Bug#638198: ax25-tools: diff for NMU version 0.0.8-13.2
tags 638198 + patch
tags 638198 + pending
thanks
Dear maintainer,
I've prepared an NMU for ax25-tools (versioned as 0.0.8-13.2) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.
Cheers
Luk
diff -u ax25-tools-0.0.8/debian/changelog ax25-tools-0.0.8/debian/changelog
--- ax25-tools-0.0.8/debian/changelog
+++ ax25-tools-0.0.8/debian/changelog
@@ -1,3 +1,11 @@
+ax25-tools (0.0.8-13.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * ax25/beacon.c: fix possible privilege escalation CVE-2011-2910
+ Closes: #638198.
+
+ -- Luk Claes <luk@debian.org> Sun, 01 Jan 2012 15:13:41 +0100
+
ax25-tools (0.0.8-13.1) unstable; urgency=low
* Retiring - remove myself from the uploaders list.
only in patch2:
unchanged:
--- ax25-tools-0.0.8.orig/ax25/beacon.c
+++ ax25-tools-0.0.8/ax25/beacon.c
@@ -43,7 +43,7 @@
struct full_sockaddr_ax25 dest;
struct full_sockaddr_ax25 src;
int s, n, dlen, len, interval = 30;
- char addr[20], *port, *message, *portcall;
+ char *addr, *port, *message, *portcall;
char *srccall = NULL, *destcall = NULL;
while ((n = getopt(argc, argv, "c:d:lmst:v")) != -1) {
@@ -100,27 +100,36 @@
return 1;
}
+ addr = NULL;
if (mail)
- strcpy(addr, "MAIL");
+ addr = strdup("MAIL");
else if (destcall != NULL)
- strcpy(addr, destcall);
+ addr = strdup(destcall);
else
- strcpy(addr, "IDENT");
+ addr = strdup("IDENT");
+ if (addr == NULL)
+ return 1;
if ((dlen = ax25_aton(addr, &dest)) == -1) {
fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
return 1;
}
+ if (addr != NULL) free(addr); addr = NULL;
- if (srccall != NULL && strcmp(srccall, portcall) != 0)
+ if (srccall != NULL && strcmp(srccall, portcall) != 0) {
+ if ((addr = (char *) malloc(strlen(srccall) + 1 + strlen(portcall) + 1)) == NULL)
+ return 1;
sprintf(addr, "%s %s", srccall, portcall);
- else
- strcpy(addr, portcall);
+ } else {
+ if ((addr = strdup(portcall)) == NULL)
+ return 1;
+ }
if ((len = ax25_aton(addr, &src)) == -1) {
fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
return 1;
}
+ if (addr != NULL) free(addr); addr = NULL;
if (!single) {
if (!daemon_start(FALSE)) {
Reply to: