Your message dated Sun, 4 Jun 2017 16:03:12 +0100 with message-id <20170604150312.uuc3cslqtmvqpv42@powdarrmonkey.net> and subject line Re: Bug#864091: unblock: ettercap (CVE) has caused the Debian Bug report #864091, regarding unblock: ettercap/1:0.8.2-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 864091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864091 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock: ettercap (CVE)
- From: Gianfranco Costamagna <locutusofborg@debian.org>
- Date: Sun, 4 Jun 2017 11:57:58 +0200
- Message-id: <[🔎] 2778a1d5-14dd-966b-7517-480ff12dc534@debian.org>
Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Hi Release Team Please unblock package ettercap, we fixed CVE 2017-8366 unblock ettercap/1:0.8.2-5 debdiff attacheddiff -Nru ettercap-0.8.2/debian/changelog ettercap-0.8.2/debian/changelog --- ettercap-0.8.2/debian/changelog 2017-03-07 21:28:07.000000000 +0100 +++ ettercap-0.8.2/debian/changelog 2017-06-04 09:27:11.000000000 +0200 @@ -1,3 +1,12 @@ +ettercap (1:0.8.2-5) unstable; urgency=high + + [ Alexander Koeppe ] + * debian/patches/803.patch: Fix buffer overflow/underflow + with bad filters (Closes: #861604). + CVE-2017-8366 + + -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 04 Jun 2017 09:24:59 +0200 + ettercap (1:0.8.2-4) unstable; urgency=high * debian/patches/626dc56686f15f2dda13c48f78c2a666cb6d8506.patch: diff -Nru ettercap-0.8.2/debian/patches/803.patch ettercap-0.8.2/debian/patches/803.patch --- ettercap-0.8.2/debian/patches/803.patch 1970-01-01 01:00:00.000000000 +0100 +++ ettercap-0.8.2/debian/patches/803.patch 2017-06-04 09:25:14.000000000 +0200 @@ -0,0 +1,210 @@ +From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001 +From: Alexander Koeppe <format_c@online.de> +Date: Thu, 1 Jun 2017 08:56:23 +0200 +Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type + +--- + CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: ettercap-0.8.2/CMakeLists.txt +=================================================================== +--- ettercap-0.8.2.orig/CMakeLists.txt ++++ ettercap-0.8.2/CMakeLists.txt +@@ -125,7 +125,27 @@ + # library dir path in our RPATH. + set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) + endif(NOT DISABLE_RPATH) ++ ++# set general build flags for debug build-type + set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE) ++# append ASAN build flags if compiler version has support ++if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") ++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) ++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) ++ message("Building with ASAN support (GNU compiler)") ++ else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) ++ message("Building without ASAN support (GNU compiler)") ++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8) ++elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang") ++ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) ++ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE) ++ message("Building with ASAN support (Clang compiler)") ++ elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) ++ message("Building without ASAN support (Clang compiler)") ++ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1) ++endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") ++ ++# set build flags for release build-type + set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE) + + if(OS_DARWIN) +Index: ettercap-0.8.2/include/ec_strings.h +=================================================================== +--- ettercap-0.8.2.orig/include/ec_strings.h ++++ ettercap-0.8.2/include/ec_strings.h +@@ -40,7 +40,7 @@ + + EC_API_EXTERN int match_pattern(const char *s, const char *pattern); + EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded); +-EC_API_EXTERN int strescape(char *dst, char *src); ++EC_API_EXTERN int strescape(char *dst, char *src, size_t len); + EC_API_EXTERN int str_replace(char **text, const char *s, const char *d); + EC_API_EXTERN size_t strlen_utf8(const char *s); + EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr); +Index: ettercap-0.8.2/src/ec_strings.c +=================================================================== +--- ettercap-0.8.2.orig/src/ec_strings.c ++++ ettercap-0.8.2/src/ec_strings.c +@@ -167,13 +167,14 @@ + /* + * convert the escaped string into a binary one + */ +-int strescape(char *dst, char *src) ++int strescape(char *dst, char *src, size_t len) + { + char *olddst = dst; ++ char *oldsrc = src; + int c; + int val; + +- while ((c = *src++) != '\0') { ++ while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) { + if (c == '\\') { + switch ((c = *src++)) { + case '\0': +@@ -218,9 +219,11 @@ + if (c >= '0' && c <= '7') + val = (val << 3) | (c - '0'); + else +- --src; ++ if (src > oldsrc) /* protect against buffer underflow */ ++ --src; + } else +- --src; ++ if (src > oldsrc) /* protect against buffer underflow */ ++ --src; + *dst++ = (char) val; + break; + +@@ -232,15 +235,17 @@ + c = hextoint(*src++); + if (c >= 0) + val = (val << 4) + c; +- else +- --src; +- } else +- --src; ++ else if (src > oldsrc) /* protect against buffer underflow */ ++ --src; ++ } else if (src > oldsrc) /* protect against buffer underflow */ ++ --src; + *dst++ = (char) val; + break; + } +- } else if (c == 8 || c == 263) /* the