Ubuntu
ax25-tools package

Merge lp:~kamalmostafa/ubuntu/lucid/ax25-tools/fix-353219-crash into lp:ubuntu/lucid/ax25-tools

  1. Lucid (10.04)
  2. fix-353219-crash
  3. Merge into lucid
Proposed by Kamal Mostafa
Status: Merged
Merged at revision: not available
Proposed branch: lp:~kamalmostafa/ubuntu/lucid/ax25-tools/fix-353219-crash
Merge into: lp:ubuntu/lucid/ax25-tools
Diff against target: 86 lines (+27/-8)
3 files modified
ax25/beacon.c (+16/-7)
debian/changelog (+9/-0)
debian/control (+2/-1)
To merge this branch: bzr merge lp:~kamalmostafa/ubuntu/lucid/ax25-tools/fix-353219-crash
Reviewer Review Type Date Requested Status
Iulian Udrea Approve
Ubuntu branches Pending
Review via email: mp+18469@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Iulian Udrea (iulian) wrote :

Looks good. Please let Debian know about this issue as well.

Thank you.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'ax25/beacon.c'
2--- ax25/beacon.c 2001-12-22 23:07:26 +0000
3+++ ax25/beacon.c 2010-02-02 19:41:13 +0000
4@@ -43,7 +43,7 @@
5 struct full_sockaddr_ax25 dest;
6 struct full_sockaddr_ax25 src;
7 int s, n, dlen, len, interval = 30;
8- char addr[20], *port, *message, *portcall;
9+ char *addr, *port, *message, *portcall;
10 char *srccall = NULL, *destcall = NULL;
11
12 while ((n = getopt(argc, argv, "c:d:lmst:v")) != -1) {
13@@ -100,27 +100,36 @@
14 return 1;
15 }
16
17+ addr = NULL;
18 if (mail)
19- strcpy(addr, "MAIL");
20+ addr = strdup("MAIL");
21 else if (destcall != NULL)
22- strcpy(addr, destcall);
23+ addr = strdup(destcall);
24 else
25- strcpy(addr, "IDENT");
26+ addr = strdup("IDENT");
27+ if (addr == NULL)
28+ return 1;
29
30 if ((dlen = ax25_aton(addr, &dest)) == -1) {
31 fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
32 return 1;
33 }
34+ if (addr != NULL) free(addr); addr = NULL;
35
36- if (srccall != NULL && strcmp(srccall, portcall) != 0)
37+ if (srccall != NULL && strcmp(srccall, portcall) != 0) {
38+ if ((addr = (char *) malloc(strlen(srccall) + 1 + strlen(portcall) + 1)) == NULL)
39+ return 1;
40 sprintf(addr, "%s %s", srccall, portcall);
41- else
42- strcpy(addr, portcall);
43+ } else {
44+ if ((addr = strdup(portcall)) == NULL)
45+ return 1;
46+ }
47
48 if ((len = ax25_aton(addr, &src)) == -1) {
49 fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
50 return 1;
51 }
52+ if (addr != NULL) free(addr); addr = NULL;
53
54 if (!single) {
55 if (!daemon_start(FALSE)) {
56
57=== modified file 'debian/changelog'
58--- debian/changelog 2009-11-10 10:12:01 +0000
59+++ debian/changelog 2010-02-02 19:41:13 +0000
60@@ -1,3 +1,12 @@
61+ax25-tools (0.0.8-13.1ubuntu1) lucid; urgency=low
62+
63+ * Fix beacon -d <longstring> crash (LP: #353219):
64+ - Cherry-pick fix from upstream ax25_tools_0_0_10_rc1 (www.linux-ax25.org):
65+ ax25/beacon.c (CVS rev 1.2): important security fix:
66+ char addr[20] was static and strcpy(addr,.argv[n]) of variable length.
67+
68+ -- Kamal Mostafa <kamal@whence.com> Tue, 02 Feb 2010 11:36:32 -0800
69+
70 ax25-tools (0.0.8-13.1) unstable; urgency=low
71
72 * Retiring - remove myself from the uploaders list.
73
74=== modified file 'debian/control'
75--- debian/control 2009-11-10 10:12:01 +0000
76+++ debian/control 2010-02-02 19:41:13 +0000
77@@ -1,7 +1,8 @@
78 Source: ax25-tools
79 Section: hamradio
80 Priority: extra
81-Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
82+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
83+XSBC-Original-Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
84 Uploaders: Jaime Robles <jaime@debian.org>, Patrick Ouellette <pouelle@debian.org>, Hamish Moffatt <hamish@debian.org>, Ramakrishnan Muthukrishnan <rkrishnan@debian.org>
85 Build-Depends: debhelper (>> 4) , libncurses5-dev, zlib1g-dev, libfltk1.1-dev (>= 1.1.2-2), libxext-dev, libx11-dev, libax25-dev, libxt-dev
86 Standards-Version: 3.7.3

Subscribers

People subscribed via source and target branches

to all changes: