Re: ettercap security patches (stable and oldstable) for CVE-2013-0722
> There's no patch in your mail.
Yeah, that's because I already dput it to stable...
But, patch below.
--Barak.
----------------------------------------------------------------
commit 0e889d37cf5a268f0116005c21d1c9476e7e5ed5 (origin/squeeze, squeeze)
Author: Barak A. Pearlmutter <barak+git@cs.nuim.ie>
Date: Mon Jan 14 14:15:23 2013 +0000
patch for CVE-2013-0722
diff --git a/debian/changelog b/debian/changelog
index d725cc0..a9e76e8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ettercap (1:0.7.3-2.1+squeeze1) stable; urgency=high
+
+ * Quilt patch for CVE-2013-0722, a stack-based buffer overflow when
+ parsing hosts list (closes: #697987)
+
+ -- Barak A. Pearlmutter <bap@debian.org> Mon, 14 Jan 2013 14:14:15 +0000
+
ettercap (1:0.7.3-2.1) unstable; urgency=low
* Non-maintainer upload.
diff --git a/debian/patches/03_CVE-2013-0722.patch b/debian/patches/03_CVE-2013-0722.patch
new file mode 100644
index 0000000..5861507
--- /dev/null
+++ b/debian/patches/03_CVE-2013-0722.patch
@@ -0,0 +1,88 @@
+From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
+Date: Fri, 11 Jan 2013 12:09:03 +0100
+Subject: CVE-2013-0722
+
+fix stack-based buffer overflow when parsing hosts list
+using patch http://www.securation.com/files/2013/01/ec.patch
+provided by Sajjad Pourali http://www.securation.com/
+
+see upstream commit 9988c1f9 and http://bugs.debian.org/697987
+---
+ include/ec.h | 5 +++++
+ include/ec_inet.h | 32 +++++++++++++++-----------------
+ src/ec_scan.c | 2 +-
+ 3 files changed, 21 insertions(+), 18 deletions(-)
+
+diff --git a/include/ec.h b/include/ec.h
+index 3bc8aa2..e1f4a8a 100644
+--- a/include/ec.h
++++ b/include/ec.h
+@@ -78,6 +78,11 @@
+
+ #define SAFE_FREE(x) do{ if(x) { free(x); x = NULL; } }while(0)
+
++
++/* convert to string */
++#define EC_STRINGIFY(in) #in
++#define EC_TOSTRING(in) EC_STRINGIFY(in)
++
+ #define __init __attribute__ ((constructor))
+
+ #ifndef __set_errno
+diff --git a/include/ec_inet.h b/include/ec_inet.h
+index 50fc568..17838e4 100644
+--- a/include/ec_inet.h
++++ b/include/ec_inet.h
+@@ -23,24 +23,22 @@
+ #endif
+ #endif
+
+-enum {
+- NS_IN6ADDRSZ = 16,
+- NS_INT16SZ = 2,
+-
+- ETH_ADDR_LEN = 6,
+- TR_ADDR_LEN = 6,
+- FDDI_ADDR_LEN = 6,
+- MEDIA_ADDR_LEN = 6,
++#define NS_IN6ADDRSZ 16
++#define NS_INT16SZ = 2
++
++#define ETH_ADDR_LEN 6
++#define TR_ADDR_LEN 6
++#define FDDI_ADDR_LEN 6
++#define MEDIA_ADDR_LEN 6
+
+- IP_ADDR_LEN = 4,
+- IP6_ADDR_LEN = 16,
+- MAX_IP_ADDR_LEN = IP6_ADDR_LEN,
+-
+- ETH_ASCII_ADDR_LEN = sizeof("ff:ff:ff:ff:ff:ff")+1,
+- IP_ASCII_ADDR_LEN = sizeof("255.255.255.255")+1,
+- IP6_ASCII_ADDR_LEN = sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")+1,
+- MAX_ASCII_ADDR_LEN = IP6_ASCII_ADDR_LEN,
+-};
++#define IP_ADDR_LEN 4
++#define IP6_ADDR_LEN 16
++#define MAX_IP_ADDR_LEN IP6_ADDR_LEN
++
++#define ETH_ASCII_ADDR_LEN 19 // sizeof("ff:ff:ff:ff:ff:ff")+1
++#define IP_ASCII_ADDR_LEN 17 // sizeof("255.255.255.255")+1
++#define IP6_ASCII_ADDR_LEN 47 // sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")+1
++#define MAX_ASCII_ADDR_LEN IP6_ASCII_ADDR_LEN
+
+ /*
+ * this structure is used by ettercap to handle
+diff --git a/src/ec_scan.c b/src/ec_scan.c
+index 59a8f14..423b323 100644
+--- a/src/ec_scan.c
++++ b/src/ec_scan.c
+@@ -544,7 +544,7 @@ int scan_load_hosts(char *filename)
+ /* read the file */
+ for (nhosts = 0; !feof(hf); nhosts++) {
+
+- if (fscanf(hf,"%15s %17s %127s\n", ip, mac, name) != 3 ||
++ if (fscanf(hf, "%"EC_TOSTRING(MAX_ASCII_ADDR_LEN)"s %"EC_TOSTRING(ETH_ASCII_ADDR_LEN)"s %"EC_TOSTRING(MAX_HOSTNAME_LEN)"s\n", ip, mac, name) != 3 ||
+ *ip == '#' || *mac == '#' || *name == '#')
+ continue;
+
diff --git a/debian/patches/series b/debian/patches/series
index 5f7a15b..3dabc6a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,3 @@
01_pointers_and_ints_dont_mix.diff
02_configure_fix.diff
-
+03_CVE-2013-0722.patch
Reply to: