[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1076271: marked as done (bookworm-pu: package dmitry)

Your message dated Sat, 31 Aug 2024 12:34:14 +0100
with message-id <9e3e8b8cd0db3b52d4adb2cfad04baa007c8e3e8.camel@adam-barratt.org.uk>
and subject line Closing bugs for 12.7
has caused the Debian Bug report #1076271,
regarding bookworm-pu: package dmitry
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1076271: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076271
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Affects: dmitry

The <URL: https://tracker.debian.org/pkg/dmitry > package in stable,
version 1.3a-1.2, got a few security issues that could be fixed.  These
are CVE-2024-31837, CVE-2020-14931 and CVE-2017-7938.  I would like to
update these in bookworm, and have prepared the change in the git
repository, in the debian/bookworm branch.  Here is the complete
proposed patch, including an update of the maintainer to reflect that
the package is orphaned.

diff --git a/debian/changelog b/debian/changelog
index 2ebd04d..5f23771 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+dmitry (1.3a-1.2+deb12u1) UNRELEASED; urgency=medium
+
+  * QA upload.
+
+  * Fix format string bug (#3).
+  * Fix handling externally-controlled format strings and buffer overflows
+  * Do not let frmtdbuff overflow in nic_format_buff.
+  * Switched maintainer to QA group, to reflect the packages orphaned state.
+
+ -- Petter Reinholdtsen <pere@debian.org>  Sat, 13 Jul 2024 12:09:18 +0200
+
 dmitry (1.3a-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --git a/debian/control b/debian/control
index 7381f4a..1e69a3f 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,7 @@
 Source: dmitry
 Section: net
 Priority: extra
-Maintainer: Runa Sandvik <runa.sandvik@gmail.com>
+Maintainer: Debian QA Group <packages@qa.debian.org>
 Build-Depends: debhelper-compat (= 13)
 Standards-Version: 3.8.0
 Homepage: http://www.mor-pah.net/index.php?file=projects/dmitry
diff --git a/src/dmitry.c b/src/dmitry.c
index 2e82f60..d47f231 100644
--- a/src/dmitry.c
+++ b/src/dmitry.c
@@ -95,7 +95,8 @@ int main(int argc, char **argv)
 					snprintf(outputfile, sizeof(outputfile), "%s.txt", argv[argc-1]);
 				}
 				else {
-					strcpy(outputfile, optarg);
+					strncpy(outputfile, optarg, sizeof(outputfile) - 1);
+					outputfile[sizeof(outputfile) - 1] = '\0';
 				}
 				break;
 			case 'v':
@@ -142,14 +143,16 @@ int main(int argc, char **argv)
 				print_line("ERROR: Unable to locate Host IP addr. for %s\n", argv[argc - 1]);
 				print_line("Continuing with limited modules\n");
 			}
-			strcpy(host_name, argv[argc - 1]);
+			strncpy(host_name, argv[argc - 1], MAXNAMELEN - 1);
+			host_name[MAXNAMELEN - 1] = '\0';
 			break;
 		default:
 			if (! get_host(argv[argc - 1], host_name) ) {
 				print_line("ERROR: Unable to locate Host Name for %s\n", argv[argc - 1]);
 				print_line("Continuing with limited modules\n");
 			}
-			strcpy(host_ip, argv[argc - 1]);
+			strncpy(host_ip, argv[argc - 1], MAXIPLEN - 1);
+			host_ip[MAXIPLEN - 1] = '\0';
 			break;
 	}
 	print_line("HostIP:%s\n", host_ip);
diff --git a/src/iwhois.c b/src/iwhois.c
index 6b25e7e..c629013 100644
--- a/src/iwhois.c
+++ b/src/iwhois.c
@@ -9,11 +9,11 @@ int get_iwhois(char *host)
 	/* Print introduction to function */
 	memset(linebuff, '\0', sizeof(linebuff));
 	snprintf(linebuff, sizeof(linebuff), "\nGathered Inet-whois information for %s\n", host);
-	print_line(linebuff);
+	print_line("%s", linebuff);
 
