[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#638198: ax25-tools: diff for NMU version 0.0.8-13.2

On Sun, Jan  1, 2012 at 15:18:55 +0100, Luk Claes wrote:

> tags 638198 + patch
> tags 638198 + pending
> thanks
> 
> Dear maintainer,
> 
> I've prepared an NMU for ax25-tools (versioned as 0.0.8-13.2) and
> uploaded it to DELAYED/02. Please feel free to tell me if I
> should delay it longer.
> 
A couple comments on the patch...

> diff -u ax25-tools-0.0.8/debian/changelog ax25-tools-0.0.8/debian/changelog
> --- ax25-tools-0.0.8/debian/changelog
> +++ ax25-tools-0.0.8/debian/changelog
> @@ -1,3 +1,11 @@
> +ax25-tools (0.0.8-13.2) unstable; urgency=medium
> +
> +  * Non-maintainer upload.
> +  * ax25/beacon.c: fix possible privilege escalation CVE-2011-2910
> +    Closes: #638198.
> +
> + -- Luk Claes <luk@debian.org>  Sun, 01 Jan 2012 15:13:41 +0100
> +
>  ax25-tools (0.0.8-13.1) unstable; urgency=low
>  
>    * Retiring - remove myself from the uploaders list.
> only in patch2:
> unchanged:
> --- ax25-tools-0.0.8.orig/ax25/beacon.c
> +++ ax25-tools-0.0.8/ax25/beacon.c
> @@ -43,7 +43,7 @@
>  	struct full_sockaddr_ax25 dest;
>  	struct full_sockaddr_ax25 src;
>  	int s, n, dlen, len, interval = 30;
> -	char addr[20], *port, *message, *portcall;
> +	char *addr, *port, *message, *portcall;
>  	char *srccall = NULL, *destcall = NULL;
>  	
>  	while ((n = getopt(argc, argv, "c:d:lmst:v")) != -1) {
> @@ -100,27 +100,36 @@
>  		return 1;
>  	}
>  
> +	addr = NULL;

dead store.

>  	if (mail)
> -		strcpy(addr, "MAIL");
> +		addr = strdup("MAIL");
>  	else if (destcall != NULL)
> -		strcpy(addr, destcall);
> +		addr = strdup(destcall);
>  	else
> -		strcpy(addr, "IDENT");
> +		addr = strdup("IDENT");
> +	if (addr == NULL)
> +	  return 1;
>  
>  	if ((dlen = ax25_aton(addr, &dest)) == -1) {
>  		fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
>  		return 1;
>  	}
> +	if (addr != NULL) free(addr); addr = NULL;

you already know addr is != NULL.

>  
> -	if (srccall != NULL && strcmp(srccall, portcall) != 0)
> +	if (srccall != NULL && strcmp(srccall, portcall) != 0) {
> +		if ((addr = (char *) malloc(strlen(srccall) + 1 + strlen(portcall) + 1)) == NULL)

useless cast.

> +			return 1;
>  		sprintf(addr, "%s %s", srccall, portcall);
> -	else
> -		strcpy(addr, portcall);
> +	} else {
> +		if ((addr = strdup(portcall)) == NULL)
> +			return 1;
> +	}
>  
>  	if ((len = ax25_aton(addr, &src)) == -1) {
>  		fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
>  		return 1;
>  	}
> +	if (addr != NULL) free(addr); addr = NULL;

useless check

>  
>  	if (!single) {
>  		if (!daemon_start(FALSE)) {

Cheers,
Julien
Reply to: