Security fix for CVE-2012-3368

Memory portion (random stack data) disclosure to the client by unclean client disconnect
2012-07-18 11:15:30 +00:00 · 2012-07-18 11:15:30 +00:00 · d7cbf10b07
commit d7cbf10b07
parent 3be9465329
3 changed files with 54 additions and 10 deletions
--- a/misc/dtach/Makefile
+++ b/misc/dtach/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.6 2010/11/05 08:24:50 sthen Exp $
+# $OpenBSD: Makefile,v 1.7 2012/07/18 11:15:30 jasper Exp $

 COMMENT=		tiny program emulating the detach feature of screen
 DISTNAME=		dtach-0.8
-REVISION=		0
+REVISION=		1
 CATEGORIES=		misc

 HOMEPAGE=		http://dtach.sourceforge.net/
--- a/misc/dtach/patches/patch-attach_c
+++ b/misc/dtach/patches/patch-attach_c
@ -1,7 +1,14 @@
-$OpenBSD: patch-attach_c,v 1.1.1.1 2006/03/05 17:05:36 niallo Exp $
--- attach.c.orig	Sun Feb 26 01:16:57 2006
-+++ attach.c	Sun Feb 26 01:17:00 2006
-@@ -59,7 +59,7 @@ connect_socket(char *name)
+$OpenBSD: patch-attach_c,v 1.2 2012/07/18 11:15:30 jasper Exp $
+
+Last chunk:
+Security fix for CVE-2012-3368
+Memory portion (random stack data) disclosure to the client by unclean client disconnect 
+
+Patch from upstream CVS.
+
+--- attach.c.orig	Thu Jan 31 06:59:54 2008
+++ attach.c	Wed Jul 18 13:13:39 2012
+@@ -56,7 +56,7 @@ connect_socket(char *name)
 	if (s < 0)
 		return -1;
 	sockun.sun_family = AF_UNIX;
@ -10,3 +17,21 @@ $OpenBSD: patch-attach_c,v 1.1.1.1 2006/03/05 17:05:36 niallo Exp $
 	if (connect(s, (struct sockaddr*)&sockun, sizeof(sockun)) < 0)
 	{
 		close(s);
+@@ -237,12 +237,15 @@ attach_main(int noerror)
+ 		/* stdin activity */
+ 		if (n > 0 && FD_ISSET(0, &readfds))
+ 		{
+			ssize_t len;
+
+ 			pkt.type = MSG_PUSH;
+ 			memset(pkt.u.buf, 0, sizeof(pkt.u.buf));
+-			pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
+			len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
+ 
+-			if (pkt.len <= 0)
+			if (len <= 0)
+ 				exit(1);
+			pkt.len = len;
+ 			process_kbd(s, &pkt);
+ 			n--;
+ 		}
--- a/misc/dtach/patches/patch-master_c
+++ b/misc/dtach/patches/patch-master_c
@ -1,6 +1,13 @@
-$OpenBSD: patch-master_c,v 1.1.1.1 2006/03/05 17:05:36 niallo Exp $
--- master.c.orig	Sun Jul  4 17:07:03 2004
-+++ master.c	Sun Feb 26 01:19:14 2006
+$OpenBSD: patch-master_c,v 1.2 2012/07/18 11:15:30 jasper Exp $
+
+Last chunk:
+Security fix for CVE-2012-3368
+Memory portion (random stack data) disclosure to the client by unclean client disconnect 
+
+Patch from upstream CVS.
+
+--- master.c.orig	Thu Jan 31 06:59:54 2008
+++ master.c	Wed Jul 18 13:14:08 2012
@@ -17,6 +17,7 @@
     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
@ -9,7 +16,7 @@ $OpenBSD: patch-master_c,v 1.1.1.1 2006/03/05 17:05:36 niallo Exp $
 
 /* The pty struct - The pty information is stored here. */
 struct pty
-@@ -124,7 +125,7 @@ create_socket(char *name)
+@@ -189,7 +190,7 @@ create_socket(char *name)
 	if (s < 0)
 		return -1;
 	sockun.sun_family = AF_UNIX;
@ -18,3 +25,15 @@ $OpenBSD: patch-master_c,v 1.1.1.1 2006/03/05 17:05:36 niallo Exp $
 	if (bind(s, (struct sockaddr*)&sockun, sizeof(sockun)) < 0)
 	{
 		close(s);
+@@ -351,7 +352,10 @@ client_activity(struct client *p)
+ 
+ 	/* Push out data to the program. */
+ 	if (pkt.type == MSG_PUSH)
+-		write(the_pty.fd, pkt.u.buf, pkt.len);
+	{
+		if (pkt.len <= sizeof(pkt.u.buf))
+			write(the_pty.fd, pkt.u.buf, pkt.len);
+	}
+ 
+ 	/* Attach or detach from the program. */
+ 	else if (pkt.type == MSG_ATTACH)