 	memset(linebuff, '\0', sizeof(linebuff));
 	snprintf(linebuff, sizeof(linebuff), "---------------------------------\n\n");
-	print_line(linebuff);
+	print_line("%s", linebuff);
 	if (! host[0] ){
 		print_line("ERROR: No Host IP to work from\n");
 		if ( strlen(outputfile) ) file_close();
diff --git a/src/mailsearch.c b/src/mailsearch.c
index 8b72d94..4dcb734 100644
--- a/src/mailsearch.c
+++ b/src/mailsearch.c
@@ -20,7 +20,10 @@ int get_emails(char *host)
                 } while ( host[ctr] != '\n' && host[ctr] != '\0' );
                 hostwww[strlen(hostwww)] = '\0';
         }
-        else strcpy(hostwww, host);
+        else {
+            strncpy(hostwww, host, sizeof(hostwww) - 1);
+            hostwww[sizeof(hostwww) - 1] = '\0';
+        }
 
 	if (strlen(outputfile)) file_open();
 
@@ -76,7 +79,7 @@ int get_emails(char *host)
 	
 	memset(sendbuff, '\0', sizeof(sendbuff));
 	snprintf(sendbuff, sizeof(sendbuff), "Found %d E-Mail(s) for host %s, Searched %d pages containing %d results\n", emailcount, hostwww, totalpages, totalpages*100);
-	print_line(sendbuff);
+	print_line("%s", sendbuff);
 	if (strlen(outputfile)) file_close();
 	return 0;
 }
@@ -177,7 +180,7 @@ int emaillist(char *email, char *host)
         strcpy(emailbuff[emailcount], email);
 
         snprintf(output, sizeof(output), "%s%s\n", emailbuff[emailcount], host);
-	print_line(output);
+	print_line("%s", output);
 	emailcount++;
 	return 0;
 }
diff --git a/src/nwhois.c b/src/nwhois.c
index 193f953..54d574a 100644
--- a/src/nwhois.c
+++ b/src/nwhois.c
@@ -25,11 +25,11 @@ int get_nwhois(char *host)
 	/* Print introduction to function */
 	memset(linebuff, '\0', sizeof(linebuff));
 	snprintf(linebuff, sizeof(linebuff), "\nGathered Inic-whois information for %s\n", fhost);
-	print_line(linebuff);
+	print_line("%s", linebuff);
 
 	memset(linebuff, '\0', sizeof(linebuff));
 	snprintf(linebuff, sizeof(linebuff), "---------------------------------\n");
-	print_line(linebuff);
+	print_line("%s", linebuff);
 
 	/* TopLevelDomain output */
 	if (!( hostn = get_td(fhost) )){
@@ -137,6 +137,11 @@ int nic_format_buff(char *buff, int listn)
 		}
 		frmtdbuff[strlen(frmtdbuff)] = buff[ctr];
 		ctr++;
+		if (strlen(frmtdbuff) >= sizeof(frmtdbuff) - 1) {
+			/* frmtdbuff is full, do not let it overflow */
+			print_line("%s", frmtdbuff);
+			memset(frmtdbuff, '\0', sizeof(frmtdbuff));
+		}
 	}
 	if ( strlen(frmtdbuff) ) linetodo = 1;
 	return 0;
diff --git a/src/subsearch.c b/src/subsearch.c
index df6bdff..be42303 100644
--- a/src/subsearch.c
+++ b/src/subsearch.c
@@ -20,7 +20,10 @@ int get_subdomains(char *host)
                 } while ( host[ctr] != '\n' && host[ctr] != '\0' );
                 hostwww[strlen(hostwww)] = '\0';
         }
-        else strcpy(hostwww, host);
+        else {
+            strncpy(hostwww, host, sizeof(hostwww) - 1);
+            hostwww[sizeof(hostwww) - 1] = '\0';
+        }
 
 	if (strlen(outputfile)) file_open();
 
@@ -74,7 +77,7 @@ int get_subdomains(char *host)
 	if (subcount == -1) subcount = 0;
 	memset(sendbuff, '\0', sizeof(sendbuff));
 	snprintf(sendbuff, sizeof(sendbuff), "Found %d possible subdomain(s) for host %s, Searched %d pages containing %d results\n", subcount, hostwww, totalpages, totalpages*100);
-	print_line(sendbuff);
+	print_line("%s", sendbuff);
 	if (strlen(outputfile)) file_close();
 	return 0;
 }

-- 
Happy hacking
Petter Reinholdtsen

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 12.7

Hi,

Each of these bugs relates to an update including in today's bookworm
12.7 point release.

Regards,

Adam

--- End Message ---
Reply to: