
+@@ -312,9 +316,48 @@
+
+ nids_register_chksum_ctl(&chksum_ctl, 1);
+
+- nids_run();
+-
+- /* NOTREACHED */
++ pcap_t *p;
++ char pcap_errbuf[PCAP_ERRBUF_SIZE];
++ if (nids_params.filename == NULL) {
++ /* adapted from libnids.c:open_live() */
++ if (strcmp(nids_params.device, "all") == 0)
++ nids_params.device = "any";
++ p = pcap_open_live(nids_params.device, 16384,
++ (nids_params.promisc != 0),
++ 0, pcap_errbuf);
++ if (!p) {
++ fprintf(stderr, "pcap_open_live(): %s\n",
++ pcap_errbuf);
++ exit(1);
++ }
++ }
++ else {
++ p = pcap_open_offline(nids_params.filename,
++ pcap_errbuf);
++ if (!p) {
++ fprintf(stderr, "pcap_open_offline(%s): %s\n",
++ nids_params.filename, pcap_errbuf);
++ }
++ }
++
++ struct pcap_pkthdr *h;
++ u_char *d;
++ int rc;
++ while ((rc = pcap_next_ex(p, &h, &d)) == 1) {
++ tt = h->ts.tv_sec;
++ nids_pcap_handler(NULL, h, d);
++ }
++ switch (rc) {
++ case(-2): /* end of pcap file */
++ case(0): /* timeout on live capture */
++ break;
++ case(-1):
++ default:
++ fprintf(stderr, "rc = %i\n", rc);
++ pcap_perror(p, "pcap_read_ex()");
++ exit(1);
++ break;
++ }
+
+ exit(0);
+ }
diff --git a/dsniff.spec b/dsniff.spec
index 889a6ad..ef984df 100644
--- a/dsniff.spec
+++ b/dsniff.spec
@@ -1,7 +1,7 @@
Summary: Tools for network auditing and penetration testing
Name: dsniff
Version: 2.4
-Release: 0.13.b1%{?dist}
+Release: 0.14.b1%{?dist}
License: BSD
Group: Applications/Internet
URL: http://www.monkey.org/~dugsong/%{name}/
@@ -25,11 +25,15 @@ Patch15: dsniff-2.4-obsolete_time.patch
Patch16: dsniff-2.4-checksum_libnids.patch
Patch17: dsniff-2.4-fedora_dirs.patch
Patch18: dsniff-2.4-glib2.patch
+Patch19: dsniff-2.4-link_layer_offset.patch
+Patch20: dsniff-2.4-tds_decoder.patch
+Patch21: dsniff-2.4-msgsnarf_segfault.patch
+Patch22: dsniff-2.4-urlsnarf_timestamp.patch
BuildRequires: libnet-devel, openssl-devel, libnids-devel, glib2-devel, %{_includedir}/pcap.h
%if 0%{?rhel}%{?fedora} > 6
-BuildRequires: libdb-devel
+BuildRequires: libdb-devel
%else
-BuildRequires: db4-devel
+BuildRequires: db4-devel
%endif
%if 0%{?rhel}%{?fedora} >= 5
BuildRequires: libXmu-devel
@@ -70,6 +74,10 @@ by exploiting weak bindings in ad-hoc PKI.
%patch16 -p1 -b .checksum_libnids
%patch17 -p1 -b .fedora_dirs
%patch18 -p1 -b .glib2
+%patch19 -p1 -b .link_layer_offset
+%patch20 -p1 -b .tds_decoder
+%patch21 -p1 -b .msgsnarf_segfault
+%patch22 -p1 -b .urlsnarf_timestamp
%build
%configure
@@ -117,6 +125,12 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/webspy.8*
%changelog
+* Mon Jul 30 2012 Robert Scheck <robert at fedoraproject.org> 2.4-0.14.b1
+- Added a patch which adds further link layer offsets
+- Avoid opportunity for DoS in tabular data stream protocol handler
+- Added a memset in msgsnarf to correctly 0 out the C struct
+- Patched urlsnarf to use timestamps from pcap file if available
+
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4-0.13.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
More information about the scm-commits
mailing list