Bug#638198: ax25-tools: diff for NMU version 0.0.8-13.2
On Sun, Jan 1, 2012 at 15:18:55 +0100, Luk Claes wrote:
> tags 638198 + patch
> tags 638198 + pending
> thanks
>
> Dear maintainer,
>
> I've prepared an NMU for ax25-tools (versioned as 0.0.8-13.2) and
> uploaded it to DELAYED/02. Please feel free to tell me if I
> should delay it longer.
>
A couple comments on the patch...
> diff -u ax25-tools-0.0.8/debian/changelog ax25-tools-0.0.8/debian/changelog
> --- ax25-tools-0.0.8/debian/changelog
> +++ ax25-tools-0.0.8/debian/changelog
> @@ -1,3 +1,11 @@
> +ax25-tools (0.0.8-13.2) unstable; urgency=medium
> +
> + * Non-maintainer upload.
> + * ax25/beacon.c: fix possible privilege escalation CVE-2011-2910
> + Closes: #638198.
> +
> + -- Luk Claes <luk@debian.org> Sun, 01 Jan 2012 15:13:41 +0100
> +
> ax25-tools (0.0.8-13.1) unstable; urgency=low
>
> * Retiring - remove myself from the uploaders list.
> only in patch2:
> unchanged:
> --- ax25-tools-0.0.8.orig/ax25/beacon.c
> +++ ax25-tools-0.0.8/ax25/beacon.c
> @@ -43,7 +43,7 @@
> struct full_sockaddr_ax25 dest;
> struct full_sockaddr_ax25 src;
> int s, n, dlen, len, interval = 30;
> - char addr[20], *port, *message, *portcall;
> + char *addr, *port, *message, *portcall;
> char *srccall = NULL, *destcall = NULL;
>
> while ((n = getopt(argc, argv, "c:d:lmst:v")) != -1) {
> @@ -100,27 +100,36 @@
> return 1;
> }
>
> + addr = NULL;
dead store.
> if (mail)
> - strcpy(addr, "MAIL");
> + addr = strdup("MAIL");
> else if (destcall != NULL)
> - strcpy(addr, destcall);
> + addr = strdup(destcall);
> else
> - strcpy(addr, "IDENT");
> + addr = strdup("IDENT");
> + if (addr == NULL)
> + return 1;
>
> if ((dlen = ax25_aton(addr, &dest)) == -1) {
> fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
> return 1;
> }
> + if (addr != NULL) free(addr); addr = NULL;
you already know addr is != NULL.
>
> - if (srccall != NULL && strcmp(srccall, portcall) != 0)
> + if (srccall != NULL && strcmp(srccall, portcall) != 0) {
> + if ((addr = (char *) malloc(strlen(srccall) + 1 + strlen(portcall) + 1)) == NULL)
useless cast.
> + return 1;
> sprintf(addr, "%s %s", srccall, portcall);
> - else
> - strcpy(addr, portcall);
> + } else {
> + if ((addr = strdup(portcall)) == NULL)
> + return 1;
> + }
>
> if ((len = ax25_aton(addr, &src)) == -1) {
> fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
> return 1;
> }
> + if (addr != NULL) free(addr); addr = NULL;
useless check
>
> if (!single) {
> if (!daemon_start(FALSE)) {
Cheers,
Julien
Reply to: