rpms
/
radcli
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed overflow in rc_ipaddr_local()

Browse Source
epel9
Nikos Mavrogiannopoulos 9 years ago
parent b3afc6c5be
commit b532eded88
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File

35
radcli-overflow-fix.patch
Unescape View File

@ -0,0 +1,35 @@
From e093225299cb2aba9ad88b475d01e4fc989d5448 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 26 Nov 2015 17:07:46 +0100
Subject: [PATCH 1/2] use sockaddr_storage in rc_ipaddr_local
This corrects a buffer overflow in that function
---
lib/config.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/config.c b/lib/config.c
index 2933298..6e9af4d 100644
--- a/lib/config.c
+++ b/lib/config.c
@@ -836,7 +836,7 @@ static int find_match (const struct addrinfo* addr, const struct addrinfo *hostn
static int rc_ipaddr_local(const struct sockaddr *addr)
{
int temp_sock, res, serrno;
- struct sockaddr tmpaddr;
+ struct sockaddr_storage tmpaddr;
memcpy(&tmpaddr, addr, SA_LEN(addr));
@@ -849,7 +849,7 @@ static int rc_ipaddr_local(const struct sockaddr *addr)
} else {
((struct sockaddr_in6*)&tmpaddr)->sin6_port = 0;
}
- res = bind(temp_sock, &tmpaddr, SA_LEN(&tmpaddr));
+ res = bind(temp_sock, (struct sockaddr*)(&tmpaddr), SS_LEN(&tmpaddr));
serrno = errno;
close(temp_sock);
if (res == 0)
--
2.5.0

7
radcli.spec
Unescape View File

@ -1,7 +1,7 @@
Summary: RADIUS protocol client library
Name: radcli
Version: 1.2.3
Release: 1%{?dist}
Release: 2%{?dist}
#Breakdown of licenses. Under MIT license:
# lib/avpair.c, lib/buildreq.c, lib/clientid.c, lib/config.c, lib/dict.c,
@ -19,6 +19,7 @@ URL: http://radcli.github.io/radcli/
sed 's/\./_/g')}
Source0: https://github.com/radcli/radcli/releases/download/%{name}_%{myversion}/%{name}-%{version}.tar.gz
Patch1: radcli-overflow-fix.patch
#BuildRequires: libtool, automake, autoconf, gettext-devel
BuildRequires: nettle-devel >= 2.7.1
@ -53,6 +54,7 @@ and radiusclient-ng.
%prep
%setup -q
rm -f lib/md5.c
%patch1 -p1 -b .overflow
sed -i -e 's|sys_lib_dlsearch_path_spec="[^"]\+|& %{_libdir}|g' configure
%build
@ -112,6 +114,9 @@ cp -p %{buildroot}%{_datadir}/%{name}/dictionary %{buildroot}%{_sysconfdir}/%{na
%{_libdir}/libradiusclient-ng.so
%changelog
* Thu Nov 26 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.2.3-2
- Fixed overflow in rc_ipaddr_local()
* Wed Sep 2 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.2.3-1
- Updated to 1.2.3

Write Preview
Loading…
Cancel
Save