Bug#638198: ax25-tools: diff for NMU version 0.0.8-13.2

To: 638198@bugs.debian.org
Subject: Bug#638198: ax25-tools: diff for NMU version 0.0.8-13.2
From: Luk Claes <luk@debian.org>
Date: Sun, 1 Jan 2012 15:18:55 +0100
Message-id: <[🔎] 20120101141854.GA6699@station.luk.local>
Reply-to: Luk Claes <luk@debian.org>, 638198@bugs.debian.org

tags 638198 + patch
tags 638198 + pending
thanks

Dear maintainer,

I've prepared an NMU for ax25-tools (versioned as 0.0.8-13.2) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.

Cheers

Luk

diff -u ax25-tools-0.0.8/debian/changelog ax25-tools-0.0.8/debian/changelog
--- ax25-tools-0.0.8/debian/changelog
+++ ax25-tools-0.0.8/debian/changelog
@@ -1,3 +1,11 @@
+ax25-tools (0.0.8-13.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * ax25/beacon.c: fix possible privilege escalation CVE-2011-2910
+    Closes: #638198.
+
+ -- Luk Claes <luk@debian.org>  Sun, 01 Jan 2012 15:13:41 +0100
+
 ax25-tools (0.0.8-13.1) unstable; urgency=low
 
   * Retiring - remove myself from the uploaders list.
only in patch2:
unchanged:
--- ax25-tools-0.0.8.orig/ax25/beacon.c
+++ ax25-tools-0.0.8/ax25/beacon.c
@@ -43,7 +43,7 @@
 	struct full_sockaddr_ax25 dest;
 	struct full_sockaddr_ax25 src;
 	int s, n, dlen, len, interval = 30;
-	char addr[20], *port, *message, *portcall;
+	char *addr, *port, *message, *portcall;
 	char *srccall = NULL, *destcall = NULL;
 	
 	while ((n = getopt(argc, argv, "c:d:lmst:v")) != -1) {
@@ -100,27 +100,36 @@
 		return 1;
 	}
 
+	addr = NULL;
 	if (mail)
-		strcpy(addr, "MAIL");
+		addr = strdup("MAIL");
 	else if (destcall != NULL)
-		strcpy(addr, destcall);
+		addr = strdup(destcall);
 	else
-		strcpy(addr, "IDENT");
+		addr = strdup("IDENT");
+	if (addr == NULL)
+	  return 1;
 
 	if ((dlen = ax25_aton(addr, &dest)) == -1) {
 		fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
 		return 1;
 	}
+	if (addr != NULL) free(addr); addr = NULL;
 
-	if (srccall != NULL && strcmp(srccall, portcall) != 0)
+	if (srccall != NULL && strcmp(srccall, portcall) != 0) {
+		if ((addr = (char *) malloc(strlen(srccall) + 1 + strlen(portcall) + 1)) == NULL)
+			return 1;
 		sprintf(addr, "%s %s", srccall, portcall);
-	else
-		strcpy(addr, portcall);
+	} else {
+		if ((addr = strdup(portcall)) == NULL)
+			return 1;
+	}
 
 	if ((len = ax25_aton(addr, &src)) == -1) {
 		fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
 		return 1;
 	}
+	if (addr != NULL) free(addr); addr = NULL;
 
 	if (!single) {
 		if (!daemon_start(FALSE)) {

Reply to:

Follow-Ups:
- Processed: ax25-tools: diff for NMU version 0.0.8-13.2
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#638198: ax25-tools: diff for NMU version 0.0.8-13.2
  - From: Julien Cristau <jcristau@debian.org>

Next by Date: Processed: ax25-tools: diff for NMU version 0.0.8-13.2
Next by thread: Processed: ax25-tools: diff for NMU version 0.0.8-13.2
Index(es):
- Date
- Thread