backspace */ +- dst--; ++ } else if (c == 8 || c == 263) { /* the backspace */ ++ if (dst > oldsrc) /* protect against buffer underflow */ ++ dst--; ++ } + else + *dst++ = (char) c; + } +Index: ettercap-0.8.2/src/ec_encryption.c +=================================================================== +--- ettercap-0.8.2.orig/src/ec_encryption.c ++++ ettercap-0.8.2/src/ec_encryption.c +@@ -218,7 +218,7 @@ + + if (type == 's') { + /* escape the string and check its length */ +- if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len) ++ if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len) + SEMIFATAL_ERROR("Specified WEP key length does not match the given string"); + } else if (type == 'p') { + /* create the key from the passphrase */ +Index: ettercap-0.8.2/src/interfaces/curses/ec_curses_view_connections.c +=================================================================== +--- ettercap-0.8.2.orig/src/interfaces/curses/ec_curses_view_connections.c ++++ ettercap-0.8.2/src/interfaces/curses/ec_curses_view_connections.c +@@ -590,7 +590,7 @@ + size_t len; + + /* escape the sequnces in the buffer */ +- len = strescape((char*)injectbuf, (char*)injectbuf); ++ len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1); + + /* check where to inject */ + if (wdg_c1->flags & WDG_OBJ_FOCUSED) { +Index: ettercap-0.8.2/src/interfaces/gtk/ec_gtk_view_connections.c +=================================================================== +--- ettercap-0.8.2.orig/src/interfaces/gtk/ec_gtk_view_connections.c ++++ ettercap-0.8.2/src/interfaces/gtk/ec_gtk_view_connections.c +@@ -1567,7 +1567,7 @@ + size_t len; + + /* escape the sequnces in the buffer */ +- len = strescape(injectbuf, injectbuf); ++ len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1); + + /* check where to inject */ + if (side == 1 || side == 2) { +Index: ettercap-0.8.2/utils/etterfilter/ef_encode.c +=================================================================== +--- ettercap-0.8.2.orig/utils/etterfilter/ef_encode.c ++++ ettercap-0.8.2/utils/etterfilter/ef_encode.c +@@ -131,7 +131,8 @@ + fop->op.test.string = (u_char*)strdup(string + 1); + + /* escape it in the structure */ +- fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string); ++ fop->op.test.slen = strescape((char*)fop->op.test.string, ++ (char*)fop->op.test.string, strlen(fop->op.test.string)+1); + + return E_SUCCESS; + +@@ -179,7 +180,8 @@ + fop->opcode = FOP_FUNC; + fop->op.func.op = FFUNC_SEARCH; + fop->op.func.string = (u_char*)strdup(dec_args[1]); +- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); ++ fop->op.func.slen = strescape((char*)fop->op.func.string, ++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); + ret = E_SUCCESS; + } else + SCRIPT_ERROR("Unknown offset %s ", dec_args[0]); +@@ -197,7 +199,8 @@ + fop->opcode = FOP_FUNC; + fop->op.func.op = FFUNC_REGEX; + fop->op.func.string = (u_char*)strdup(dec_args[1]); +- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); ++ fop->op.func.slen = strescape((char*)fop->op.func.string, ++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); + ret = E_SUCCESS; + } else + SCRIPT_ERROR("Unknown offset %s ", dec_args[0]); +@@ -267,9 +270,11 @@ + /* replace always operate at DATA level */ + fop->op.func.level = 5; + fop->op.func.string = (u_char*)strdup(dec_args[0]); +- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); ++ fop->op.func.slen = strescape((char*)fop->op.func.string, ++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); + fop->op.func.replace = (u_char*)strdup(dec_args[1]); +- fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace); ++ fop->op.func.rlen = strescape((char*)fop->op.func.replace, ++ (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1); + ret = E_SUCCESS; + } else + SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name); +@@ -323,7 +328,8 @@ + if (nargs == 1) { + fop->op.func.op = FFUNC_MSG; + fop->op.func.string = (u_char*)strdup(dec_args[0]); +- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string); ++ fop->op.func.slen = strescape((char*)fop->op.func.string, ++ (char*)fop->op.func.string, strlen(fop->op.func.string)+1); + ret = E_SUCCESS; + } else + SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name); diff -Nru ettercap-0.8.2/debian/patches/series ettercap-0.8.2/debian/patches/series --- ettercap-0.8.2/debian/patches/series 2017-03-07 20:32:03.000000000 +0100 +++ ettercap-0.8.2/debian/patches/series 2017-06-04 09:24:58.000000000 +0200 @@ -1,2 +1,3 @@ 740.patch 626dc56686f15f2dda13c48f78c2a666cb6d8506.patch +803.patchAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: Gianfranco Costamagna <locutusofborg@debian.org>, 864091-done@bugs.debian.org
- Subject: Re: Bug#864091: unblock: ettercap (CVE)
- From: Jonathan Wiltshire <jmw@debian.org>
- Date: Sun, 4 Jun 2017 16:03:12 +0100
- Message-id: <20170604150312.uuc3cslqtmvqpv42@powdarrmonkey.net>
- In-reply-to: <[🔎] 2778a1d5-14dd-966b-7517-480ff12dc534@debian.org>
- References: <[🔎] 2778a1d5-14dd-966b-7517-480ff12dc534@debian.org>
On Sun, Jun 04, 2017 at 11:57:58AM +0200, Gianfranco Costamagna wrote: > Please unblock package ettercap, we fixed CVE 2017-8366 > > unblock ettercap/1:0.8.2-5 > > debdiff attached Already unblocked by Niels. -- Jonathan Wiltshire jmw@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
--- End Message ---