[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buffer overflow vulnerability in netmask 2.3.12

Hi anarcat,

On Wed, 06 Feb 2019 at 14:13:23 -0500, Antoine Beaupré wrote:
> On 2019-02-06 01:59:58, Guilhem Moulin wrote:
>> * Upstream hasn't yet filed a CVE for this issue; I forwarded jmm's
>> instructions regarding this.
> 
> Sorry, forwarded where? Did I miss something?

Ah sorry, that's indeed rather unclear.  I told the Security Team I was
unsure what the next steps were, since up to now CVEs on the packages I
maintain have always been assigned either by a security team member or
by upstream itself.  Moritz suggested that upstream files this CVE
themselves and provided a link to an online form, which I forwarded
(privately) to upstream :-)

> 1. open a bug report in the BTS

Was about to do that, but (as often) carnil was faster ;-)

> 2. mention it in the changelog
> 3. upload the package to security-master

Done, and new debdiff attached.

> 4. issue a DLA when the package is accepted

I wouldn't mind if you or another LTS team member were talking care of
this one :-)

Thanks!
-- 
Guilhem.

diff -Nru netmask-2.3.12/debian/changelog netmask-2.3.12+deb8u1/debian/changelog
--- netmask-2.3.12/debian/changelog	2010-04-26 04:29:39.000000000 +0200
+++ netmask-2.3.12+deb8u1/debian/changelog	2019-02-06 01:08:09.000000000 +0100
@@ -1,3 +1,10 @@
+netmask (2.3.12+deb8u1) jessie-security; urgency=medium
+
+  * Fix buffer overflow vulnerability. Closes: #921565.
+    https://github.com/tlby/netmask/issues/3
+
+ -- Guilhem Moulin <guilhem@debian.org>  Wed, 06 Feb 2019 01:08:09 +0100
+
 netmask (2.3.12) unstable; urgency=low
 
   * Include patches directly in source because it's a native package 
diff -Nru netmask-2.3.12/debian/control netmask-2.3.12+deb8u1/debian/control
--- netmask-2.3.12/debian/control	2010-04-26 04:29:39.000000000 +0200
+++ netmask-2.3.12+deb8u1/debian/control	2019-02-06 01:08:09.000000000 +0100
@@ -1,7 +1,7 @@
 Source: netmask
 Section: net
 Priority: optional
-Maintainer: Luis Uribe <acme@eviled.org>
+Maintainer: Guilhem Moulin <guilhem@debian.org>
 Build-Depends: debhelper (>= 5), texinfo
 Standards-Version: 3.8.4
 
diff -Nru netmask-2.3.12/errors.c netmask-2.3.12+deb8u1/errors.c
--- netmask-2.3.12/errors.c	2010-04-26 04:29:39.000000000 +0200
+++ netmask-2.3.12+deb8u1/errors.c	2019-02-06 01:04:57.000000000 +0100
@@ -66,7 +66,7 @@
 
     if(!show_status) return(0);
     va_start(args, fmt);
-    vsprintf(buf, fmt, args);
+    vsnprintf(buf, sizeof(buf), fmt, args);
     va_end(args);
     return(message(LOG_DEBUG, buf));
 }
@@ -76,7 +76,7 @@
     va_list args;
 
     va_start(args, fmt);
-    vsprintf(buf, fmt, args);
+    vsnprintf(buf, sizeof(buf), fmt, args);
     va_end(args);
     return(message(LOG_WARNING, buf));
 }
@@ -86,7 +86,7 @@
     va_list args;
 
     va_start(args, fmt);
-    vsprintf(buf, fmt, args);
+    vsnprintf(buf, sizeof(buf), fmt, args);
     va_end(args);
     message(LOG_ERR, buf);
     exit(1);
@@ -97,7 +97,7 @@
 
     /* only handle errno if this is not an informational message */
     if(errno && priority < 5) {
-	sprintf(buf, "%s: %s", msg, strerror(errno));
+	snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno));
 	errno = 0;
     } else strcpy(buf, msg);
     if(use_syslog) syslog(priority, "%s", buf);

Attachment: signature.asc
Description: PGP signature

Reply to: