Package: ettercap / 1:0.8.2-10

803.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001
From: Alexander Koeppe <format_c@online.de>
Date: Thu, 1 Jun 2017 08:56:23 +0200
Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: ettercap-0.8.2/CMakeLists.txt
#===================================================================
#--- ettercap-0.8.2.orig/CMakeLists.txt
#+++ ettercap-0.8.2/CMakeLists.txt
#@@ -125,7 +125,27 @@
# 8  # library dir path in our RPATH.
#   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
# endif(NOT DISABLE_RPATH)
#+
#+# set general build flags for debug build-type
# set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
#+# append ASAN build flags if compiler version has support
#+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
#+      message("Building with ASAN support (GNU compiler)")
#+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
#+      message("Building without ASAN support (GNU compiler)")
#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
#+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
#+      message("Building with ASAN support (Clang compiler)")
#+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
#+      message("Building without ASAN support (Clang compiler)")
#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
#+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
#+
#+# set build flags for release build-type
# set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
# 
# if(OS_DARWIN)
Index: ettercap-0.8.2/include/ec_strings.h
===================================================================
--- ettercap-0.8.2.orig/include/ec_strings.h
+++ ettercap-0.8.2/include/ec_strings.h
@@ -40,7 +40,7 @@
 
 EC_API_EXTERN int match_pattern(const char *s, const char *pattern);
 EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded);
-EC_API_EXTERN int strescape(char *dst, char *src);
+EC_API_EXTERN int strescape(char *dst, char *src, size_t len);
 EC_API_EXTERN int str_replace(char **text, const char *s, const char *d);   
 EC_API_EXTERN size_t strlen_utf8(const char *s);
 EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr);
Index: ettercap-0.8.2/src/ec_strings.c
===================================================================
--- ettercap-0.8.2.orig/src/ec_strings.c
+++ ettercap-0.8.2/src/ec_strings.c
@@ -167,13 +167,14 @@
 /* 
  * convert the escaped string into a binary one
  */
-int strescape(char *dst, char *src)
+int strescape(char *dst, char *src, size_t len)
 {
    char  *olddst = dst;
+   char  *oldsrc = src;
    int   c;
    int   val;
 
-   while ((c = *src++) != '\0') {
+   while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) {
       if (c == '\\') {
          switch ((c = *src++)) {
             case '\0':
@@ -218,9 +219,11 @@
                   if (c >= '0' && c <= '7')
                      val = (val << 3) | (c - '0');
                   else 
-                     --src;
+                     if (src > oldsrc) /* protect against buffer underflow */
+                        --src;
                } else 
-                  --src;
+                  if (src > oldsrc) /* protect against buffer underflow */
+                     --src;
                *dst++ = (char) val;
                break;
 
@@ -232,15 +235,17 @@
                        c = hextoint(*src++);
                        if (c >= 0) 
                           val = (val << 4) + c;
-                       else 
-                          --src;
-               } else 
-                  --src;
+                       else if (src > oldsrc) /* protect against buffer underflow */
+                             --src;
+               } else if (src > oldsrc) /* protect against buffer underflow */
+                     --src;
                *dst++ = (char) val;
                break;
          }
-      } else if (c == 8 || c == 263)  /* the backspace */
-         dst--;
+      } else if (c == 8 || c == 263) {  /* the backspace */
+         if (dst > oldsrc) /* protect against buffer underflow */
+            dst--;
+      }
       else
          *dst++ = (char) c;
    }
Index: ettercap-0.8.2/src/ec_encryption.c
===================================================================
--- ettercap-0.8.2.orig/src/ec_encryption.c
+++ ettercap-0.8.2/src/ec_encryption.c
@@ -218,7 +218,7 @@
 
    if (type == 's') {
       /* escape the string and check its length */
-      if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len)
+      if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len)
     	  SEMIFATAL_ERROR("Specified WEP key length does not match the given string");
    } else if (type == 'p') {
       /* create the key from the passphrase */
Index: ettercap-0.8.2/src/interfaces/curses/ec_curses_view_connections.c
===================================================================
--- ettercap-0.8.2.orig/src/interfaces/curses/ec_curses_view_connections.c
+++ ettercap-0.8.2/src/interfaces/curses/ec_curses_view_connections.c
@@ -590,7 +590,7 @@
    size_t len;
 
    /* escape the sequnces in the buffer */
-   len = strescape((char*)injectbuf, (char*)injectbuf);
+   len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1);
    
    /* check where to inject */
    if (wdg_c1->flags & WDG_OBJ_FOCUSED) {
Index: ettercap-0.8.2/src/interfaces/gtk/ec_gtk_view_connections.c
===================================================================
--- ettercap-0.8.2.orig/src/interfaces/gtk/ec_gtk_view_connections.c
+++ ettercap-0.8.2/src/interfaces/gtk/ec_gtk_view_connections.c
@@ -1567,7 +1567,7 @@
    size_t len;
     
    /* escape the sequnces in the buffer */
-   len = strescape(injectbuf, injectbuf);
+   len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1);
 
    /* check where to inject */
    if (side == 1 || side == 2) {
Index: ettercap-0.8.2/utils/etterfilter/ef_encode.c
===================================================================
--- ettercap-0.8.2.orig/utils/etterfilter/ef_encode.c
+++ ettercap-0.8.2/utils/etterfilter/ef_encode.c
@@ -131,7 +131,8 @@
       fop->op.test.string = (u_char*)strdup(string + 1);
          
       /* escape it in the structure */
-      fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string);
+      fop->op.test.slen = strescape((char*)fop->op.test.string, 
+            (char*)fop->op.test.string, strlen(fop->op.test.string)+1);
      
       return E_SUCCESS;
       
@@ -179,7 +180,8 @@
             fop->opcode = FOP_FUNC;
             fop->op.func.op = FFUNC_SEARCH;
             fop->op.func.string = (u_char*)strdup(dec_args[1]);
-            fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+            fop->op.func.slen = strescape((char*)fop->op.func.string, 
+                  (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
             ret = E_SUCCESS;
          } else
             SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
@@ -197,7 +199,8 @@
             fop->opcode = FOP_FUNC;
             fop->op.func.op = FFUNC_REGEX;
             fop->op.func.string = (u_char*)strdup(dec_args[1]);
-            fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+            fop->op.func.slen = strescape((char*)fop->op.func.string, 
+                  (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
             ret = E_SUCCESS;
          } else
             SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
@@ -267,9 +270,11 @@
          /* replace always operate at DATA level */
          fop->op.func.level = 5;
          fop->op.func.string = (u_char*)strdup(dec_args[0]);
-         fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+         fop->op.func.slen = strescape((char*)fop->op.func.string, 
+               (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
          fop->op.func.replace = (u_char*)strdup(dec_args[1]);
-         fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace);
+         fop->op.func.rlen = strescape((char*)fop->op.func.replace, 
+               (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1);
          ret = E_SUCCESS;
       } else
          SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
@@ -323,7 +328,8 @@
       if (nargs == 1) {
          fop->op.func.op = FFUNC_MSG;
          fop->op.func.string = (u_char*)strdup(dec_args[0]);
-         fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+         fop->op.func.slen = strescape((char*)fop->op.func.string, 
+               (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
          ret = E_SUCCESS;
       } else
          SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);