Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Hi Release Team Please unblock package ettercap, we fixed CVE 2017-8366 unblock ettercap/1:0.8.2-5 debdiff attached
diff -Nru ettercap-0.8.2/debian/changelog ettercap-0.8.2/debian/changelog
--- ettercap-0.8.2/debian/changelog 2017-03-07 21:28:07.000000000 +0100
+++ ettercap-0.8.2/debian/changelog 2017-06-04 09:27:11.000000000 +0200
@@ -1,3 +1,12 @@
+ettercap (1:0.8.2-5) unstable; urgency=high
+
+ [ Alexander Koeppe ]
+ * debian/patches/803.patch: Fix buffer overflow/underflow
+ with bad filters (Closes: #861604).
+ CVE-2017-8366
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 04 Jun 2017 09:24:59 +0200
+
ettercap (1:0.8.2-4) unstable; urgency=high
* debian/patches/626dc56686f15f2dda13c48f78c2a666cb6d8506.patch:
diff -Nru ettercap-0.8.2/debian/patches/803.patch ettercap-0.8.2/debian/patches/803.patch
--- ettercap-0.8.2/debian/patches/803.patch 1970-01-01 01:00:00.000000000 +0100
+++ ettercap-0.8.2/debian/patches/803.patch 2017-06-04 09:25:14.000000000 +0200
@@ -0,0 +1,210 @@
+From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe <format_c@online.de>
+Date: Thu, 1 Jun 2017 08:56:23 +0200
+Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type
+
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: ettercap-0.8.2/CMakeLists.txt
+===================================================================
+--- ettercap-0.8.2.orig/CMakeLists.txt
++++ ettercap-0.8.2/CMakeLists.txt
+@@ -125,7 +125,27 @@
+ # library dir path in our RPATH.
+ set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+ endif(NOT DISABLE_RPATH)
++
++# set general build flags for debug build-type
+ set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
++# append ASAN build flags if compiler version has support
++if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
++ message("Building with ASAN support (GNU compiler)")
++ else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++ message("Building without ASAN support (GNU compiler)")
++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
++ message("Building with ASAN support (Clang compiler)")
++ elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++ message("Building without ASAN support (Clang compiler)")
++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
++
++# set build flags for release build-type
+ set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+
+ if(OS_DARWIN)
+Index: ettercap-0.8.2/include/ec_strings.h
+===================================================================
+--- ettercap-0.8.2.orig/include/ec_strings.h
++++ ettercap-0.8.2/include/ec_strings.h
+@@ -40,7 +40,7 @@
+
+ EC_API_EXTERN int match_pattern(const char *s, const char *pattern);
+ EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded);
+-EC_API_EXTERN int strescape(char *dst, char *src);
++EC_API_EXTERN int strescape(char *dst, char *src, size_t len);
+ EC_API_EXTERN int str_replace(char **text, const char *s, const char *d);
+ EC_API_EXTERN size_t strlen_utf8(const char *s);
+ EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr);
+Index: ettercap-0.8.2/src/ec_strings.c
+===================================================================
+--- ettercap-0.8.2.orig/src/ec_strings.c
++++ ettercap-0.8.2/src/ec_strings.c
+@@ -167,13 +167,14 @@
+ /*
+ * convert the escaped string into a binary one
+ */
+-int strescape(char *dst, char *src)
++int strescape(char *dst, char *src, size_t len)
+ {
+ char *olddst = dst;
++ char *oldsrc = src;
+ int c;
+ int val;
+
+- while ((c = *src++) != '\0') {
++ while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) {
+ if (c == '\\') {
+ switch ((c = *src++)) {
+ case '\0':
+@@ -218,9 +219,11 @@
+ if (c >= '0' && c <= '7')
+ val = (val << 3) | (c - '0');
+ else
+- --src;
++ if (src > oldsrc) /* protect against buffer underflow */
++ --src;
+ } else
+- --src;
++ if (src > oldsrc) /* protect against buffer underflow */
++ --src;
+ *dst++ = (char) val;
+ break;
+
+@@ -232,15 +235,17 @@
+ c = hextoint(*src++);
+ if (c >= 0)
+ val = (val << 4) + c;
+- else
+- --src;
+- } else
+- --src;
++ else if (src > oldsrc) /* protect against buffer underflow */
++ --src;
++ } else if (src > oldsrc) /* protect against buffer underflow */
++ --src;
+ *dst++ = (char) val;
+ break;
+ }
+- } else if (c == 8 || c == 263) /* the backspace */
+- dst--;
++ } else if (c == 8 || c == 263) { /* the backspace */
++ if (dst > oldsrc) /* protect against buffer underflow */
