Bring in the patches that fix the recent security problem.

PKGREVISION++
2002-12-04 21:20:06 +00:00 · 2002-12-04 21:20:06 +00:00 · 8fbef927d3
commit 8fbef927d3
parent b7761ee577
7 changed files with 281 additions and 3 deletions
--- a/net/kdenetwork3/Makefile
+++ b/net/kdenetwork3/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.8 2002/11/01 16:34:41 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2002/12/04 21:20:06 skrll Exp $

 DISTNAME=	kdenetwork-3.0.4
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	net
 COMMENT=	Network modules for the KDE integrated X11 desktop

--- a/net/kdenetwork3/distinfo
+++ b/net/kdenetwork3/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2002/10/14 09:13:52 skrll Exp $
+$NetBSD: distinfo,v 1.5 2002/12/04 21:20:06 skrll Exp $

 SHA1 (kdenetwork-3.0.4.tar.bz2) = 4288cde85cf157f442b71fa3cc3cc82917eadb6d
 Size (kdenetwork-3.0.4.tar.bz2) = 3961252 bytes
@ -13,3 +13,8 @@ SHA1 (patch-aj) = e8cfe911eee70e6562d616ba374a3f8ce53c67cd
 SHA1 (patch-ak) = 018cff6d72916b528e8e4e47b8cc01cb36799e24
 SHA1 (patch-al) = 13c6bfb20fc49ae22d30029044808c9b77747754
 SHA1 (patch-am) = ea75731f5c51c7a4868f4e63e3b97b9a78d6d80c
+SHA1 (patch-an) = 8d38aba40b2c05f4a5fcdbb83aa662187bf3dec8
+SHA1 (patch-ao) = 130417f82bdf5ef3f9e3aefa37aceebdde2857a7
+SHA1 (patch-ap) = 33441bf7af2e1c48a92d3b48c963fe9b98c77846
+SHA1 (patch-aq) = 30b5dc24d5899e79fa56ef9eb6a18fc30a3a0456
+SHA1 (patch-ar) = 964ffac4b98451c00999bcacbd92bb9ed747b6e0
--- a/net/kdenetwork3/patches/patch-an
+++ b/net/kdenetwork3/patches/patch-an
@ -0,0 +1,95 @@
+$NetBSD: patch-an,v 1.1 2002/12/04 21:20:06 skrll Exp $
+
+--- lanbrowsing/kio_lan/kio_lan.cpp.orig	Thu Jan  3 20:34:12 2002
+++ lanbrowsing/kio_lan/kio_lan.cpp
+@@ -176,13 +176,14 @@ int LANProtocol::lanReadDataFromServer()
+ 
+    char *currentBuf=receiveBuffer;
+    int bytesLeft=receivedBytes;
+-   int tmpIP;
+    //this should be large enough for a name
+-   char tmpName[1024];
+   char tmpName[4*1024];
+    //this should be large enough for the hostname
+-   char tmpHostname[512];
+   char tmpHostname[4*1024];
+    while (bytesLeft>0)
+    {
+      int tmpIP=2;
+      tmpName[0]='\0';
+       if ((memchr(currentBuf,0,bytesLeft)==0) || (memchr(currentBuf,int('\n'),bytesLeft)==0))
+       {
+          delete [] receiveBuffer;
+@@ -190,17 +191,19 @@ int LANProtocol::lanReadDataFromServer()
+          return 0;
+       };
+       kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: processing "<<currentBuf;
+-      sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+       //since we check for 0 and \n with memchr() we can be sure
+       //at this point that tmpBuf is correctly terminated
+       int length=strlen(currentBuf)+1;
+      if (length<(4*1024))
+         sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+
+       bytesLeft-=length;
+       currentBuf+=length;
+-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
+      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0))
+       {
+          kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: succeeded"<<endl;
+       }
+-      else
+      else if (tmpIP!=2)
+       {
+          kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: listing host: "<<tmpName<<" with ip: "<<tmpIP<<endl;
+          UDSAtom atom;
+@@ -344,13 +347,14 @@ int LANProtocol::rlanReadDataFromServer(
+ 
+    char *currentBuf=receiveBuffer;
+    int bytesLeft=receivedBytes;
+-   int tmpIP;
+    //this should be large enough for a name
+-   char tmpName[1024];
+   char tmpName[4*1024];
+    //this should be large enough for the hostname
+-   char tmpHostname[512];
+   char tmpHostname[4*1024];
+    while (bytesLeft>0)
+    {
+      int tmpIP=2;
+      tmpName[0]='\0';
+       if ((memchr(currentBuf,0,bytesLeft)==0) || (memchr(currentBuf,int('\n'),bytesLeft)==0))
+       {
+          delete [] receiveBuffer;
+@@ -358,17 +362,19 @@ int LANProtocol::rlanReadDataFromServer(
