Update to 0.21, fixes a format string vulnerability:

http://www.atstake.com/research/advisories/2003/a080703-2.txt

Not exploitable as it is not installed setuid root.

from MAINTAINER.
This commit is contained in:
jolan 2003-08-12 00:59:46 +00:00
parent 4995d1d1a5
commit dd7a4aa7aa
8 changed files with 34 additions and 27 deletions

View File

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.10 2002/10/17 15:37:41 naddy Exp $
# $OpenBSD: Makefile,v 1.11 2003/08/12 00:59:46 jolan Exp $
COMMENT= "tool for capturing data from TCP connections"
DISTNAME= tcpflow-0.20
DISTNAME= tcpflow-0.21
CATEGORIES= net
MASTER_SITES= ftp://ftp.circlemud.org/pub/jelson/tcpflow/

View File

@ -1,3 +1,3 @@
MD5 (tcpflow-0.20.tar.gz) = cce28bfb13fa7a9eea17af9ff50b6580
RMD160 (tcpflow-0.20.tar.gz) = ca0b92dfb8b6b0a32cf087f007df62c48d3d5d7a
SHA1 (tcpflow-0.20.tar.gz) = 833d369e36828fa132106df93c604cc1c42c23c7
MD5 (tcpflow-0.21.tar.gz) = 45a5aef6f043312315b7f342afc4a9c5
RMD160 (tcpflow-0.21.tar.gz) = 250ed27f1a49f4eda4b274857c11762be8261209
SHA1 (tcpflow-0.21.tar.gz) = 08eeb8532e1f713db2587580d759ebad813a0b49

View File

@ -1,6 +1,6 @@
$OpenBSD: patch-tcpflow_1_in,v 1.2 2002/10/17 15:37:41 naddy Exp $
--- tcpflow.1.in.orig Wed Oct 16 20:37:43 2002
+++ tcpflow.1.in Wed Oct 16 20:41:41 2002
$OpenBSD: patch-doc_tcpflow_1_in,v 1.1 2003/08/12 00:59:47 jolan Exp $
--- doc/tcpflow.1.in.orig Mon Feb 26 15:01:30 2001
+++ doc/tcpflow.1.in Mon Aug 11 11:07:02 2003
@@ -32,7 +32,7 @@ tcpflow \- TCP flow recorder
is a program that captures data transmitted as part of TCP connections
(flows), and stores the data in a way that is convenient for protocol

View File

@ -1,7 +1,7 @@
$OpenBSD: patch-main_c,v 1.3 2002/10/17 15:37:41 naddy Exp $
--- main.c.orig Wed Oct 16 20:38:45 2002
+++ main.c Wed Oct 16 20:38:59 2002
@@ -66,7 +66,7 @@ void print_usage(char *progname)
$OpenBSD: patch-src_main_c,v 1.1 2003/08/12 00:59:47 jolan Exp $
--- src/main.c.orig Thu Aug 7 00:35:24 2003
+++ src/main.c Mon Aug 11 11:04:03 2003
@@ -80,7 +80,7 @@ void print_usage(char *progname)
fprintf(stderr, "%s version %s by Jeremy Elson <jelson@circlemud.org>\n\n",
PACKAGE, VERSION);
fprintf(stderr, "usage: %s [-chpsv] [-b max_bytes] [-d debug_level] [-f max_fds]\n", progname);

View File

@ -0,0 +1,21 @@
$OpenBSD: patch-src_util_c,v 1.1 2003/08/12 00:59:47 jolan Exp $
--- src/util.c.orig Wed Aug 8 12:39:40 2001
+++ src/util.c Mon Aug 11 11:06:15 2003
@@ -65,7 +65,7 @@ void *check_malloc(size_t size)
void init_debug(char *argv[])
{
debug_prefix = MALLOC(char, strlen(argv[0]) + 16);
- sprintf(debug_prefix, "%s[%d]", argv[0], (int) getpid());
+ snprintf(debug_prefix, (strlen(argv[0]) +16), "%s[%d]", argv[0], (int) getpid());
}
@@ -144,7 +144,7 @@ char *flow_filename(flow_t flow)
ring_pos = (ring_pos + 1) % RING_SIZE;
- sprintf(ring_buffer[ring_pos],
+ snprintf(ring_buffer[ring_pos], sizeof(ring_buffer[ring_pos]),
"%03d.%03d.%03d.%03d.%05d-%03d.%03d.%03d.%03d.%05d",
(u_int8_t) ((flow.src & 0xff000000) >> 24),
(u_int8_t) ((flow.src & 0x00ff0000) >> 16),

View File

@ -1,12 +0,0 @@
$OpenBSD: patch-util_c,v 1.1 2002/10/17 15:37:41 naddy Exp $
--- util.c.orig Wed Oct 16 22:02:06 2002
+++ util.c Wed Oct 16 22:02:34 2002
@@ -133,7 +133,7 @@ char *flow_filename(flow_t flow)
ring_pos = (ring_pos + 1) % RING_SIZE;
- sprintf(ring_buffer[ring_pos],
+ snprintf(ring_buffer[ring_pos], sizeof(ring_buffer[ring_pos]),
"%03d.%03d.%03d.%03d.%05d-%03d.%03d.%03d.%03d.%05d",
(u_int8_t) ((flow.src & 0xff000000) >> 24),
(u_int8_t) ((flow.src & 0x00ff0000) >> 16),

View File

@ -10,5 +10,3 @@ tcpflow understands sequence numbers and will correctly reconstruct
data streams regardless of retransmissions or out-of-order delivery.
However, it currently does not understand IP fragments; flows
containing IP fragments will not be recorded properly.
WWW: ${HOMEPAGE}

View File

@ -1,3 +1,3 @@
@comment $OpenBSD: PLIST,v 1.2 2000/10/06 01:41:14 kevlo Exp $
@comment $OpenBSD: PLIST,v 1.3 2003/08/12 00:59:47 jolan Exp $
bin/tcpflow
man/man1/tcpflow.1