++ dst--;
++ }
+ else
+ *dst++ = (char) c;
+ }
+Index: ettercap-0.8.2/src/ec_encryption.c
+===================================================================
+--- ettercap-0.8.2.orig/src/ec_encryption.c
++++ ettercap-0.8.2/src/ec_encryption.c
+@@ -218,7 +218,7 @@
+
+ if (type == 's') {
+ /* escape the string and check its length */
+- if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len)
++ if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len)
+ SEMIFATAL_ERROR("Specified WEP key length does not match the given string");
+ } else if (type == 'p') {
+ /* create the key from the passphrase */
+Index: ettercap-0.8.2/src/interfaces/curses/ec_curses_view_connections.c
+===================================================================
+--- ettercap-0.8.2.orig/src/interfaces/curses/ec_curses_view_connections.c
++++ ettercap-0.8.2/src/interfaces/curses/ec_curses_view_connections.c
+@@ -590,7 +590,7 @@
+ size_t len;
+
+ /* escape the sequnces in the buffer */
+- len = strescape((char*)injectbuf, (char*)injectbuf);
++ len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1);
+
+ /* check where to inject */
+ if (wdg_c1->flags & WDG_OBJ_FOCUSED) {
+Index: ettercap-0.8.2/src/interfaces/gtk/ec_gtk_view_connections.c
+===================================================================
+--- ettercap-0.8.2.orig/src/interfaces/gtk/ec_gtk_view_connections.c
++++ ettercap-0.8.2/src/interfaces/gtk/ec_gtk_view_connections.c
+@@ -1567,7 +1567,7 @@
+ size_t len;
+
+ /* escape the sequnces in the buffer */
+- len = strescape(injectbuf, injectbuf);
++ len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1);
+
+ /* check where to inject */
+ if (side == 1 || side == 2) {
+Index: ettercap-0.8.2/utils/etterfilter/ef_encode.c
+===================================================================
+--- ettercap-0.8.2.orig/utils/etterfilter/ef_encode.c
++++ ettercap-0.8.2/utils/etterfilter/ef_encode.c
+@@ -131,7 +131,8 @@
+ fop->op.test.string = (u_char*)strdup(string + 1);
+
+ /* escape it in the structure */
+- fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string);
++ fop->op.test.slen = strescape((char*)fop->op.test.string,
++ (char*)fop->op.test.string, strlen(fop->op.test.string)+1);
+
+ return E_SUCCESS;
+
+@@ -179,7 +180,8 @@
+ fop->opcode = FOP_FUNC;
+ fop->op.func.op = FFUNC_SEARCH;
+ fop->op.func.string = (u_char*)strdup(dec_args[1]);
+- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++ fop->op.func.slen = strescape((char*)fop->op.func.string,
++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+ ret = E_SUCCESS;
+ } else
+ SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
+@@ -197,7 +199,8 @@
+ fop->opcode = FOP_FUNC;
+ fop->op.func.op = FFUNC_REGEX;
+ fop->op.func.string = (u_char*)strdup(dec_args[1]);
+- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++ fop->op.func.slen = strescape((char*)fop->op.func.string,
++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+ ret = E_SUCCESS;
+ } else
+ SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
+@@ -267,9 +270,11 @@
+ /* replace always operate at DATA level */
+ fop->op.func.level = 5;
+ fop->op.func.string = (u_char*)strdup(dec_args[0]);
+- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++ fop->op.func.slen = strescape((char*)fop->op.func.string,
++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+ fop->op.func.replace = (u_char*)strdup(dec_args[1]);
+- fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace);
++ fop->op.func.rlen = strescape((char*)fop->op.func.replace,
++ (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1);
+ ret = E_SUCCESS;
+ } else
+ SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
+@@ -323,7 +328,8 @@
+ if (nargs == 1) {
+ fop->op.func.op = FFUNC_MSG;
+ fop->op.func.string = (u_char*)strdup(dec_args[0]);
+- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++ fop->op.func.slen = strescape((char*)fop->op.func.string,
++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+ ret = E_SUCCESS;
+ } else
+ SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
diff -Nru ettercap-0.8.2/debian/patches/series ettercap-0.8.2/debian/patches/series
--- ettercap-0.8.2/debian/patches/series 2017-03-07 20:32:03.000000000 +0100
+++ ettercap-0.8.2/debian/patches/series 2017-06-04 09:24:58.000000000 +0200
@@ -1,2 +1,3 @@
740.patch
626dc56686f15f2dda13c48f78c2a666cb6d8506.patch
+803.patch
Attachment:
signature.asc
Description: OpenPGP digital signature