From: Saverio Proto Date: Sat, 17 May 2014 17:09:30 +0000 (+0200) Subject: olsrd: security fixes for olsrd plugins X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=3fac54d01f6b70bd4a2abd15d216c7552fc28b6f;p=feed%2Frouting.git olsrd: security fixes for olsrd plugins --- diff --git a/olsrd/patches/002-hotfix-long-http-headers-txtinfo.patch b/olsrd/patches/002-hotfix-long-http-headers-txtinfo.patch new file mode 100644 index 0000000..e04e815 --- /dev/null +++ b/olsrd/patches/002-hotfix-long-http-headers-txtinfo.patch @@ -0,0 +1,36 @@ +commit d68c96cf53f188030452aadec466aa6389e81511 +Author: Henning Rogge +Date: Tue May 13 21:23:36 2014 +0200 + + Hotfix for much too long http headers + +diff --git a/lib/txtinfo/src/olsrd_txtinfo.c b/lib/txtinfo/src/olsrd_txtinfo.c +index b56545d..2bcce41 100644 +--- a/lib/txtinfo/src/olsrd_txtinfo.c ++++ b/lib/txtinfo/src/olsrd_txtinfo.c +@@ -301,8 +301,15 @@ ipc_action(int fd, void *data __attribute__ ((unused)), unsigned int flags __att + FD_ZERO(&rfds); + FD_SET((unsigned int)ipc_connection, &rfds); /* Win32 needs the cast here */ + if (0 <= select(ipc_connection + 1, &rfds, NULL, NULL, &tv)) { +- char requ[128]; +- ssize_t s = recv(ipc_connection, (void *)&requ, sizeof(requ), 0); /* Win32 needs the cast here */ ++ char requ[1024]; ++ ssize_t s = recv(ipc_connection, (void *)&requ, sizeof(requ)-1, 0); /* Win32 needs the cast here */ ++ ++ if (s == sizeof(requ)-1) { ++ /* input was much too long, just skip the rest */ ++ char dummy[1024]; ++ ++ while (recv(ipc_connection, (void *)&dummy, sizeof(dummy), 0) == sizeof(dummy), 0); ++ } + if (0 < s) { + requ[s] = 0; + /* To print out neighbours only on the Freifunk Status +@@ -329,6 +336,7 @@ ipc_action(int fd, void *data __attribute__ ((unused)), unsigned int flags __att + if (0 != strstr(requ, "/ver")) send_what |= SIW_VERSION; + } + } ++ + if ( send_what == 0 ) send_what = SIW_ALL; + } + diff --git a/olsrd/patches/003-hotfix-long-http-headers-json.patch b/olsrd/patches/003-hotfix-long-http-headers-json.patch new file mode 100644 index 0000000..8774856 --- /dev/null +++ b/olsrd/patches/003-hotfix-long-http-headers-json.patch @@ -0,0 +1,28 @@ +commit 528176910ee1d00278e4108cc23d9f4f2de8a639 +Author: Alessio Caiazza +Date: Wed May 14 22:45:33 2014 +0200 + + Hotfix for very long http headers also for jsoninfo + +diff --git a/lib/jsoninfo/src/olsrd_jsoninfo.c b/lib/jsoninfo/src/olsrd_jsoninfo.c +index 966292c..817c64a 100644 +--- a/lib/jsoninfo/src/olsrd_jsoninfo.c ++++ b/lib/jsoninfo/src/olsrd_jsoninfo.c +@@ -508,8 +508,15 @@ ipc_action(int fd, void *data __attribute__ ((unused)), unsigned int flags __att + FD_ZERO(&rfds); + FD_SET((unsigned int)ipc_connection, &rfds); /* Win32 needs the cast here */ + if (0 <= select(ipc_connection + 1, &rfds, NULL, NULL, &tv)) { +- char requ[128]; +- ssize_t s = recv(ipc_connection, (void *)&requ, sizeof(requ), 0); /* Win32 needs the cast here */ ++ char requ[1024]; ++ ssize_t s = recv(ipc_connection, (void *)&requ, sizeof(requ)-1, 0); /* Win32 needs the cast here */ ++ ++ if (s == sizeof(requ)-1) { ++ /* input was too much long, just skip the rest */ ++ char dummy[1024]; ++ ++ while (recv(ipc_connection, (void *)&dummy, sizeof(dummy), 0) == sizeof(dummy), 0); ++ } + if (0 < s) { + requ[s] = 0; + /* print out the requested tables */