[medusa] fix buffer overflow when printing special chars in hex formatting
rebus
rebus at fedoraproject.org
Sat Feb 2 21:08:02 UTC 2013
commit eff99458470cd709b21f95de22cbbc9a1a137abb
Author: Michal Ambroz <rebus at seznam.cz>
Date: Sat Feb 2 19:04:09 2013 +0100
fix buffer overflow when printing special chars in hex formatting
medusa-trace-overflow.patch | 39 +++++++++++++++++++++++++++++++++++++++
medusa.spec | 7 ++++++-
2 files changed, 45 insertions(+), 1 deletions(-)
---
diff --git a/medusa-trace-overflow.patch b/medusa-trace-overflow.patch
new file mode 100644
index 0000000..321724f
--- /dev/null
+++ b/medusa-trace-overflow.patch
@@ -0,0 +1,39 @@
+Fix buffer overflow in medusa-trace.c caused by printing password in hex formatting buffer too small.
+Reported to jmk at foofus.net on 2013/02/02.
+diff -ru medusa-2.1/src/medusa-trace.c medusa-2.1.new/src/medusa-trace.c
+--- medusa-2.1/src/medusa-trace.c 2012-03-01 18:39:35.000000000 +0100
++++ medusa-2.1.new/src/medusa-trace.c 2013-02-02 18:10:47.718761727 +0100
+@@ -35,7 +35,7 @@
+ void writeVerbose(int iLevel, char *pMsg, ...) {
+ va_list ap;
+ char buf[512];
+- char bufOut[1024];
++ char bufOut[2049]; // 1 special char can take up to 4 chars in hex formatting
+ char temp[6];
+ unsigned char cTemp;
+ int i = 0;
+@@ -45,8 +45,8 @@
+ }
+ else if (iLevel <= iVerboseLevel) {
+ va_start(ap, pMsg);
+- memset(bufOut, 0, 1024);
+- memset(buf, 0, 512);
++ memset(bufOut, 0, sizeof(bufOut));
++ memset(buf, 0, sizeof(buf));
+ vsnprintf(buf, sizeof(buf) - 1, pMsg, ap);
+
+ /*
+@@ -60,11 +60,11 @@
+ cTemp = (unsigned char)buf[i];
+ if ((cTemp < 32 && cTemp > 0 && cTemp != 9 && cTemp != 10 && cTemp != 13) || cTemp > 126)
+ {
+- sprintf(temp, "[%02X]", cTemp);
++ sprintf(temp, "[%02X]", cTemp);
+ }
+ else
+ sprintf(temp, "%c", cTemp);
+-
++
+ strncat(bufOut, temp, 6);
+ }
+
diff --git a/medusa.spec b/medusa.spec
index 1ca3766..07e0290 100644
--- a/medusa.spec
+++ b/medusa.spec
@@ -3,12 +3,13 @@
Summary: Parallel brute forcing password cracker
Name: medusa
Version: 2.1
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2
Group: Applications/System
URL: http://www.foofus.net/jmk/medusa/medusa.html
Source0: http://www.foofus.net/jmk/tools/%{name}-%{version}.tar.gz
Patch1: medusa-configure.patch
+Patch2: medusa-trace-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, automake, libtool, openssl-devel, apr-devel, ncpfs-devel, libssh2-devel, subversion-devel, postgresql-devel pcre-devel
@@ -42,6 +43,7 @@ Some of the key features of Medusa are:
%prep
%setup -q
%patch1 -p1 -b .configure
+%patch2 -p1 -b .trace
%build
aclocal
@@ -75,6 +77,9 @@ rm -rf %{buildroot}
%{_libdir}/medusa/*
%changelog
+* Sat Feb 02 2013 Michal Ambroz <rebus AT seznam.cz> - 2.1-2
+- fix buffer overflow in medusa-trace.c related to printing special chars in hex formatting
+
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
More information about the scm-commits
mailing list