rpms / mtr

Clone
Source Code
GIT

Blame mtr-0.69-CVE-2002-0497.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   2ac1af437fd0247b0f0762ecb9916d6388ae3fdc
  2.   mtr-0.69-CVE-2002-0497.patch
Blob History Raw
Phil Knirsch 8c4b15 
--- mtr-0.69/dns.c.CVE-2002-0497	2005-01-11 09:32:42.000000000 +0100
Phil Knirsch 8c4b15 
+++ mtr-0.69/dns.c	2005-02-09 18:13:12.000000000 +0100
Phil Knirsch 8c4b15 
@@ -877,7 +877,7 @@
Phil Knirsch 8c4b15 
   if (type == T_A) {
Phil Knirsch 8c4b15 
     dorequest(rp->hostname,type,rp->id);
Phil Knirsch 8c4b15 
     if (debug) {
Phil Knirsch 8c4b15 
-      sprintf(tempstring,"Resolver: Sent reverse authentication request for \"%s\".",
Phil Knirsch 8c4b15 
+      snprintf(tempstring, sizeof(tempstring), "Resolver: Sent reverse authentication request for \"%s\".",
Phil Knirsch 8c4b15 
 	      rp->hostname);
Phil Knirsch 8c4b15 
       restell(tempstring);
Phil Knirsch 8c4b15 
     }
Phil Knirsch 8c4b15 
@@ -898,7 +898,7 @@
Phil Knirsch 8c4b15 
     }
Phil Knirsch 8c4b15 
     dorequest(tempstring,type,rp->id);
Phil Knirsch 8c4b15 
     if (debug) {
Phil Knirsch 8c4b15 
-      sprintf(tempstring,"Resolver: Sent domain lookup request for \"%s\".",
Phil Knirsch 8c4b15 
+      snprintf(tempstring, sizeof(tempstring), "Resolver: Sent domain lookup request for \"%s\".",
Phil Knirsch 8c4b15 
 	      strlongip( &(rp->ip) ));
Phil Knirsch 8c4b15 
       restell(tempstring);
Phil Knirsch 8c4b15 
     }
Phil Knirsch 8c4b15 
@@ -934,7 +934,7 @@
Phil Knirsch 8c4b15 
   rp->expiretime = sweeptime + (double)ttl;
Phil Knirsch 8c4b15 
   untieresolve(rp);
Phil Knirsch 8c4b15 
   if (debug) {
Phil Knirsch 8c4b15 
-    sprintf(tempstring,"Resolver: Lookup successful: %s\n",rp->hostname);
Phil Knirsch 8c4b15 
+    snprintf(tempstring, sizeof(tempstring), "Resolver: Lookup successful: %s\n",rp->hostname);
Phil Knirsch 8c4b15 
     restell(tempstring);
Phil Knirsch 8c4b15 
   }
Phil Knirsch 8c4b15 
 }
Phil Knirsch 8c4b15 
@@ -991,7 +991,7 @@
Phil Knirsch 8c4b15 
   case NOERROR:
Phil Knirsch 8c4b15 
     if (hp->ancount) {
Phil Knirsch 8c4b15 
       if (debug) {
Phil Knirsch 8c4b15 
-	sprintf(tempstring,"Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)",
Phil Knirsch 8c4b15 
+	snprintf(tempstring, sizeof(tempstring), "Resolver: Received nameserver reply. (qd:%u an:%u ns:%u ar:%u)",
Phil Knirsch 8c4b15 
                 hp->qdcount,hp->ancount,hp->nscount,hp->arcount);
Phil Knirsch 8c4b15 
 	restell(tempstring);
Phil Knirsch 8c4b15 
       }
Phil Knirsch 8c4b15 
@@ -1031,14 +1031,14 @@
Phil Knirsch 8c4b15 
       namestring[strlen(stackstring)] = '\0';
Phil Knirsch 8c4b15 
       if (strcasecmp(stackstring,namestring)) {
Phil Knirsch 8c4b15 
 	if (debug) {
Phil Knirsch 8c4b15 
-	  sprintf(tempstring,"Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")",
Phil Knirsch 8c4b15 
