Overview

File s390-tools-sles11sp2-qetharp-buffer-overflow.patch of Package s390-tools

Description: qetharp: fix buffer overflow
Symptom:     wrong usage of qetharp may terminate with buffer overflow
Problem:     If qetharp is invoked with an invalid interface name
             longer than 16 bytes, it terminates with
             "buffer overflow detected"
Solution:    Check length of given interface name parameter of qetharp
Problem-ID:  74916
---
 qetharp/qetharp.c |   10 +++++++---
 qetharp/qetharp.h |    4 ++--
 2 files changed, 9 insertions(+), 5 deletions(-)

--- a/qetharp/qetharp.c
+++ b/qetharp/qetharp.c
@@ -4,7 +4,7 @@
  *                  (adaptations to 2.6 kernel)
  * originally written by: Frank Pavlic <pavlic@de.ibm.com>
  * 
- * Copyright IBM Corp. 2001,2007
+ * Copyright IBM Corp. 2001,2011
  */
 
 #include <stdio.h>
@@ -455,10 +455,10 @@ qetharp_usage(void)
 	       "\tn: in conjunction with the -q option it shows\n" \
 	       "\t\tnumerical addresses instead of trying to\n" \
 	       "\t\tresolve IP addresses to host names.\n" \
-	       "\tc: in conjuction with the -q option it shows\n" \
+	       "\tc: in conjunction with the -q option it shows\n" \
 	       "\t\tonly numerical addresses without any\n" \
 	       "\t\tother information.\n" \
-	       "\t6: in conjuction with the -q option it shows\n" \
+	       "\t6: in conjunction with the -q option it shows\n" \
 	       "\t\tIPv6 related entries, if applicable\n" \
 	       "\tp: flushes the ARP table of the card\n" \
 	       "\ta: add static ARP entry\n" \
@@ -470,6 +470,10 @@ qetharp_usage(void)
 static int
 qetharp_parse_info(struct option_info *opin)
 {
+	if (opin->dev_name && (strlen(opin->dev_name) > IFNAMSIZ)) {
+		printf("\nError: interface name too long\n");
+		return -1;
+	}
 	if ((opin->purge_flag+opin->query_flag+
 	    opin->add_flag+opin->delete_flag)==0) {
 		qetharp_usage();
--- a/qetharp/qetharp.h
+++ b/qetharp/qetharp.h
@@ -4,7 +4,7 @@
  *                  (adaptations to 2.6 kernel)
  * originally written by: Frank Pavlic <pavlic@de.ibm.com>
  * 
- * Copyright IBM Corp. 2001, 2006.
+ * Copyright IBM Corp. 2001, 2011
  *
  */
 #ifndef __QETHARP_H__
@@ -67,7 +67,7 @@
 /*****************************************************
  *            Declarations for version string        *
  *****************************************************/
-#define COPYRIGHT "Copyright IBM Corp. 2003, 2006"
+#define COPYRIGHT "Copyright IBM Corp. 2003, 2011"
 
 static struct option qetharp_options[]=
 {
openSUSE Build Service is sponsored by
Places