summaryrefslogtreecommitdiffstats
path: root/net/mopd/files
diff options
context:
space:
mode:
authorobrien <obrien@FreeBSD.org>2000-08-29 00:49:08 +0000
committerobrien <obrien@FreeBSD.org>2000-08-29 00:49:08 +0000
commita7b7484cd2ac61a33ae66c970bd1a508307d3b4f (patch)
treec9565e000b041bac439f0498ffeaa4f98ccdcee3 /net/mopd/files
parentecd41e3a9b4fbda0fae253f65337a966abd98001 (diff)
downloadFreeBSD-ports-a7b7484cd2ac61a33ae66c970bd1a508307d3b4f.zip
FreeBSD-ports-a7b7484cd2ac61a33ae66c970bd1a508307d3b4f.tar.gz
String paranoia and security fixes from OpenBSD: prevent a remote buffer
overflow and remote syslog() exploits. Obtained from: OpenBSD
Diffstat (limited to 'net/mopd/files')
-rw-r--r--net/mopd/files/patch-device.c38
-rw-r--r--net/mopd/files/patch-pf-snit.c22
-rw-r--r--net/mopd/files/patch-pf.c22
-rw-r--r--net/mopd/files/patch-process.c81
4 files changed, 163 insertions, 0 deletions
diff --git a/net/mopd/files/patch-device.c b/net/mopd/files/patch-device.c
new file mode 100644
index 0000000..e6ffd6c
--- /dev/null
+++ b/net/mopd/files/patch-device.c
@@ -0,0 +1,38 @@
+--- common/device.c 1996/09/21 13:49:16 1.1
++++ common/device.c 2000/02/20 17:45:33 1.4
+@@ -111,7 +113,8 @@
+ {
+ struct if_info *p, tmp;
+
+- strcpy(tmp.if_name,ifname);
++ strncpy(tmp.if_name,ifname,sizeof(tmp.if_name) - 1);
++ tmp.if_name[sizeof(tmp.if_name) - 1] = 0;
+ tmp.iopen = pfInit;
+
+ switch (proto) {
+@@ -138,7 +141,8 @@
+ p->next = iflist;
+ iflist = p;
+
+- strcpy(p->if_name,tmp.if_name);
++ strncpy(p->if_name,tmp.if_name, IFNAME_SIZE -1);
++ p->if_name[IFNAME_SIZE -1] = 0;
+ p->iopen = tmp.iopen;
+ p->write = pfWrite;
+ p->read = tmp.read;
+@@ -185,12 +199,12 @@
+ if ((strlen(dev) == 2) &&
+ (dev[0] == 'e') &&
+ ((dev[1] == 'n') || (dev[1] == 't'))) {
+- sprintf(interface,"ent%d\0",unit);
++ snprintf(interface,sizeof(interface),"ent%d\0",unit);
+ } else {
+- sprintf(interface,"%s%d\0",dev,unit);
++ snprintf(interface,sizeof(interface),"%s%d\0",dev,unit);
+ }
+ #else
+- sprintf(interface,"%s",ifname);
++ snprintf(interface,sizeof(interface),"%s",ifname);
+ #endif /* _AIX */
+
+ /* Ok, init it just once */
diff --git a/net/mopd/files/patch-pf-snit.c b/net/mopd/files/patch-pf-snit.c
new file mode 100644
index 0000000..b2b329f
--- /dev/null
+++ b/net/mopd/files/patch-pf-snit.c
@@ -0,0 +1,22 @@
+--- otherOS/pf-snit.c 1996/09/21 19:12:50 1.2
++++ otherOS/pf-snit.c 2000/02/20 17:45:34 1.3
+@@ -239,7 +239,8 @@
+ struct ifreq ifr;
+ int fd;
+
+- strcpy(ifr.ifr_name, interface);
++ strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) -1);
++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
+
+ ifr.ifr_addr.sa_family = AF_UNSPEC;
+ bcopy(addr, ifr.ifr_addr.sa_data, 6);
+@@ -274,7 +275,8 @@
+ struct ifreq ifr;
+ int fd;
+
+- strcpy(ifr.ifr_name, interface);
++ strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) -1);
++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
+
+ ifr.ifr_addr.sa_family = AF_UNSPEC;
+ bcopy(addr, ifr.ifr_addr.sa_data, 6);
diff --git a/net/mopd/files/patch-pf.c b/net/mopd/files/patch-pf.c
new file mode 100644
index 0000000..c3efafb
--- /dev/null
+++ b/net/mopd/files/patch-pf.c
@@ -0,0 +1,22 @@