+	  snprintf(tempstring, sizeof(tempstring), "Resolver: Unknown query packet dropped. (\"%s\" does not match \"%s\")",
Phil Knirsch 8c4b15 
 		  stackstring,namestring);
Phil Knirsch 8c4b15 
 	  restell(tempstring);
Phil Knirsch 8c4b15 
 	}
Phil Knirsch 8c4b15 
 	return;
Phil Knirsch 8c4b15 
       }
Phil Knirsch 8c4b15 
       if (debug) {
Phil Knirsch 8c4b15 
-	sprintf(tempstring,"Resolver: Queried domain name: \"%s\"",namestring);
Phil Knirsch 8c4b15 
+	snprintf(tempstring, sizeof(tempstring), "Resolver: Queried domain name: \"%s\"",namestring);
Phil Knirsch 8c4b15 
 	restell(tempstring);
Phil Knirsch 8c4b15 
       }
Phil Knirsch 8c4b15 
       c+= r;
Phil Knirsch 8c4b15 
@@ -1049,7 +1049,7 @@
Phil Knirsch 8c4b15 
       qdatatype = sucknetword(c);
Phil Knirsch 8c4b15 
       qclass = sucknetword(c);
Phil Knirsch 8c4b15 
       if (qclass != C_IN) {
Phil Knirsch 8c4b15 
-	sprintf(tempstring,"Resolver error: Received unsupported query class: %u (%s)",
Phil Knirsch 8c4b15 
+	snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unsupported query class: %u (%s)",
Phil Knirsch 8c4b15 
                 qclass,qclass < ClasstypeCount ? classtypes[qclass] :
Phil Knirsch 8c4b15 
 		classtypes[ClasstypeCount]);
Phil Knirsch 8c4b15 
 	restell(tempstring);
Phil Knirsch 8c4b15 
@@ -1063,7 +1063,7 @@
Phil Knirsch 8c4b15 
 	  }
Phil Knirsch 8c4b15 
 	break;
Phil Knirsch 8c4b15 
       default:
Phil Knirsch 8c4b15 
-	sprintf(tempstring,"Resolver error: Received unimplemented query type: %u (%s)",
Phil Knirsch 8c4b15 
+	snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented query type: %u (%s)",
Phil Knirsch 8c4b15 
 		qdatatype,qdatatype < ResourcetypeCount ?
Phil Knirsch 8c4b15 
 		resourcetypes[qdatatype] : resourcetypes[ResourcetypeCount]);
Phil Knirsch 8c4b15 
 	restell(tempstring);
Phil Knirsch 8c4b15 
@@ -1085,7 +1085,7 @@
Phil Knirsch 8c4b15 
 	else
Phil Knirsch 8c4b15 
 	  usefulanswer = 1;
Phil Knirsch 8c4b15 
 	if (debug) {
Phil Knirsch 8c4b15 
-	  sprintf(tempstring,"Resolver: answered domain query: \"%s\"",namestring);
Phil Knirsch 8c4b15 
+	  snprintf(tempstring, sizeof(tempstring), "Resolver: answered domain query: \"%s\"",namestring);
Phil Knirsch 8c4b15 
 	  restell(tempstring);
Phil Knirsch 8c4b15 
 	}
Phil Knirsch 8c4b15 
 	c+= r;
Phil Knirsch 8c4b15 
@@ -1098,10 +1098,10 @@
Phil Knirsch 8c4b15 
 	ttl = sucknetlong(c);
Phil Knirsch 8c4b15 
 	rdatalength = sucknetword(c);
Phil Knirsch 8c4b15 
 	if (class != qclass) {
Phil Knirsch 8c4b15 
-	  sprintf(tempstring,"query class: %u (%s)",qclass,qclass < ClasstypeCount ?
Phil Knirsch 8c4b15 
+	  snprintf(tempstring, sizeof(tempstring), "query class: %u (%s)",qclass,qclass < ClasstypeCount ?
Phil Knirsch 8c4b15 
 		  classtypes[qclass] : classtypes[ClasstypeCount]);
Phil Knirsch 8c4b15 
 	  restell(tempstring);
Phil Knirsch 8c4b15 
-	  sprintf(tempstring,"rr class: %u (%s)",class,class < ClasstypeCount ?