+          return 0;
+       };
+       kdDebug(7101)<<"RLANProtocol::readDataFromServer: processing "<<currentBuf;
+-      sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+       //since we check for 0 and \n with memchr() we can be sure
+       //at this point that tmpBuf is correctly terminated
+       int length=strlen(currentBuf)+1;
+      if (length<(4*1024))
+         sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+
+       bytesLeft-=length;
+       currentBuf+=length;
+-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
+      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0) )
+       {
+          kdDebug(7101)<<"RLANProtocol::readDataFromServer: succeeded"<<endl;
+       }
+-      else
+      else if (tmpIP!=2)
+       {
+          kdDebug(7101)<<"RLANProtocol::readDataFromServer: listing host: "<<tmpName<<" with ip: "<<tmpIP<<endl;
+          UDSAtom atom;
+@@ -436,7 +442,7 @@ int LANProtocol::checkHost(const QString
+          delete hostInfo;
+          return 0;
+       }
+-      memcpy(&ip, hp->h_addr, hp->h_length);
+      memcpy(&ip, hp->h_addr, sizeof(ip));
+ 
+       for (int i=0; i<KIOLAN_MAX; i++)
+       {
--- a/net/kdenetwork3/patches/patch-ao
+++ b/net/kdenetwork3/patches/patch-ao
@ -0,0 +1,10 @@
+$NetBSD: patch-ao,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/ChangeLog.orig	Wed Jan  3 20:38:01 2001
+++ lanbrowsing/lisa/ChangeLog
+@@ -1,2 +1,5 @@
+0.1.3
+-security fixes: fixed LOGNAME vulnerabilty and another possible buffer overflow
+
+ Version 0.1
+ -initial version
--- a/net/kdenetwork3/patches/patch-ap
+++ b/net/kdenetwork3/patches/patch-ap
@ -0,0 +1,13 @@
+$NetBSD: patch-ap,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/lisadefines.h.orig	Fri Oct 26 12:05:47 2001
+++ lanbrowsing/lisa/lisadefines.h
+@@ -2,7 +2,7 @@
+ #define LISADEFINES_H
+ 
+ 
+-#define MYVERSION "0.1.1"
+#define MYVERSION "0.2.2"
+ #define MY_ID 7741
+ #define MYPORT 7741
+ #define MAX_SPECS 32
--- a/net/kdenetwork3/patches/patch-aq
+++ b/net/kdenetwork3/patches/patch-aq
@ -0,0 +1,121 @@
+$NetBSD: patch-aq,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/netmanager.cpp.orig	Sat Feb  2 22:27:59 2002
+++ lanbrowsing/lisa/netmanager.cpp
+@@ -27,6 +27,7 @@
+ #include <strings.h>
+ #include <errno.h>
+ #include <string.h>
+#include <pwd.h>
+ 
+ #ifndef AF_LOCAL
+ #define AF_LOCAL AF_UNIX
+@@ -70,7 +71,7 @@ NetManager::NetManager(int& rawSocketFD,
+ 
+ NetManager::~NetManager()
+ {
+-   mgetDebug()<<"netknife destructor ..."<<std::endl;
+   mgetDebug()<<"NetManager destructor ..."<<std::endl;
+    if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
+    ::close(m_listenFD);
+    ::close(m_bcFD);
+@@ -131,14 +132,28 @@ int NetManager::prepare()
+       m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
+       //m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
+       MyString socketName("/tmp/resLisa-");
+-      socketName+=getenv("LOGNAME");
+      struct passwd *user = getpwuid( getuid() );
+      if ( user )
+         socketName+=user->pw_name;
+      else
+         //should never happen
+         socketName+="???";
+       ::unlink(socketName.data());
+       sockaddr_un serverAddr;
+-//      bzero((char*)&serverAddr, sizeof(serverAddr));
+      if (socketName.length() >= sizeof(serverAddr.sun_path))
+      {
+         std::cout<<"NetManager::prepare: your user name  \""<<user->pw_name<<"\" is too long, exiting."<<std::endl;
+         return 0;
+      }
+       memset((void*)&serverAddr, 0, sizeof(serverAddr));
+-      serverAddr.sun_family      = AF_LOCAL;
+-      strcpy(serverAddr.sun_path,socketName.data());
+-      ::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
+      serverAddr.sun_family=AF_LOCAL;
+      strncpy(serverAddr.sun_path,socketName.data(),sizeof(serverAddr.sun_path));
+      result=::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
+      if (result!=0)
