[pkgsrc/trunk]: pkgsrc/net/mtr Implement a fix for the security vulnerability...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/6dae3c63b77b
branches:  trunk
changeset: 542594:6dae3c63b77b
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu May 22 12:10:49 2008 +0000

description:
Implement a fix for the security vulnerability reported in
<http://seclists.org/fulldisclosure/2008/May/0488.html>.

diffstat:

 net/mtr/Makefile         |   3 ++-
 net/mtr/distinfo         |   3 ++-
 net/mtr/patches/patch-ac |  45 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+), 2 deletions(-)

diffs (74 lines):

diff -r bc4647d22c1f -r 6dae3c63b77b net/mtr/Makefile
--- a/net/mtr/Makefile  Thu May 22 11:45:39 2008 +0000
+++ b/net/mtr/Makefile  Thu May 22 12:10:49 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2007/08/16 23:12:20 joerg Exp $
+# $NetBSD: Makefile,v 1.49 2008/05/22 12:10:49 tron Exp $
 
 DISTNAME=      mtr-0.72
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ftp://ftp.bitwizard.nl/mtr/
 
diff -r bc4647d22c1f -r 6dae3c63b77b net/mtr/distinfo
--- a/net/mtr/distinfo  Thu May 22 11:45:39 2008 +0000
+++ b/net/mtr/distinfo  Thu May 22 12:10:49 2008 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.22 2006/10/03 19:15:20 wiz Exp $
+$NetBSD: distinfo,v 1.23 2008/05/22 12:10:49 tron Exp $
 
 SHA1 (mtr-0.72.tar.gz) = afc26c9e8a30eba7ca92ba68d4489b0c9c07977d
 RMD160 (mtr-0.72.tar.gz) = 69843b82fb2de2b2a597c21a62d8eb9473df31b6
 Size (mtr-0.72.tar.gz) = 295845 bytes
 SHA1 (patch-aa) = 3db4ccac08fadcf2fcf75753efc165c6d92a97c3
 SHA1 (patch-ab) = 3923fcd252bdcd9475e937fb78d1d7e5ec607180
+SHA1 (patch-ac) = a34b91ff6ff7a89bea4fc8b262d7604017ff6fad
diff -r bc4647d22c1f -r 6dae3c63b77b net/mtr/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/mtr/patches/patch-ac  Thu May 22 12:10:49 2008 +0000
@@ -0,0 +1,45 @@
+$NetBSD: patch-ac,v 1.3 2008/05/22 12:10:49 tron Exp $
+
+--- split.c.orig       2005-01-11 08:34:07.000000000 +0000
++++ split.c    2008-05-22 13:07:48.000000000 +0100
+@@ -100,24 +100,28 @@
+     addr = net_addr(at);
+     
+     if( addrcmp( (void *) addr, (void *) &unspec_addr, af ) != 0 ) {
++      int bytes;
+       name = dns_lookup(addr);
+       if(name != NULL) {
+       /* May be we should test name's length */
+-      sprintf(newLine, "%s %d %d %d %d %d %d", name,
+-              net_loss(at),
+-              net_returned(at), net_xmit(at),
+-              net_best(at) /1000, net_avg(at)/1000, 
+-              net_worst(at)/1000);
++      bytes = snprintf(newLine, sizeof(newLine), "%s %d %d %d %d %d %d",
++                       name,
++                       net_loss(at),
++                       net_returned(at), net_xmit(at),
++                       net_best(at) /1000, net_avg(at)/1000, 
++                       net_worst(at)/1000);
+       } else {
+-      sprintf(newLine, "%s %d %d %d %d %d %d", 
+-              strlongip( addr ),
+-              net_loss(at),
+-              net_returned(at), net_xmit(at),
+-              net_best(at) /1000, net_avg(at)/1000, 
+-              net_worst(at)/1000);
++      bytes = snprintf(newLine, sizeof(newLine), "%s %d %d %d %d %d %d", 
++                       strlongip( addr ),
++                       net_loss(at),
++                       net_returned(at), net_xmit(at),
++                       net_best(at) /1000, net_avg(at)/1000, 
++                       net_worst(at)/1000);
+       }
++      if (bytes < 0 || bytes >= sizeof(newLine))
++        strcpy(newLine, "???");
+     } else {
+-      sprintf(newLine, "???");
++      strcpy(newLine, "???");
+     }
+ 
+     if (strcmp(newLine, Lines[at]) == 0) {