Bug#851060: libnids1.21: can't assemble TCP streams on armhf

Subject: Bug#851060: libnids1.21: can't assemble TCP streams on armhf
From: guenther at unix-ag.uni-kl.de (guenther@unix-ag.uni-kl.de)
Date: Wed, 11 Jan 2017 22:11:37 +0100
Message-id: <[🔎] 20170111211119.GA460@sushi.unix-ag.uni-kl.de>

Package: libnids1.21
Version: 1.23-2
Control: affects -1 + dsniff

At least on armhf (on both Debian Unstable as well as on Raspbian
Jessie), libnids1.21 can't assemble TCP streams correctly. This
affects software relying on libnids, such as dsniff.

Compiling the library myself, I could reproduce that gcc's strict
aliasing assumptions don't hold for this code.  Turning off
optimizations relying on strict aliasing fixed the issue for me.  The
compiler flag is -fno-strict-aliasing.

My proposal would be to add this flag, as the library itself is mostly
unmaintained.

Steps to reproduce:
- Run dsniff (which is based on libnids; package maintainers Cc'ed)
- curl -v --basic --user foo:bar http://neverssl.com/

Expected results:
- dsniff should report the observed credentials

Observed results:
- dsniff returns nothing
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170111/bfeac0a2/attachment.sig>

Reply to:

Prev by Date: Sans apport dès 190€ par mois
Next by Date: Proper fix for #850828
Previous by thread: Sans apport dès 190€ par mois
Next by thread: Proper fix for #850828
Index(es):
- Date
- Thread