Fix buffer overflows (bug #337851). Fix MAC address output format.

Package-Manager: portage-2.2.0_alpha49/cvs/Linux x86_64

6 files changed, 161 insertions, 6 deletions

diff --git a/net-analyzer/packit/ChangeLog b/net-analyzer/packit/ChangeLog
index dc51238ed259..1cd0d935f2d7 100644
--- a/net-analyzer/packit/ChangeLog
+++ b/net-analyzer/packit/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-analyzer/packit
-# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/packit/ChangeLog,v 1.24 2010/09/15 02:01:55 jer Exp $
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/packit/ChangeLog,v 1.25 2011/08/01 20:12:52 jer Exp $
+
+*packit-1.0-r2 (01 Aug 2011)
+
+  01 Aug 2011; Jeroen Roovers <jer@gentoo.org> packit-1.0-r1.ebuild,
+  +packit-1.0-r2.ebuild, +files/packit-1.0-format.patch,
+  +files/packit-1.0-overflow.patch:
+  Fix buffer overflows (bug #337851). Fix MAC address output format.
 
   15 Sep 2010; Jeroen Roovers <jer@gentoo.org> packit-1.0-r1.ebuild:
   Fix HOMEPAGE and SRC_URI.
diff --git a/net-analyzer/packit/Manifest b/net-analyzer/packit/Manifest
index 7c01ffb21c7e..793f48594ef6 100644
--- a/net-analyzer/packit/Manifest
+++ b/net-analyzer/packit/Manifest
@@ -1,6 +1,19 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+AUX packit-1.0-format.patch 1831 RMD160 f8c6d95b5cb6479201f4043fd94a65edb4bf9179 SHA1 189b679928622e96784c096d9e8e0aaf5ce25b38 SHA256 d2a88e54e088d1eaafc924ac42949b4306cf2f663abdf628f41ac4283458ba16
 AUX packit-1.0-noopt.patch 368 RMD160 fbf5d1a95c47f677d4659dd024c8880cffac5875 SHA1 da80e332e3c81e3ca23c9726e4c3cbf1d03658c4 SHA256 e45540584b57f3e11cd8a8a75348657e1c549be382a1ca3b679a7ac6c9165e44
 AUX packit-1.0-nostrip.patch 202 RMD160 09492fa051e0d26e611540ed2adcac8b81eb5652 SHA1 7099307038c3572707dbdaa926a827293c21bee1 SHA256 901a90cb6fc80cc1a2b703e511128b7faf85f96094717602a295571a824a755f
+AUX packit-1.0-overflow.patch 1444 RMD160 cac2ccfc6639e2690e0426d73332b54a9aebaff0 SHA1 08d779e48e8eacda9d8bd2ccfb561042b5a6d06e SHA256 3d7d84148e363c90206b12c9958b8beeeac611f61e70660c92cd849e14764d76
 DIST packit-1.0.tgz 138367 RMD160 02b2ec56ccac5f8d755c0d84f1360b1cea698fce SHA1 21e1540c55879123d6bcca92c64d371b734893b1 SHA256 dd03023a03b3c98819f4da5c23426d103ed3f457562e2afda2eb3ebc419ad8fa
-EBUILD packit-1.0-r1.ebuild 873 RMD160 17eeebb98b30c03534e02c66c2a825ab10efa86f SHA1 055a4b157b49a8df7ca43112ae92cfbdadf95308 SHA256 faebba00cf2f6a26ef7e46d3c44e6cbfa218dc1606009672553c5c8e0455ae22
-MISC ChangeLog 3188 RMD160 26bcc36bb38cee590a39fe45cfa2b4725fe28903 SHA1 ea812d48c6a91b9147b57002b29f22ca65c94093 SHA256 3ce8910869eb1f1c2f4b6884eba28c5862ba66f04a03aa3039e8a8854c1fe20f
+EBUILD packit-1.0-r1.ebuild 893 RMD160 d8e6852d3073c102dc8389e2d7dd9c74234ca0c4 SHA1 27cceba5d074780c706797150e0b6490ba507879 SHA256 b5a797c8b21a1f935fa250fc91743fb55937bf5e55f053e4c23cff2556717f6d
+EBUILD packit-1.0-r2.ebuild 926 RMD160 902754eea9d2317aa516e3391d00d75de25beb11 SHA1 7c47110465c41854d15a03c6aac3136824bdf85c SHA256 b330496c36b8b6e65ff142851fdde237a894c984ed8b899ded4cee4c35aecb14
+MISC ChangeLog 3450 RMD160 e0ffc0b78b1cc61229acf820b4f47f41762b3917 SHA1 443044641dea96b72bdf53f0e7f9469bcc3de9fa SHA256 62598c11e7dc7d58c738e5ee20a86195ebc210624fe12b69dba6cc63a3bb81f4
 MISC metadata.xml 291 RMD160 25863743fcc91ab24f636e83c5c6aa83daf602c4 SHA1 9f6384c56d4774e62cbdc4cc4b3cbea18ebb510e SHA256 e16c823e5a24e2e43fedf44da3c8e667d6eefb565f0f0f6f9eeab709ab142d61
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.17 (GNU/Linux)
+
+iEYEARECAAYFAk43CM8ACgkQVWmRsqeSphNqNQCfR3G3diktfiqvG71lEL26D9bU
+R9MAni0tCN53u0CqaTtjaLKjUrfJsOD1
+=UX+t
+-----END PGP SIGNATURE-----
diff --git a/net-analyzer/packit/files/packit-1.0-format.patch b/net-analyzer/packit/files/packit-1.0-format.patch
new file mode 100644
index 000000000000..0ad430206a47
--- /dev/null
+++ b/net-analyzer/packit/files/packit-1.0-format.patch
@@ -0,0 +1,43 @@
+The original objective seems to have been to apply padding, but this
+is not done at all: instead, set a precision. -JeR
+
+--- a/src/shape_arp_hdr.c
++++ b/src/shape_arp_hdr.c