+--- common/pf.c 1997/08/18 03:11:31 1.3
++++ common/pf.c 2000/02/20 17:45:33 1.4
+@@ -176,7 +176,8 @@
+ struct ifreq ifr;
+ int fd;
+
+- strcpy(ifr.ifr_name, interface);
++ strncpy(ifr.ifr_name, interface,sizeof(ifr.ifr_name) - 1);
++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
+
+ ifr.ifr_addr.sa_family = AF_UNSPEC;
+ bcopy(addr, ifr.ifr_addr.sa_data, 6);
+@@ -211,7 +212,8 @@
+ struct ifreq ifr;
+ int fd;
+
+- strcpy(ifr.ifr_name, interface);
++ strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) - 1);
++ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
+
+ ifr.ifr_addr.sa_family = AF_UNSPEC;
+ bcopy(addr, ifr.ifr_addr.sa_data, 6);
diff --git a/net/mopd/files/patch-process.c b/net/mopd/files/patch-process.c
new file mode 100644
index 0000000..c173382
--- /dev/null
+++ b/net/mopd/files/patch-process.c
@@ -0,0 +1,81 @@
+--- mopd/process.c 1996/09/21 19:12:26 1.2
++++ mopd/process.c 2000/07/04 23:46:23 1.8
+@@ -267,7 +267,7 @@
+ dllist[slot].a_lseek = 0;
+
+ dllist[slot].count = 0;
+- if (dllist[slot].dl_bsz >= 1492)
++ if ((dllist[slot].dl_bsz >= 1492) || (dllist[slot].dl_bsz == 0))
+ dllist[slot].dl_bsz = 1492;
+ if (dllist[slot].dl_bsz == 1030) /* VS/uVAX 2000 needs this */
+ dllist[slot].dl_bsz = 1000;
+@@ -350,10 +350,10 @@
+ close(dllist[slot].ldfd);
+ dllist[slot].ldfd = 0;
+ dllist[slot].status = DL_STATUS_FREE;
+- sprintf(line,
++ snprintf(line,sizeof(line),
+ "%x:%x:%x:%x:%x:%x Load completed",
+ dst[0],dst[1],dst[2],dst[3],dst[4],dst[5]);
+- syslog(LOG_INFO, line);
++ syslog(LOG_INFO, "%s", line);
+ return;
+ }
+
+@@ -438,7 +438,7 @@
+ {
+ u_char tmpc;
+ u_short moplen;
+- u_char pfile[17], mopcode;
++ u_char pfile[129], mopcode;
+ char filename[FILENAME_MAX];
+ char line[100];
+ int i,nfd,iindex;
+@@ -487,6 +487,8 @@
+ rpr_pgty = mopGetChar(pkt,index); /* Program Type */
+
+ tmpc = mopGetChar(pkt,index); /* Software ID Len */
++ if (tmpc > sizeof(pfile) - 1)
++ return;
+ for (i = 0; i < tmpc; i++) {
+ pfile[i] = mopGetChar(pkt,index);
+ pfile[i+1] = '\0';
+@@ -513,31 +515,32 @@
+ bcopy((char *)src, (char *)(dl_rpr->eaddr), 6);
+ mopProcessInfo(pkt,index,moplen,dl_rpr,trans);
+
+- sprintf(filename,"%s/%s.SYS", MOP_FILE_PATH, pfile);
++ snprintf(filename,sizeof(filename),
++ "%s/%s.SYS", MOP_FILE_PATH, pfile);
+ if ((mopCmpEAddr(dst,dl_mcst) == 0)) {
+ if ((nfd = open(filename, O_RDONLY, 0)) != -1) {
+ close(nfd);
+ mopSendASV(src, ii->eaddr, ii, trans);
+- sprintf(line,
++ snprintf(line,sizeof(line),
+ "%x:%x:%x:%x:%x:%x (%d) Do you have %s? (Yes)",
+ src[0],src[1],src[2],
+ src[3],src[4],src[5],trans,pfile);
+ } else {
+- sprintf(line,
++ snprintf(line,sizeof(line),
+ "%x:%x:%x:%x:%x:%x (%d) Do you have %s? (No)",
+ src[0],src[1],src[2],
+ src[3],src[4],src[5],trans,pfile);
+ }
+- syslog(LOG_INFO, line);
++ syslog(LOG_INFO, "%s", line);
+ } else {
+ if ((mopCmpEAddr(dst,ii->eaddr) == 0)) {
+ dl_rpr->ldfd = open(filename, O_RDONLY, 0);
+ mopStartLoad(src, ii->eaddr, dl_rpr, trans);
+- sprintf(line,
++ snprintf(line,sizeof(line),
+ "%x:%x:%x:%x:%x:%x Send me %s",
+ src[0],src[1],src[2],
+ src[3],src[4],src[5],pfile);
+- syslog(LOG_INFO, line);
++ syslog(LOG_INFO, "%s", line);
+ }
+ }
+
OpenPOWER on IntegriCloud