Package: lsat
Version: 0.9.7.1-1
Severity: normal
I prepared a quick fix against buffer overflows. Some fixes against 'unsecure
practices' are also included.
--- lsatmain.c.orig 2009-06-12 11:15:32.000000000 +0200
+++ lsatmain.c 2009-06-12 11:58:59.000000000 +0200
# remove unnecessary constants
@@ -73,7 +73,7 @@
char *token;
char tempstring[26];
char line[256];
- char thelist[33][12] = { {"pkgs"}, {"rpm"}, {"inetd"}, {"inittab"}, {"logging"}, {"set"}, {"write"}, {"dotfiles"}, {"passwd"}, {"files"}, {"umask"}, {"ftpusers"}, {"rc"}, {"kbd"}, {"limits"}, {"ssh"}, {"open"}, {"issue"}, {"www"}, {"md5"}, {"modules"}, {"securetty"}, {"perms"}, {"net"}, {"forward"}, {"promisc"}, {"listening"}, {"cfg"}, {"bpass"}, {"ipv4"}, {"startx"}, {"ftp"}, {"disk"} };
+ static char *thelist[] = { "pkgs", "rpm", "inetd", "inittab", "logging", "set", "write", "dotfiles", "passwd", "files", "umask", "ftpusers", "rc", "kbd", "limits", "ssh", "open", "issue", "www", "md5", "modules", "securetty", "perms", "net", "forward", "promisc", "listening", "cfg", "bpass", "ipv4", "startx", "ftp", "disk" };
if ((fileptr = fopen(xlisting, "r"))==NULL)
{
@@ -101,7 +101,7 @@
/* see if they match. If they do, the user does */
/* not want to run that module, so we put it in */
/* another array of ints to look through later. */
- for (i=0;i<33;i++)
+ for (i=0;i<sizeof(thelist);i++)
{
if ((strcmp(thelist[i], tempstring)) == 0)
{
# duplicated flag
@@ -155,7 +155,7 @@
/* this is silly, I should know how to do this more easily */
- if ((fileval = open("/tmp/lsat1.lsat", O_RDWR | O_CREAT | O_EXCL | O_EXCL, 0600)) < 0)
+ if ((fileval = open("/tmp/lsat1.lsat", O_RDWR | O_CREAT | O_EXCL, 0600)) < 0)
{
perror("Could not make file w/perms 0600...\n");
perror("Possible link attack while creating/opening file!\n");
# series of quick patches against segfaults
@@ -308,11 +308,11 @@
*/
char release[50]; /* array for release level */
char kernel[50]; /* what kernel user is running */
- static char *man_distro; /* if the user specifies a distribution */
+ char *man_distro; /* if the user specifies a distribution */
const char * header =NULL; /* to print out the header */
- static char *out_file = "lsat.out"; /* output filename var */
+ char *out_file = "lsat.out"; /* output filename var */
char xlist[100]; /* modules to exclude */
# always initialized to zero
- int xarray[33] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+ int xarray[33] = {};
int somethinginxlist = 0;
/* note if no filename given, default = lsat.out */
FILE *tempptr; /* a temp file pointer */
@@ -350,10 +350,16 @@
diff = 1;
break;
case 'm':
- strcpy(man_distro, argv[i]+3);
+ if (argv[i][2] != '\0') {
+ usage();
+ }
+ man_distro = argv[i]+3;
break;
case 'o':
- strcpy(out_file, argv[i]+3);
+ if (argv[i][2] != '\0') {
+ usage();
+ }
+ out_file = argv[i]+3;
break;
case 'r':
rpmmodule = 1;
@@ -368,7 +374,11 @@
html = 1;
out_file="lsat.html";
break;
- case 'x': strcpy(xlist,argv[i]+3);
+ case 'x':
+ if (argv[i][2] != '\0') {
+ usage();
+ }
+ strncpy(xlist,argv[i]+3,sizeof(xlist));
somethinginxlist = 1;
break;
default :