+@@ -94,7 +94,7 @@
+     if(format_ethernet_addr(ahdr_o.s_eaddr, s_neaddr) == 0)
+         fatal_error("Invalid sender ethernet address");
+ 
+-    snprintf(ahdr_o.shw_addr, 18, "%0X:%0X:%0X:%0X:%0X:%0X",
++    snprintf(ahdr_o.shw_addr, 18, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X",
+         s_neaddr[0], s_neaddr[1], s_neaddr[2], s_neaddr[3], s_neaddr[4], s_neaddr[5]);
+ 
+     if(ahdr_o.r_paddr == NULL)
+@@ -139,7 +139,7 @@
+     if(format_ethernet_addr(ahdr_o.r_eaddr, r_neaddr) == 0)
+         fatal_error("Invalid receiver ethernet address");
+ 
+-    snprintf(ahdr_o.rhw_addr, 18, "%0X:%0X:%0X:%0X:%0X:%0X",
++    snprintf(ahdr_o.rhw_addr, 18, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X",
+         r_neaddr[0], r_neaddr[1], r_neaddr[2], r_neaddr[3], r_neaddr[4], r_neaddr[5]);
+ 
+     if(libnet_build_arp(
+--- a/src/shape_ethernet_hdr.c.org
++++ b/src/shape_ethernet_hdr.c
+@@ -56,7 +56,7 @@
+         if(format_ethernet_addr(ehdr_o.s_addr, us_addr) == 0)
+             fatal_error("Invalid source ethernet address");
+     
+-    snprintf(ehdr_o.shw_addr, 18, "%0X:%0X:%0X:%0X:%0X:%0X",
++    snprintf(ehdr_o.shw_addr, 18, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X",
+         us_addr[0], us_addr[1], us_addr[2], us_addr[3], us_addr[4], us_addr[5]);
+ 
+     if(ehdr_o.d_addr == NULL && injection_type == ETHERTYPE_ARP)
+@@ -71,7 +71,7 @@
+     if(format_ethernet_addr(ehdr_o.d_addr, ud_addr) == 0)
+         fatal_error("Invalid destination ethernet address");
+ 
+-    snprintf(ehdr_o.dhw_addr, 18, "%0X:%0X:%0X:%0X:%0X:%0X",
++    snprintf(ehdr_o.dhw_addr, 18, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X",
+         ud_addr[0], ud_addr[1], ud_addr[2], ud_addr[3], ud_addr[4], ud_addr[5]);
+ 
+     if(libnet_build_ethernet(
diff --git a/net-analyzer/packit/files/packit-1.0-overflow.patch b/net-analyzer/packit/files/packit-1.0-overflow.patch
new file mode 100644
index 000000000000..3adf31a6bb82
--- /dev/null
+++ b/net-analyzer/packit/files/packit-1.0-overflow.patch
@@ -0,0 +1,58 @@
+--- a/src/utils.c
++++ b/src/utils.c
+@@ -137,7 +137,7 @@
+ #endif
+ 
+     va_start(va, msgp);
+-    vsnprintf(msg, 256, msgp, va);
++    vsnprintf(msg, 255, msgp, va);
+ 
+     msg_len = strlen(msg);
+ 
+--- a/src/exit.c
++++ b/src/exit.c
+@@ -36,7 +36,7 @@
+         while(1)
+         {
+             fprintf(stderr, "\n\nWould you like to quit? (y/n): ");
+-            fgets(a, 16, stdin);
++            fgets(a, 2, stdin);
+ 
+             if(!strncasecmp(a, "Y", 1))            
+                 break;
+--- a/src/define_defaults.c
++++ b/src/define_defaults.c
+@@ -36,7 +36,7 @@
+     rand_d_port = (p_mode == M_TRACE) ? 1 : 0;
+     r_timeout = 1;
+     burst_rate = 1;
+-    hwaddr_p[17] = 0;
++    /* hwaddr_p[18] = 0; */
+     init_type = 1;
+     interval_sec = 1;
+     interval_usec = 0;
+--- a/src/inject_defs.h
++++ b/src/inject_defs.h
+@@ -132,9 +132,9 @@
+     u_int16_t rand_d_addr;
+ 
+     u_int8_t *s_addr;                   /* source ethernet address string */
+-    u_int8_t shw_addr[17];
++    u_int8_t shw_addr[18];
+     u_int8_t *d_addr;                   /* destination ethernet address string */
+-    u_int8_t dhw_addr[17];
++    u_int8_t dhw_addr[18];
+ } ehdr_o;
+ 
+ struct arphdr_opts
+@@ -153,8 +153,8 @@
+     u_int8_t *r_eaddr;                  /* receiver ethernet address */
+     u_int16_t rand_r_eaddr;
+ 
+-    u_int8_t shw_addr[17];
+-    u_int8_t rhw_addr[17];
++    u_int8_t shw_addr[18];
++    u_int8_t rhw_addr[18];
+ } ahdr_o;
+ 
+ libnet_t *pkt_d;
diff --git a/net-analyzer/packit/packit-1.0-r1.ebuild b/net-analyzer/packit/packit-1.0-r1.ebuild
index 71b377afffb2..826bdeed0c29 100644
--- a/net-analyzer/packit/packit-1.0-r1.ebuild
+++ b/net-analyzer/packit/packit-1.0-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2010 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/packit/packit-1.0-r1.ebuild,v 1.4 2010/09/15 02:01:55 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/packit/packit-1.0-r1.ebuild,v 1.5 2011/08/01 20:12:52 jer Exp $
 
