jer 14/08/22 16:10:02 Added: iptraf-ng-1.1.4-sprintf-format.patch iptraf-ng-1.1.4-printf-format.patch Log: Fix three format security bugs (already fixed upstream, bug #520562). (Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key A792A613)
Revision Changes Path 1.1 net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-sprintf-format.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-sprintf-format.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-sprintf-format.patch?rev=1.1&content-type=text/plain Index: iptraf-ng-1.1.4-sprintf-format.patch =================================================================== --- a/src/othptab.c +++ b/src/othptab.c @@ -410,7 +410,7 @@ break; } - sprintf(scratchpad, rarp_mac_addr); + sprintf(scratchpad, "%s", rarp_mac_addr); strcat(msgstring, scratchpad); wattrset(table->othpwin, ARPATTR); break; @@ -485,7 +485,7 @@ wattrset(table->othpwin, UNKNIPATTR); protptr = getprotobynumber(entry->protocol); if (protptr != NULL) { - sprintf(protname, protptr->p_aliases[0]); + sprintf(protname, "%s", protptr->p_aliases[0]); } else { sprintf(protname, "IP protocol"); unknown = 1; 1.1 net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-printf-format.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-printf-format.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/iptraf-ng/files/iptraf-ng-1.1.4-printf-format.patch?rev=1.1&content-type=text/plain Index: iptraf-ng-1.1.4-printf-format.patch =================================================================== --- a/src/ipfilter.c +++ b/src/ipfilter.c @@ -146,7 +146,7 @@ snprintf(msgstr, 60, "Invalid protocol input at or near token \"%s\"", bptr); - tui_error(ANYKEY_MSG, msgstr); + tui_error(ANYKEY_MSG, "%s", msgstr); doagain = 1; } else doagain = 0;