Phil Knirsch 8c4b15 
+	  snprintf(tempstring, sizeof(tempstring), "rr class: %u (%s)",class,class < ClasstypeCount ?
Phil Knirsch 8c4b15 
 		  classtypes[class] : classtypes[ClasstypeCount]);
Phil Knirsch 8c4b15 
 	  restell(tempstring);
Phil Knirsch 8c4b15 
 	  restell("Resolver error: Answered class does not match queried class.");
Phil Knirsch 8c4b15 
@@ -1117,20 +1117,20 @@
Phil Knirsch 8c4b15 
 	}
Phil Knirsch 8c4b15 
 	if (datatype == qdatatype || datatype == T_CNAME) {
Phil Knirsch 8c4b15 
 	  if (debug) {
Phil Knirsch 8c4b15 
-	    sprintf(tempstring,"Resolver: TTL: %s",strtdiff(sendstring,ttl));
Phil Knirsch 8c4b15 
+	    snprintf(tempstring, sizeof(tempstring), "Resolver: TTL: %s",strtdiff(sendstring,ttl));
Phil Knirsch 8c4b15 
 	    restell(tempstring);
Phil Knirsch 8c4b15 
 	  }
Phil Knirsch 8c4b15 
 	  if (usefulanswer)
Phil Knirsch 8c4b15 
 	    switch (datatype) {
Phil Knirsch 8c4b15 
 	    case T_A:
Phil Knirsch 8c4b15 
 	      if (rdatalength != 4) {
Phil Knirsch 8c4b15 
-		sprintf(tempstring,"Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)",
Phil Knirsch 8c4b15 
+		snprintf(tempstring, sizeof(tempstring), "Resolver error: Unsupported rdata format for \"A\" type. (%u bytes)",
Phil Knirsch 8c4b15 
 			rdatalength);
Phil Knirsch 8c4b15 
 		restell(tempstring);
Phil Knirsch 8c4b15 
 		return;
Phil Knirsch 8c4b15 
 	      }
Phil Knirsch 8c4b15 
 	      if ( addrcmp( (void *) &(rp->ip), (void *) c, af ) == 0 ) {
Phil Knirsch 8c4b15 
-		sprintf(tempstring,"Resolver: Reverse authentication failed: %s != ",
Phil Knirsch 8c4b15 
+		snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication failed: %s != ",
Phil Knirsch 8c4b15 
 			strlongip( &(rp->ip) ));
Phil Knirsch 8c4b15 
 		addrcpy( (void *) &alignedip, (void *) c, af );
Phil Knirsch 8c4b15 
 		strcat(tempstring,strlongip( &alignedip ));
Phil Knirsch 8c4b15 
@@ -1138,7 +1138,7 @@
Phil Knirsch 8c4b15 
 		res_hostipmismatch++;
Phil Knirsch 8c4b15 
 		failrp(rp);
Phil Knirsch 8c4b15 
 	      } else {
Phil Knirsch 8c4b15 
-		sprintf(tempstring,"Resolver: Reverse authentication complete: %s == \"%s\".",
Phil Knirsch 8c4b15 
+		snprintf(tempstring, sizeof(tempstring), "Resolver: Reverse authentication complete: %s == \"%s\".",
Phil Knirsch 8c4b15 
 			strlongip( &(rp->ip) ),nonull(rp->hostname));
Phil Knirsch 8c4b15 
 		restell(tempstring);
Phil Knirsch 8c4b15 
 		res_reversesuccess++;
Phil Knirsch 8c4b15 
@@ -1155,7 +1155,7 @@
Phil Knirsch 8c4b15 
 		return;
Phil Knirsch 8c4b15 
 	      }
Phil Knirsch 8c4b15 
 	      if (debug) {
Phil Knirsch 8c4b15 
-		sprintf(tempstring,"Resolver: Answered domain: \"%s\"",namestring);
Phil Knirsch 8c4b15 
+		snprintf(tempstring, sizeof(tempstring), "Resolver: Answered domain: \"%s\"",namestring);
Phil Knirsch 8c4b15 
 		restell(tempstring);
Phil Knirsch 8c4b15 
 	      }
Phil Knirsch 8c4b15 
 	      if (r > HostnameLength) {
Phil Knirsch 8c4b15 
@@ -1180,14 +1180,14 @@
Phil Knirsch 8c4b15 
 	      }
Phil Knirsch 8c4b15 
 	      break;
Phil Knirsch 8c4b15 
 	    default:
Phil Knirsch 8c4b15 
-	      sprintf(tempstring,"Resolver error: Received unimplemented data type: %u (%s)",
Phil Knirsch 8c4b15 
+	      snprintf(tempstring, sizeof(tempstring), "Resolver error: Received unimplemented data type: %u (%s)",
Phil Knirsch 8c4b15 
 		      datatype,datatype < ResourcetypeCount ?