+      {
+         std::cout<<"NetManager::prepare: bind (UNIX socket) failed, errno: "<<errno<<std::endl;
+         return 0;
+      }
+    }
+    else
+    {
+@@ -148,7 +163,7 @@ int NetManager::prepare()
+       {
+          std::cout<<"NetManager::prepare: socket(TCP) failed, errno: "<<errno<<std::endl;
+          return 0;
+-      };
+      }
+ 
+       sockaddr_in serverAddress;
+ //      bzero((char*)&serverAddress, sizeof(serverAddress));
+@@ -654,6 +669,10 @@ int NetManager::readDataFromFD(int fd)
+    m_receivedBytes+=result;
+    if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
+    m_receiveBuffer=newBuf;
+   // too much data - abort at 2MB to avoid memory exhaustion
+   if (m_receivedBytes>2*1024*1024)
+     return 0;
+
+    return 1;
+ };
+ 
+@@ -665,14 +684,15 @@ int NetManager::processScanResults()
+ 
+    char *tmpBuf=m_receiveBuffer;
+    int bytesLeft=m_receivedBytes;
+-   int tmpIP;
+    mgetDebug()<<"m_receivedBytes: "<<m_receivedBytes<<" bytesLeft: "<<bytesLeft<<std::endl;
+    //this should be large enough for a name
+    //and the stuff which is inserted into the buffer
+-   //comes only from ourselves
+   //comes only from ourselves ... or attackers :-(
+    char tmpName[1024*4];
+    while (bytesLeft>0)
+    {
+      int tmpIP=2;  // well, some impossible IP address, 0 and 1 are already used for the last line of output
+      tmpName[0]='\0';
+       if ((memchr(tmpBuf,0,bytesLeft)==0) || (memchr(tmpBuf,int('\n'),bytesLeft)==0))
+       {
+          delete newNodes;
+@@ -687,14 +707,16 @@ int NetManager::processScanResults()
+          return 0;
+       };
+       //mgetDebug()<<"NetManager::processScanResults: processing -"<<tmpBuf;
+-      sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
+       //since we check for 0 and \n with memchr() we can be sure
+       //at this point that tmpBuf is correctly terminated
+       int length=strlen(tmpBuf)+1;
+      if (length<(4*1024))
+         sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
+
+       bytesLeft-=length;
+       tmpBuf+=length;
+       mgetDebug()<<"length: "<<length<<" bytesLeft: "<<bytesLeft<<std::endl;
+-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
+      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0))
+       {
+          mgetDebug()<<"NetManager::processScanResults: succeeded :-)"<<std::endl;
+          delete hostList;
+@@ -712,7 +734,7 @@ int NetManager::processScanResults()
+ 
+          return 1;
+       }
+-      else
+      else if (tmpIP!=2)
+       {
+          //mgetDebug()<<"NetManager::processScanResults: adding host: "<<tmpName<<" with ip: "<<tmpIP<<std::endl;
+          newNodes->append(Node(tmpName,tmpIP));
--- a/net/kdenetwork3/patches/patch-ar
+++ b/net/kdenetwork3/patches/patch-ar
@ -0,0 +1,34 @@
+$NetBSD: patch-ar,v 1.1 2002/12/04 21:20:07 skrll Exp $
+
+--- lanbrowsing/lisa/netscanner.cpp.orig	Sat Feb  2 22:27:59 2002
+++ lanbrowsing/lisa/netscanner.cpp
+@@ -36,6 +36,10 @@
+ #include <netinet/ip.h>
+ #include <netinet/ip_icmp.h>
+ 
+#ifndef INADDR_NONE
+#define INADDR_NONE -1
+#endif
+
+ #define mgetDebug() getDebug()<<procId
+ 
+ struct ICMPEchoRequest
+@@ -133,7 +137,7 @@ void NetScanner::configure(Config& confi
+       {
+          if ((m_strictMode) && (hostsAdded>=STRICTMODEMAXHOSTS))
+             break;
+-         memcpy(&server_addr, hp->h_addr, hp->h_length);
+         memcpy(&server_addr, hp->h_addr, sizeof(server_addr));
+          char *ip=inet_ntoa(server_addr);
+          mgetDebug()<<"NetScanner::configure(): looking up "<<nextName<<" gives -"<<ip<<"-"<<std::endl;
+          ipRangeStr=ipRangeStr+ip+';';
+@@ -377,6 +381,9 @@ void NetScanner::nmblookupScan(SimpleLis
+          };
+       };
+    } while (!done);
+
+   // Warning: The return value of plcose may be incorrect due to the
+   // SIGCHLD handler that is installed. Ignore it!
+    pclose(nmblookupFile);
+ 
+    delete [] tmpBuf;