 inherit eutils
 
@@ -15,6 +15,7 @@ IUSE=""
 
 DEPEND=">=net-libs/libnet-1.1.2
 	net-libs/libpcap"
+RDEPEND="${DEPEND}"
 
 src_unpack(){
 	unpack ${A}
diff --git a/net-analyzer/packit/packit-1.0-r2.ebuild b/net-analyzer/packit/packit-1.0-r2.ebuild
new file mode 100644
index 000000000000..6a5c64d6d4f1
--- /dev/null
+++ b/net-analyzer/packit/packit-1.0-r2.ebuild
@@ -0,0 +1,33 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/packit/packit-1.0-r2.ebuild,v 1.1 2011/08/01 20:12:52 jer Exp $
+
+EAPI="4"
+
+inherit eutils
+
+DESCRIPTION="network auditing tool that allows you to monitor, manipulate, and inject customized IPv4 traffic"
+HOMEPAGE="http://packetfactory.openwall.net/projects/packit/"
+SRC_URI="${HOMEPAGE}downloads/${P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE=""
+
+DEPEND=">=net-libs/libnet-1.1.2
+	net-libs/libpcap"
+
+src_prepare(){
+	sed -i 's:net/bpf.h:pcap-bpf.h:g' "${S}"/src/{globals.h,main.h} || die
+	epatch \
+		"${FILESDIR}"/packit-1.0-noopt.patch \
+		"${FILESDIR}"/packit-1.0-nostrip.patch \
+		"${FILESDIR}"/packit-1.0-overflow.patch \
+		"${FILESDIR}"/packit-1.0-format.patch
+}
+
+src_install() {
+	default
+	dodoc VERSION docs/*
+}