Phil Knirsch 8c4b15 
 		      resourcetypes[datatype] : resourcetypes[ResourcetypeCount]);
Phil Knirsch 8c4b15 
 	      restell(tempstring);
Phil Knirsch 8c4b15 
 	    }
Phil Knirsch 8c4b15 
 	} else {
Phil Knirsch 8c4b15 
 	  if (debug) {
Phil Knirsch 8c4b15 
-	    sprintf(tempstring,"Resolver: Ignoring resource type %u. (%s)",
Phil Knirsch 8c4b15 
+	    snprintf(tempstring, sizeof(tempstring), "Resolver: Ignoring resource type %u. (%s)",
Phil Knirsch 8c4b15 
 		    datatype,datatype < ResourcetypeCount ?
Phil Knirsch 8c4b15 
 		    resourcetypes[datatype] : resourcetypes[ResourcetypeCount]);
Phil Knirsch 8c4b15 
 	    restell(tempstring);
Phil Knirsch 8c4b15 
@@ -1205,7 +1205,7 @@
Phil Knirsch 8c4b15 
     failrp(rp);
Phil Knirsch 8c4b15 
     break;
Phil Knirsch 8c4b15 
   default:
Phil Knirsch 8c4b15 
-    sprintf(tempstring,"Resolver: Received error response %u. (%s)",
Phil Knirsch 8c4b15 
+    snprintf(tempstring, sizeof(tempstring), "Resolver: Received error response %u. (%s)",
Phil Knirsch 8c4b15 
 	    getheader_rcode(hp),getheader_rcode(hp) < ResponsecodeCount ?
Phil Knirsch 8c4b15 
 	    responsecodes[getheader_rcode(hp)] : responsecodes[ResponsecodeCount]);
Phil Knirsch 8c4b15 
     restell(tempstring);
Phil Knirsch 8c4b15 
@@ -1236,13 +1236,13 @@
Phil Knirsch 8c4b15 
 		      (void *) &(from4->sin_addr), AF_INET ) == 0 )
Phil Knirsch 8c4b15 
 	  break;
Phil Knirsch 8c4b15 
     if (i == _res.nscount) {
Phil Knirsch 8c4b15 
-      sprintf(tempstring,"Resolver error: Received reply from unknown source: %s",
Phil Knirsch 8c4b15 
+      snprintf(tempstring, sizeof(tempstring), "Resolver error: Received reply from unknown source: %s",
Phil Knirsch 8c4b15 
 	      inet_ntoa(from4->sin_addr ));
Phil Knirsch 8c4b15 
       restell(tempstring);
Phil Knirsch 8c4b15 
     } else
Phil Knirsch 8c4b15 
       parserespacket((byte *)resrecvbuf,r);
Phil Knirsch 8c4b15 
   } else {
Phil Knirsch 8c4b15 
-    sprintf(tempstring,"Resolver: Socket error: %s",strerror(errno));
Phil Knirsch 8c4b15 
+    snprintf(tempstring, sizeof(tempstring), "Resolver: Socket error: %s",strerror(errno));
Phil Knirsch 8c4b15 
     restell(tempstring);
Phil Knirsch 8c4b15 
   }
Phil Knirsch 8c4b15 
 }
Phil Knirsch 8c4b15 
@@ -1271,7 +1271,7 @@
Phil Knirsch 8c4b15 
     case STATE_FINISHED:	/* TTL has expired */
Phil Knirsch 8c4b15 
     case STATE_FAILED:	/* Fake TTL has expired */
Phil Knirsch 8c4b15 
       if (debug) {
Phil Knirsch 8c4b15 
-	sprintf(tempstring,"Resolver: Cache record for \"%s\" (%s) has expired. (state: %u)  Marked for expire at: %g, time: %g.",
