On Mon, Dec 07, 2015 at 03:20:21AM +0100, Theo Buehler wrote: > On Sun, Dec 06, 2015 at 07:12:28PM -0700, Bob Beck wrote: > > Theo (not deraadt) ignore our screams of pain, fix the thing to use > > asprintf and then I'll go further with you on it ;) > > ok, there you go :) > > > On Sun, Dec 6, 2015 at 7:11 PM, Bob Beck <b...@openbsd.org> wrote: > > >> and then digging deeper... to see how the portname (as a string) > > >> is passed down to socks... and reversed into an integer... > > >> > > >> AGhh... I just went blind. > > > > > > Maybe since we're already linking in libcrypto/asn1 - if he needs to > > > store integers as strings all the time...... > >
and again I manage to send the wrong diff. meh. Index: usr.bin/nc/netcat.c =================================================================== RCS file: /cvs/src/usr.bin/nc/netcat.c,v retrieving revision 1.144 diff -u -p -r1.144 netcat.c --- usr.bin/nc/netcat.c 23 Nov 2015 01:23:56 -0000 1.144 +++ usr.bin/nc/netcat.c 7 Dec 2015 02:25:14 -0000 @@ -58,7 +58,6 @@ #include "atomicio.h" #define PORT_MAX 65535 -#define PORT_MAX_LEN 6 #define UNIX_DG_TMP_SOCKET_SIZE 19 #define POLL_STDIN 0 @@ -1289,25 +1288,22 @@ build_ports(char *p) lo = cp; } - /* Load ports sequentially. */ - for (cp = lo; cp <= hi; cp++) { - portlist[x] = calloc(1, PORT_MAX_LEN); - if (portlist[x] == NULL) - err(1, NULL); - snprintf(portlist[x], PORT_MAX_LEN, "%d", cp); - x++; - } - - /* Randomly swap ports. */ + /* + * Initialize portlist with a random permutation. Based on + * Knuth, as in ip_randomid() in sys/netinet/ip_id.c. + */ if (rflag) { - int y; - char *c; - - for (x = 0; x <= (hi - lo); x++) { - y = (arc4random() & 0xFFFF) % (hi - lo); - c = portlist[x]; - portlist[x] = portlist[y]; - portlist[y] = c; + for (x = 0; x <= hi - lo; x++) { + cp = arc4random_uniform(x + 1); + portlist[x] = portlist[cp]; + if (asprintf(&portlist[cp], "%d", x + lo) < 0) + err(1, "asprintf"); + } + } else { /* Load ports sequentially. */ + for (cp = lo; cp <= hi; cp++) { + if (asprintf(&portlist[x], "%d", cp) < 0) + err(1, "asprintf"); + x++; } } } else {