Darcsweb-Url:
http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070729145206-e2957-6068a2a9ebe5e0486b3f076bb794ddbb08c21f3d.gz;
[tcpdump-3.9.5-3terminus1-i686
VMiklos <[EMAIL PROTECTED]>**20070729145206
added CVE-2007-3798.patch
closes #2270
] {
addfile ./source/network/tcpdump/CVE-2007-3798.patch
hunk ./source/network/tcpdump/CVE-2007-3798.patch 1
+===================================================================
+RCS file: /tcpdump/master/tcpdump/print-bgp.c,v
+retrieving revision 1.91.2.11
+retrieving revision 1.91.2.12
+diff -u -r1.91.2.11 -r1.91.2.12
+--- tcpdump/print-bgp.c 2007/02/26 13:31:33 1.91.2.11
++++ tcpdump/print-bgp.c 2007/07/14 22:26:35 1.91.2.12
+@@ -36,7 +36,7 @@
+
+ #ifndef lint
+ static const char rcsid[] _U_ =
+- "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.91.2.9 2006/02/02
12:36:46 hannes Exp $";
++ "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.91.2.12
2007/07/14 22:26:35 guy Exp $";
+ #endif
+
+ #include <tcpdump-stdinc.h>
+@@ -609,6 +609,26 @@
+ return -2;
+ }
+
++/*
++ * As I remember, some versions of systems have an snprintf() that
++ * returns -1 if the buffer would have overflowed. If the return
++ * value is negative, set buflen to 0, to indicate that we've filled
++ * the buffer up.
++ *
++ * If the return value is greater than buflen, that means that
++ * the buffer would have overflowed; again, set buflen to 0 in
++ * that case.
++ */
++#define UPDATE_BUF_BUFLEN(buf, buflen, strlen) \
++ if (strlen<0) \
++ buflen=0; \
++ else if ((u_int)strlen>buflen) \
++ buflen=0; \
++ else { \
++ buflen-=strlen; \
++ buf+=strlen; \
++ }
++
+ static int
+ decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
+ {
+@@ -619,11 +639,13 @@
+ tlen=plen;
+ pptr+=2;
+ TCHECK2(pptr[0],15);
++ buf[0]='\0';
+ strlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset:
%u, Label Base %u",
+ bgp_vpn_rd_print(pptr),
+ EXTRACT_16BITS(pptr+8),
+ EXTRACT_16BITS(pptr+10),
+ EXTRACT_24BITS(pptr+12)>>4); /* the label is
offsetted by 4 bits so lets shift it right */
++ UPDATE_BUF_BUFLEN(buf, buflen, strlen);
+ pptr+=15;
+ tlen-=15;
+
+@@ -639,23 +661,32 @@
+
+ switch(tlv_type) {
+ case 1:
+- strlen+=snprintf(buf+strlen,buflen-strlen, "\n\t\tcircuit
status vector (%u) length: %u: 0x",
+- tlv_type,
+- tlv_len);
++ if (buflen!=0) {
++ strlen=snprintf(buf,buflen, "\n\t\tcircuit status vector
(%u) length: %u: 0x",
++ tlv_type,
++ tlv_len);
++ UPDATE_BUF_BUFLEN(buf, buflen, strlen);
++ }
+ ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ?
*/
+ while (ttlv_len>0) {
+ TCHECK(pptr[0]);
+- strlen+=snprintf(buf+strlen,buflen-strlen,
"%02x",*pptr++);
++ if (buflen!=0) {
++ strlen=snprintf(buf,buflen, "%02x",*pptr++);
++ UPDATE_BUF_BUFLEN(buf, buflen, strlen);
++ }
+ ttlv_len--;
+ }
+ break;
+ default:
+- snprintf(buf+strlen,buflen-strlen, "\n\t\tunknown TLV #%u,
length: %u",
+- tlv_type,
+- tlv_len);
++ if (buflen!=0) {
++ strlen=snprintf(buf,buflen, "\n\t\tunknown TLV #%u,
length: %u",
++ tlv_type,
++ tlv_len);
++ UPDATE_BUF_BUFLEN(buf, buflen, strlen);
++ }
+ break;
+ }
+- tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so
lets shift it tright */
++ tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so
lets shift it right */
+ }
+ return plen+2;
+
hunk ./source/network/tcpdump/FrugalBuild 7
-pkgrel=2
+pkgrel=3terminus1
hunk ./source/network/tcpdump/FrugalBuild 13
-source=($url/release/$pkgname-$pkgver.tar.gz CVE-2007-1218.patch)
+source=($url/release/$pkgname-$pkgver.tar.gz CVE-2007-1218.patch
CVE-2007-3798.patch)
hunk ./source/network/tcpdump/FrugalBuild 16
-sha1sums=('a9850177809196008ed3e6212cb651ed1500353c'\
- '329385e248a9e28793095caa618fbd7826cd937f')
+sha1sums=('a9850177809196008ed3e6212cb651ed1500353c' \
+ '329385e248a9e28793095caa618fbd7826cd937f' \
+ 'e347e948bf47994c770d35d3a5d1753e723b51e3')
}
_______________________________________________
Frugalware-darcs mailing list
Frugalware-darcs@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-darcs
