Hello community, here is the log from the commit of package udp2raw-tunnel for openSUSE:Factory checked in at 2020-08-05 20:27:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/udp2raw-tunnel (Old) and /work/SRC/openSUSE:Factory/.udp2raw-tunnel.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "udp2raw-tunnel" Wed Aug 5 20:27:50 2020 rev:3 rq:824371 version:20200727.0 Changes: -------- --- /work/SRC/openSUSE:Factory/udp2raw-tunnel/udp2raw-tunnel.changes 2020-07-29 17:22:27.300661321 +0200 +++ /work/SRC/openSUSE:Factory/.udp2raw-tunnel.new.3592/udp2raw-tunnel.changes 2020-08-05 20:28:05.775057904 +0200 @@ -1,0 +2,6 @@ +Fri Jul 31 20:24:15 UTC 2020 - Martin Hauke <mar...@gmx.de> + +- Update to version 20200727.0 + * Fix issue 337(array out of boundary). + +------------------------------------------------------------------- Old: ---- udp2raw-tunnel-20200715.0.tar.gz New: ---- udp2raw-tunnel-20200727.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ udp2raw-tunnel.spec ++++++ --- /var/tmp/diff_new_pack.wrV9e3/_old 2020-08-05 20:28:06.603058251 +0200 +++ /var/tmp/diff_new_pack.wrV9e3/_new 2020-08-05 20:28:06.607058254 +0200 @@ -18,7 +18,7 @@ Name: udp2raw-tunnel -Version: 20200715.0 +Version: 20200727.0 Release: 0 Summary: UDP over TCP/ICMP/UDP tunnel # The following files are adapted from PolarSSL 1.3.19 (GPL-2.0) ++++++ udp2raw-tunnel-20200715.0.tar.gz -> udp2raw-tunnel-20200727.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200715.0/client.cpp new/udp2raw-tunnel-20200727.0/client.cpp --- old/udp2raw-tunnel-20200715.0/client.cpp 2020-07-16 01:32:14.000000000 +0200 +++ new/udp2raw-tunnel-20200727.0/client.cpp 2020-07-26 21:07:17.000000000 +0200 @@ -485,6 +485,11 @@ { return -1; } + if(data_len>=max_data_len+1) + { + mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len); + return -1; + } if(!recv_info.new_src_ip.equal(send_info.new_dst_ip)||recv_info.src_port!=send_info.dst_port) { mylog(log_debug,"unexpected adress %s %s %d %d\n",recv_info.new_src_ip.get_str1(),send_info.new_dst_ip.get_str2(),recv_info.src_port,send_info.dst_port); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200715.0/connection.cpp new/udp2raw-tunnel-20200727.0/connection.cpp --- old/udp2raw-tunnel-20200715.0/connection.cpp 2020-07-16 01:32:14.000000000 +0200 +++ new/udp2raw-tunnel-20200727.0/connection.cpp 2020-07-26 21:07:17.000000000 +0200 @@ -416,6 +416,13 @@ //printf("recv_raw_fail in recv bare\n"); return -1; } + + if(len>=max_data_len+1) + { + mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",len); + return -1; + } + mylog(log_trace,"data len=%d\n",len); if ((raw_mode == mode_faketcp && (recv_info.syn == 1 || recv_info.ack != 1))) { @@ -615,7 +622,7 @@ } - if(after_recv_raw0(conn_info.raw_info)!=0) return -1; + if(after_recv_raw0(conn_info.raw_info)!=0) return -1; //TODO might need to move this function to somewhere else after --fix-gro is introduced return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200715.0/encrypt.cpp new/udp2raw-tunnel-20200727.0/encrypt.cpp --- old/udp2raw-tunnel-20200715.0/encrypt.cpp 2020-07-16 01:32:14.000000000 +0200 +++ new/udp2raw-tunnel-20200727.0/encrypt.cpp 2020-07-26 21:07:17.000000000 +0200 @@ -291,6 +291,7 @@ int de_padding(const char *data ,int &data_len,int padding_num) { + if(data_len==0) return -1; if((uint8_t)data[data_len-1] >padding_num) return -1; data_len-=(uint8_t)data[data_len-1]; if(data_len<0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200715.0/makefile new/udp2raw-tunnel-20200727.0/makefile --- old/udp2raw-tunnel-20200715.0/makefile 2020-07-16 01:32:14.000000000 +0200 +++ new/udp2raw-tunnel-20200727.0/makefile 2020-07-26 21:07:17.000000000 +0200 @@ -19,7 +19,6 @@ MP="-DUDP2RAW_MP" - NAME=udp2raw TARGETS=amd64 arm amd64_hw_aes arm_asm_aes mips24kc_be mips24kc_be_asm_aes x86 x86_asm_aes mips24kc_le mips24kc_le_asm_aes @@ -59,7 +58,7 @@ ${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -D MY_DEBUG debug2: git_version rm -f ${NAME} - ${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb + ${cc_local} -o ${NAME} -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb -fsanitize=address #targets only for 'make release' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200715.0/network.cpp new/udp2raw-tunnel-20200727.0/network.cpp --- old/udp2raw-tunnel-20200715.0/network.cpp 2020-07-16 01:32:14.000000000 +0200 +++ new/udp2raw-tunnel-20200727.0/network.cpp 2020-07-26 21:07:17.000000000 +0200 @@ -1441,7 +1441,7 @@ } } - if(g_packet_buf_len> max_data_len+1) + if(g_packet_buf_len>= max_data_len+1) { if(g_fix_gro==0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200715.0/pcap_wrapper.h new/udp2raw-tunnel-20200727.0/pcap_wrapper.h --- old/udp2raw-tunnel-20200715.0/pcap_wrapper.h 2020-07-16 01:32:14.000000000 +0200 +++ new/udp2raw-tunnel-20200727.0/pcap_wrapper.h 2020-07-26 21:07:17.000000000 +0200 @@ -9,12 +9,12 @@ struct bpf_program { - char a[2000]; + char a[4096]; }; struct pcap_t { - char a[2000]; + char a[4096]; }; typedef unsigned int bpf_u_int32; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/udp2raw-tunnel-20200715.0/server.cpp new/udp2raw-tunnel-20200727.0/server.cpp --- old/udp2raw-tunnel-20200715.0/server.cpp 2020-07-16 01:32:14.000000000 +0200 +++ new/udp2raw-tunnel-20200727.0/server.cpp 2020-07-26 21:07:17.000000000 +0200 @@ -19,7 +19,7 @@ int server_on_timer_multi(conn_info_t &conn_info) //for server. called when a timer is ready in epoll.for server,there will be one timer for every connection // there is also a global timer for server,but its not handled here { - char ip_port[40]; + char ip_port[max_addr_len]; //u32_t ip=conn_info.raw_info.send_info.dst_ip; //u32_t port=conn_info.raw_info.send_info.dst_port; @@ -445,7 +445,7 @@ address_t addr; addr.from_ip_port_new(raw_ip_version,&peek_info.new_src_ip,peek_info.src_port); - char ip_port[40]; + char ip_port[max_addr_len]; addr.to_str(ip_port); //sprintf(ip_port,"%s:%d",my_ntoa(ip),port); mylog(log_trace,"[%s]peek_raw\n",ip_port); @@ -460,6 +460,11 @@ { return 0; } + if(data_len>=max_data_len+1) + { + mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len); + return -1; + } if(use_tcp_dummy_socket!=0) return 0; raw_info_t &raw_info=tmp_raw_info;