Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070729145206-e2957-6068a2a9ebe5e0486b3f076bb794ddbb08c21f3d.gz;
[tcpdump-3.9.5-3terminus1-i686 VMiklos <[EMAIL PROTECTED]>**20070729145206 added CVE-2007-3798.patch closes #2270 ] { addfile ./source/network/tcpdump/CVE-2007-3798.patch hunk ./source/network/tcpdump/CVE-2007-3798.patch 1 +=================================================================== +RCS file: /tcpdump/master/tcpdump/print-bgp.c,v +retrieving revision 1.91.2.11 +retrieving revision 1.91.2.12 +diff -u -r1.91.2.11 -r1.91.2.12 +--- tcpdump/print-bgp.c 2007/02/26 13:31:33 1.91.2.11 ++++ tcpdump/print-bgp.c 2007/07/14 22:26:35 1.91.2.12 +@@ -36,7 +36,7 @@ + + #ifndef lint + static const char rcsid[] _U_ = +- "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.91.2.9 2006/02/02 12:36:46 hannes Exp $"; ++ "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.91.2.12 2007/07/14 22:26:35 guy Exp $"; + #endif + + #include <tcpdump-stdinc.h> +@@ -609,6 +609,26 @@ + return -2; + } + ++/* ++ * As I remember, some versions of systems have an snprintf() that ++ * returns -1 if the buffer would have overflowed. If the return ++ * value is negative, set buflen to 0, to indicate that we've filled ++ * the buffer up. ++ * ++ * If the return value is greater than buflen, that means that ++ * the buffer would have overflowed; again, set buflen to 0 in ++ * that case. ++ */ ++#define UPDATE_BUF_BUFLEN(buf, buflen, strlen) \ ++ if (strlen<0) \ ++ buflen=0; \ ++ else if ((u_int)strlen>buflen) \ ++ buflen=0; \ ++ else { \ ++ buflen-=strlen; \ ++ buf+=strlen; \ ++ } ++ + static int + decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen) + { +@@ -619,11 +639,13 @@ + tlen=plen; + pptr+=2; + TCHECK2(pptr[0],15); ++ buf[0]='\0'; + strlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u", + bgp_vpn_rd_print(pptr), + EXTRACT_16BITS(pptr+8), + EXTRACT_16BITS(pptr+10), + EXTRACT_24BITS(pptr+12)>>4); /* the label is offsetted by 4 bits so lets shift it right */ ++ UPDATE_BUF_BUFLEN(buf, buflen, strlen); + pptr+=15; + tlen-=15; + +@@ -639,23 +661,32 @@ + + switch(tlv_type) { + case 1: +- strlen+=snprintf(buf+strlen,buflen-strlen, "\n\t\tcircuit status vector (%u) length: %u: 0x", +- tlv_type, +- tlv_len); ++ if (buflen!=0) { ++ strlen=snprintf(buf,buflen, "\n\t\tcircuit status vector (%u) length: %u: 0x", ++ tlv_type, ++ tlv_len); ++ UPDATE_BUF_BUFLEN(buf, buflen, strlen); ++ } + ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */ + while (ttlv_len>0) { + TCHECK(pptr[0]); +- strlen+=snprintf(buf+strlen,buflen-strlen, "%02x",*pptr++); ++ if (buflen!=0) { ++ strlen=snprintf(buf,buflen, "%02x",*pptr++); ++ UPDATE_BUF_BUFLEN(buf, buflen, strlen); ++ } + ttlv_len--; + } + break; + default: +- snprintf(buf+strlen,buflen-strlen, "\n\t\tunknown TLV #%u, length: %u", +- tlv_type, +- tlv_len); ++ if (buflen!=0) { ++ strlen=snprintf(buf,buflen, "\n\t\tunknown TLV #%u, length: %u", ++ tlv_type, ++ tlv_len); ++ UPDATE_BUF_BUFLEN(buf, buflen, strlen); ++ } + break; + } +- tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so lets shift it tright */ ++ tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so lets shift it right */ + } + return plen+2; + hunk ./source/network/tcpdump/FrugalBuild 7 -pkgrel=2 +pkgrel=3terminus1 hunk ./source/network/tcpdump/FrugalBuild 13 -source=($url/release/$pkgname-$pkgver.tar.gz CVE-2007-1218.patch) +source=($url/release/$pkgname-$pkgver.tar.gz CVE-2007-1218.patch CVE-2007-3798.patch) hunk ./source/network/tcpdump/FrugalBuild 16 -sha1sums=('a9850177809196008ed3e6212cb651ed1500353c'\ - '329385e248a9e28793095caa618fbd7826cd937f') +sha1sums=('a9850177809196008ed3e6212cb651ed1500353c' \ + '329385e248a9e28793095caa618fbd7826cd937f' \ + 'e347e948bf47994c770d35d3a5d1753e723b51e3') } _______________________________________________ Frugalware-darcs mailing list Frugalware-darcs@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-darcs