Contents of /trunk/traceroute/patches/traceroute-1.4.a.12-secfix.patch
Parent Directory | Revision Log
Revision 210 -
(show annotations)
(download)
Thu May 24 09:45:22 2007 UTC (17 years, 4 months ago) by niro
File size: 1151 byte(s)
Thu May 24 09:45:22 2007 UTC (17 years, 4 months ago) by niro
File size: 1151 byte(s)
-security fix
1 | Ripped from Fedora. |
2 | |
3 | --- traceroute-1.4a5/traceroute.c.secfix Fri Jun 13 05:30:27 1997 |
4 | +++ traceroute-1.4a5/traceroute.c Tue Dec 16 12:14:32 1997 |
5 | @@ -368,6 +368,10 @@ |
6 | break; |
7 | |
8 | case 'g': |
9 | + if (strlen(optarg) >= MAXHOSTNAMELEN) { |
10 | + Fprintf(stderr, "%s: Nice Try !\n", prog); |
11 | + exit(-1); |
12 | + } |
13 | if (lsrr >= NGATEWAYS) { |
14 | Fprintf(stderr, |
15 | "%s: No more than %d gateways\n", |
16 | @@ -380,6 +384,11 @@ |
17 | |
18 | case 'i': |
19 | device = optarg; |
20 | + if (strlen(device) >= 16) { /* that is the IFNAMSIZ |
21 | + * from kernel headers */ |
22 | + Fprintf(stderr, "%s: Nice try !\n", prog); |
23 | + exit(-1); |
24 | + } |
25 | break; |
26 | |
27 | case 'I': |
28 | @@ -412,6 +421,10 @@ |
29 | * probe (e.g., on a multi-homed host). |
30 | */ |
31 | source = optarg; |
32 | + if (strlen(source) >= MAXHOSTNAMELEN) { |
33 | + Fprintf(stderr, "%s: Nice Try !\n", prog); |
34 | + exit(-1); |
35 | + } |
36 | break; |
37 | |
38 | case 't': |
39 | @@ -470,6 +483,10 @@ |
40 | |
41 | case 1: |
42 | hostname = argv[optind]; |
43 | + if (strlen(hostname) >= MAXHOSTNAMELEN) { |
44 | + Fprintf(stderr, "%s: Nice try !\n", prog); |
45 | + exit(-1); |
46 | + } |
47 | hi = gethostinfo(hostname); |
48 | setsin(to, hi->addrs[0]); |
49 | if (hi->n > 1) |