jer 14/08/22 16:10:02
Added: iptraf-ng-1.1.4-sprintf-format.patch
iptraf-ng-1.1.4-printf-format.patch
Log:
Fix three format security bugs (already fixed upstream, bug #520562).
(Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key
A792A613)
Revision Changes Path
1.1
net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-sprintf-format.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-sprintf-format.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-sprintf-format.patch?rev=1.1&content-type=text/plain
Index: iptraf-ng-1.1.4-sprintf-format.patch
===================================================================
--- a/src/othptab.c
+++ b/src/othptab.c
@@ -410,7 +410,7 @@
break;
}
- sprintf(scratchpad, rarp_mac_addr);
+ sprintf(scratchpad, "%s", rarp_mac_addr);
strcat(msgstring, scratchpad);
wattrset(table->othpwin, ARPATTR);
break;
@@ -485,7 +485,7 @@
wattrset(table->othpwin, UNKNIPATTR);
protptr = getprotobynumber(entry->protocol);
if (protptr != NULL) {
- sprintf(protname, protptr->p_aliases[0]);
+ sprintf(protname, "%s", protptr->p_aliases[0]);
} else {
sprintf(protname, "IP protocol");
unknown = 1;
1.1
net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-printf-format.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-printf-format.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-printf-format.patch?rev=1.1&content-type=text/plain
Index: iptraf-ng-1.1.4-printf-format.patch
===================================================================
--- a/src/ipfilter.c
+++ b/src/ipfilter.c
@@ -146,7 +146,7 @@
snprintf(msgstr, 60,
"Invalid protocol input at or near
token \"%s\"",
bptr);
- tui_error(ANYKEY_MSG, msgstr);
+ tui_error(ANYKEY_MSG, "%s", msgstr);
doagain = 1;
} else
doagain = 0;
