Bump version to 1.53

Fix some buffer overruns. Add support to netstat for GRE and ESP.

Bump version to 1.53
Fix some buffer overruns. Add support to netstat for GRE and ESP.
77344ce0 · Phil Blundell · 9c92a93a · 77344ce0 · 77344ce0 · 77344ce0
Commit 77344ce0 authored Jun 12, 1999 by Phil Blundell
8 changed files
--- a/Makefile
+++ b/Makefile
@@ -96,7 +96,7 @@ endif
 # -------- end of user definitions --------

 MAINTAINER = Philip.Blundell@pobox.com
-RELEASE	   = 1.52
+RELEASE	   = 1.53

 .EXPORT_ALL_VARIABLES:


--- a/README
+++ b/README
                                README

                Information about the net-tools package
+
 NET-TOOLS	A collection of programs that form the base set of the
 		NET-3 networking distribution for the Linux operating
 		system.
@@ -31,7 +32,14 @@ Contents:
                          Notes
                          -----

-This is net-tools 1.52.  Notable changes since 1.51 include:
+This is net-tools 1.53.  Notable changes since 1.52 include:
+
+ - a bunch of buffer overrun vulnerabilities are fixed (thanks to 
+   David Wagner)
+ - Meelis Roos contributed an Estonian translation
+ - netstat recognizes ESP and GRE protocols, courtesy John D. Hardin.
+
+Notable changes since 1.51 include:

 - Jean-Michel Vansteene updated the French translation.
 - Dag Brattli contributed support for IrDA

--- a/arp.c
+++ b/arp.c
@@ -8,7 +8,7 @@
 *              NET-3 Networking Distribution for the LINUX operating
 *              system.
 *
- * Version:     $Id: arp.c,v 1.12 1999/03/24 09:49:43 philip Exp $
+ * Version:     $Id: arp.c,v 1.13 1999/06/12 23:04:14 philip Exp $
 *
 * Maintainer:  Bernd 'eckes' Eckenfels, <net-tools@lina.inka.de>
 *
@@ -529,7 +529,7 @@ static int arp_show(char *name)
 	    ap->herror(host);
 	    return (-1);
 	}
-	strcpy(host, ap->sprint(&sa, 1));
+	safe_strncpy(host, ap->sprint(&sa, 1), sizeof(host));
    }
    /* Open the PROCps kernel table. */
    if ((fp = fopen(_PATH_PROCNET_ARP, "r")) == NULL) {

--- a/iptunnel.c
+++ b/iptunnel.c
@@ -34,6 +34,7 @@
 #include "intl.h"
 #include "net-support.h"
 #include "version.h"
+#include "util.h"

 #undef GRE_CSUM
 #define GRE_CSUM	htons(0x8000)
@@ -279,7 +280,7 @@ static int parse_args(int argc, char **argv, struct ip_tunnel_parm *p)
 				p->iph.saddr = get_addr32(*argv);
 		} else if (strcmp(*argv, "dev") == 0) {
 			NEXT_ARG();
-			strncpy(medium, *argv, IFNAMSIZ-1);
+			safe_strncpy(medium, *argv, IFNAMSIZ-1);
 		} else if (strcmp(*argv, "ttl") == 0) {
 			unsigned uval;
 			NEXT_ARG();
@@ -304,7 +305,7 @@ static int parse_args(int argc, char **argv, struct ip_tunnel_parm *p)
 		} else {
 			if (p->name[0])
 				usage();
-			strncpy(p->name, *argv, IFNAMSIZ);
+			safe_strncpy(p->name, *argv, IFNAMSIZ);
 		}
 		argc--; argv++;
 	}

--- a/lib/inet.c
+++ b/lib/inet.c
@@ -3,7 +3,7 @@
 *              support functions for the net-tools.
 *              (NET-3 base distribution).
 *
- * Version:    $Id: inet.c,v 1.11 1999/03/03 21:43:08 philip Exp $
+ * Version:    $Id: inet.c,v 1.12 1999/06/12 23:04:18 philip Exp $
 *
 * Author:      Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
 *              Copyright 1993 MicroWalt Corporation
@@ -91,7 +91,6 @@ static int INET_resolve(char *name, struct sockaddr_in *sin)
    /* Try the NETWORKS database to see if this is a known network. */
    if ((np = getnetbyname(name)) != (struct netent *) NULL) {
 	sin->sin_addr.s_addr = htonl(np->n_net);
-	strcpy(name, np->n_name);
 	return 1;
    }
 #ifdef DEBUG
@@ -103,14 +102,15 @@ static int INET_resolve(char *name, struct sockaddr_in *sin)
 	errno = h_errno;
 	return -1;
    }
-    memcpy((char *) &sin->sin_addr, (char *) hp->h_addr_list[0], hp->h_length);
-    strcpy(name, hp->h_name);
+    memcpy((char *) &sin->sin_addr, (char *) hp->h_addr_list[0], 
+	   sizeof(struct in_addr));
+
    return 0;
 }


-static int INET_rresolve(char *name, struct sockaddr_in *sin, int numeric,
-			 unsigned int netmask)
+static int INET_rresolve(char *name, size_t len, struct sockaddr_in *sin, 
+			 int numeric, unsigned int netmask)
 {
    struct hostent *ent;
    struct netent *np;
@@ -129,14 +129,14 @@ static int INET_rresolve(char *name, struct sockaddr_in *sin, int numeric,
    if (ad == INADDR_ANY) {
 	if ((numeric & 0x7FFF) == 0) {
 	    if (numeric & 0x8000)
-		strcpy(name, "default");
+		safe_strncpy(name, "default", len);
 	    else
-		strcpy(name, "*");
+	        safe_strncpy(name, "*", len);
 	    return (0);
 	}
    }
    if (numeric & 0x7FFF) {
-	strcpy(name, inet_ntoa(sin->sin_addr));
+        safe_strncpy(name, inet_ntoa(sin->sin_addr), len);
 	return (0);
    }
 #if 0
@@ -145,7 +145,7 @@ static int INET_rresolve(char *name, struct sockaddr_in *sin, int numeric,
    pn = INET_nn;
    while (pn != NULL) {
 	if (pn->addr.sin_addr.s_addr == ad) {
-	    strcpy(name, pn->name);
+	    safe_strncpy(name, pn->name, len);
 	    return (0);
 	}
 	pn = pn->next;
@@ -157,16 +157,14 @@ static int INET_rresolve(char *name, struct sockaddr_in *sin, int numeric,
    if ((ad & (~ netmask)) != 0) {
 	ent = gethostbyaddr((char *) &ad, 4, AF_INET);
 	if (ent != NULL)
-	    strcpy(name, ent->h_name);
+	    safe_strncpy(name, ent->h_name, len);
    } else {
 	np = getnetbyaddr(host_ad, AF_INET);
-	if (np != NULL) {
-	    strcpy(name, np->n_name);
-	}
-    }
-    if ((ent == NULL) && (np == NULL)) {
-	strcpy(name, inet_ntoa(sin->sin_addr));
+	if (np != NULL)
+	    safe_strncpy(name, np->n_name, len);
    }
+    if ((ent == NULL) && (np == NULL))
+	safe_strncpy(name, inet_ntoa(sin->sin_addr), len);
    pn = (struct addr *) malloc(sizeof(struct addr));
    pn->addr = *sin;
    pn->next = INET_nn;
@@ -198,9 +196,11 @@ static char *INET_sprint(struct sockaddr *sap, int numeric)

    if (sap->sa_family == 0xFFFF || sap->sa_family == 0)
 	return safe_strncpy(buff, _("[NONE SET]"), sizeof(buff));
-    if (INET_rresolve(buff, (struct sockaddr_in *) sap, numeric, 
-		      0xffffff00) != 0)
+
+    if (INET_rresolve(buff, sizeof(buff), (struct sockaddr_in *) sap, 
+		      numeric, 0xffffff00) != 0)
 	return (NULL);
+
    return (buff);
 }

@@ -211,8 +211,8 @@ char *INET_sprintmask(struct sockaddr *sap, int numeric,

    if (sap->sa_family == 0xFFFF || sap->sa_family == 0)
 	return safe_strncpy(buff, _("[NONE SET]"), sizeof(buff));
-    if (INET_rresolve(buff, (struct sockaddr_in *) sap, numeric,
-		      netmask) != 0)
+    if (INET_rresolve(buff, sizeof(buff), (struct sockaddr_in *) sap, 
+		      numeric, netmask) != 0)
 	return (NULL);
    return (buff);
 }

--- a/lib/masq_info.c
+++ b/lib/masq_info.c
@@ -6,7 +6,7 @@
 *              NET-3 Networking Distribution for the LINUX operating
 *              system. (net-tools, net-drivers)
 *
- * Version:     $Id: masq_info.c,v 1.5 1999/02/23 12:46:31 philip Exp $
+ * Version:     $Id: masq_info.c,v 1.6 1999/06/12 23:04:19 philip Exp $
 *
 * Author:      Bernd 'eckes' Eckenfels <net-tools@lina.inka.de>
 *              Copyright 1999 Bernd Eckenfels, Germany
@@ -124,6 +124,10 @@ static int read_masqinfo(FILE * f, struct masq *mslist, int nmslist)
 	    ms->proto = "udp";
 	else if (strcmp("ICMP", buf) == 0)
 	    ms->proto = "icmp";
+	else if (strcmp("GRE", buf) == 0)
+	    ms->proto = "gre";
+	else if (strcmp("ESP", buf) == 0)
+	    ms->proto = "esp";
 	else {
 	    EINTERN("masq_info.c", "ip_masquerade unknown type");
 	    return (-1);

--- a/netstat.c
+++ b/netstat.c
@@ -6,7 +6,7 @@
 *              NET-3 Networking Distribution for the LINUX operating
 *              system.
 *
- * Version:     $Id: netstat.c,v 1.27 1999/04/20 14:28:14 philip Exp $
+ * Version:     $Id: netstat.c,v 1.28 1999/06/12 23:04:15 philip Exp $
 *
 * Authors:     Fred Baumgarten, <dc6iq@insu1.etec.uni-karlsruhe.de>
 *              Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
@@ -549,8 +549,8 @@ static void igmp_do_one(int lnr, const char *line)
 		    ((struct sockaddr *) &mcastaddr)->sa_family);
 	    return;
 	}
-	strcpy(mcast_addr, ap->sprint((struct sockaddr *) &mcastaddr, 
-				      flag_not));
+	safe_strncpy(mcast_addr, ap->sprint((struct sockaddr *) &mcastaddr, 
+				      flag_not), sizeof(mcast_addr));
 	printf("%-15s %-6d %s\n", device, refcnt, mcast_addr);
 #endif
    } else {    /* IPV4 */
@@ -587,8 +587,8 @@ static void igmp_do_one(int lnr, const char *line)
 		    ((struct sockaddr *) &mcastaddr)->sa_family);
 	    return;
 	}
-	strcpy(mcast_addr, ap->sprint((struct sockaddr *) &mcastaddr, 
-				      flag_not) );
+	safe_strncpy(mcast_addr, ap->sprint((struct sockaddr *) &mcastaddr, 
+				      flag_not), sizeof(mcast_addr));
 	printf("%-15s %-6d %s\n", device, refcnt, mcast_addr );
 #endif
    }    /* IPV4 */
@@ -676,8 +676,10 @@ static void tcp_do_one(int lnr, const char *line)
 	rxq = 0L;
 	txq = 0L;
    }
-    strcpy(local_addr, ap->sprint((struct sockaddr *) &localaddr, flag_not));
-    strcpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, flag_not));
+    safe_strncpy(local_addr, ap->sprint((struct sockaddr *) &localaddr, 
+					flag_not), sizeof(local_addr));
+    safe_strncpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, flag_not),
+		 sizeof(rem_addr));
    if (flag_all || (flag_lst && !rem_port) || (!flag_lst && rem_port)) {
 	snprintf(buffer, sizeof(buffer), "%s", get_sname(htons(local_port), "tcp", flag_not));

@@ -820,7 +822,8 @@ static void udp_do_one(int lnr, const char *line)

    if (flag_all || (notnull(remaddr) && !flag_lst) || (!notnull(remaddr) && flag_lst))
    {
-        strcpy(local_addr, ap->sprint((struct sockaddr *) &localaddr, flag_not));
+        safe_strncpy(local_addr, ap->sprint((struct sockaddr *) &localaddr, 
+					    flag_not), sizeof(local_addr));
 	snprintf(buffer, sizeof(buffer), "%s", get_sname(htons(local_port), "udp", flag_not));
 	if ((strlen(local_addr) + strlen(buffer)) > 22)
 	    local_addr[22 - strlen(buffer)] = '\0';
@@ -828,7 +831,8 @@ static void udp_do_one(int lnr, const char *line)
 	strcat(local_addr, buffer);

 	snprintf(buffer, sizeof(buffer), "%s", get_sname(htons(rem_port), "udp", flag_not));
-        strcpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, flag_not));
+        safe_strncpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, 
+					  flag_not), sizeof(rem_addr));
 	if ((strlen(rem_addr) + strlen(buffer)) > 22)
 	    rem_addr[22 - strlen(buffer)] = '\0';
 	strcat(rem_addr, ":");
@@ -939,14 +943,16 @@ static void raw_do_one(int lnr, const char *line)
    if (flag_all || (notnull(remaddr) && !flag_lst) || (!notnull(remaddr) && flag_lst))
    {
 	snprintf(buffer, sizeof(buffer), "%s", get_sname(htons(local_port), "raw", flag_not));
-        strcpy(local_addr, ap->sprint((struct sockaddr *) &localaddr, flag_not));
+        safe_strncpy(local_addr, ap->sprint((struct sockaddr *) &localaddr, 
+					    flag_not), sizeof(local_addr));
 	if ((strlen(local_addr) + strlen(buffer)) > 22)
 	    local_addr[22 - strlen(buffer)] = '\0';
 	strcat(local_addr, ":");
 	strcat(local_addr, buffer);

 	snprintf(buffer, sizeof(buffer), "%s", get_sname(htons(rem_port), "raw", flag_not));
-        strcpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, flag_not));
+        safe_strncpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, 
+					  flag_not), sizeof(rem_addr));
 	if ((strlen(rem_addr) + strlen(buffer)) > 22)
 	    rem_addr[22 - strlen(buffer)] = '\0';
 	strcat(rem_addr, ":");
@@ -1310,13 +1316,13 @@ static int ipx_info(void)

 	/* Fetch and resolve the Source */
 	(void) ap->input(4, sad, &sa);
-	strcpy(buf, ap->sprint(&sa, flag_not));
+	safe_strncpy(buf, ap->sprint(&sa, flag_not), sizeof(buf));
 	snprintf(sad, sizeof(sad), "%s:%04X", buf, sport);

 	if (!nc) {
 	    /* Fetch and resolve the Destination */
 	    (void) ap->input(4, dad, &sa);
-	    strcpy(buf, ap->sprint(&sa, flag_not));
+	    safe_strncpy(buf, ap->sprint(&sa, flag_not), sizeof(buf));
 	    snprintf(dad, sizeof(dad), "%s:%04X", buf, dport);
 	} else
 	    strcpy(dad, "-");

--- a/slattach.c
+++ b/slattach.c
@@ -58,6 +58,7 @@
 #include "version.h"
 #include "config.h"
 #include "intl.h"
+#include "util.h"

 #ifndef _PATH_LOCKD
 #define _PATH_LOCKD		"/var/lock"		/* lock files   */
@@ -665,7 +666,7 @@ main(int argc, char *argv[])

  /* Is a terminal given? */
  if (optind != (argc - 1)) usage();
-  strncpy(path, argv[optind], 128);
+  safe_strncpy(path, argv[optind], sizeof(path));
  if (!strcmp(path, "-")) {
 	opt_e = 1;
 	sp = NULL;