Phil Knirsch 8c4b15 
+	snprintf(tempstring, sizeof(tempstring), "Resolver: Cache record for \"%s\" (%s) has expired. (state: %u)  Marked for expire at: %g, time: %g.",
Phil Knirsch 8c4b15 
                 nonull(rp->hostname), strlongip( &(rp->ip) ),
Phil Knirsch 8c4b15 
 		rp->state, rp->expiretime, sweeptime);
Phil Knirsch 8c4b15 
 	restell(tempstring);
Phil Knirsch 8c4b15 
@@ -1315,14 +1315,14 @@
Phil Knirsch 8c4b15 
     if ((rp->state == STATE_FINISHED) || (rp->state == STATE_FAILED)) {
Phil Knirsch 8c4b15 
       if ((rp->state == STATE_FINISHED) && (rp->hostname)) {
Phil Knirsch 8c4b15 
 	if (debug) {
Phil Knirsch 8c4b15 
-	  sprintf(tempstring,"Resolver: Used cached record: %s == \"%s\".\n",
Phil Knirsch 8c4b15 
+	  snprintf(tempstring, sizeof(tempstring), "Resolver: Used cached record: %s == \"%s\".\n",
Phil Knirsch 8c4b15 
 		  strlongip(ip),rp->hostname);
Phil Knirsch 8c4b15 
 	  restell(tempstring);
Phil Knirsch 8c4b15 
 	}
Phil Knirsch 8c4b15 
 	return rp->hostname;
Phil Knirsch 8c4b15 
       } else {
Phil Knirsch 8c4b15 
 	if (debug) {
Phil Knirsch 8c4b15 
-	  sprintf(tempstring,"Resolver: Used failed record: %s == ???\n",
Phil Knirsch 8c4b15 
+	  snprintf(tempstring, sizeof(tempstring), "Resolver: Used failed record: %s == ???\n",
Phil Knirsch 8c4b15 
 		  strlongip(ip));
Phil Knirsch 8c4b15 
 	  restell(tempstring);
Phil Knirsch 8c4b15 
 	}
Phil Knirsch 8c4b15 
--- mtr-0.69/split.c.CVE-2002-0497	2005-01-11 09:34:07.000000000 +0100
Phil Knirsch 8c4b15 
+++ mtr-0.69/split.c	2005-02-09 18:13:58.000000000 +0100
Phil Knirsch 8c4b15 
@@ -103,13 +103,13 @@
Phil Knirsch 8c4b15 
       name = dns_lookup(addr);
Phil Knirsch 8c4b15 
       if(name != NULL) {
Phil Knirsch 8c4b15 
 	/* May be we should test name's length */
Phil Knirsch 8c4b15 
-	sprintf(newLine, "%s %d %d %d %d %d %d", name,
Phil Knirsch 8c4b15 
+	snprintf(newLine, sizeof(newLine), "%s %d %d %d %d %d %d", name,
Phil Knirsch 8c4b15 
 		net_loss(at),
Phil Knirsch 8c4b15 
 		net_returned(at), net_xmit(at),
Phil Knirsch 8c4b15 
 		net_best(at) /1000, net_avg(at)/1000,
Phil Knirsch 8c4b15 
 		net_worst(at)/1000);
Phil Knirsch 8c4b15 
       } else {
Phil Knirsch 8c4b15 
-	sprintf(newLine, "%s %d %d %d %d %d %d",
Phil Knirsch 8c4b15 
+	snprintf(newLine, sizeof(newLine), "%s %d %d %d %d %d %d",
Phil Knirsch 8c4b15 
 		strlongip( addr ),
Phil Knirsch 8c4b15 
 		net_loss(at),
Phil Knirsch 8c4b15 
 		net_returned(at), net_xmit(at),

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation