diff --git a/net/ser2net/Makefile b/net/ser2net/Makefile index 793ff13f3b..a433fbe98c 100644 --- a/net/ser2net/Makefile +++ b/net/ser2net/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ser2net PKG_VERSION:=3.4 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/ser2net diff --git a/net/ser2net/patches/0001-dataxfer.c-fix-possible-buffer-overruns-caused-by-ga.patch b/net/ser2net/patches/0001-dataxfer.c-fix-possible-buffer-overruns-caused-by-ga.patch new file mode 100644 index 0000000000..83874eb115 --- /dev/null +++ b/net/ser2net/patches/0001-dataxfer.c-fix-possible-buffer-overruns-caused-by-ga.patch @@ -0,0 +1,64 @@ +From 8614cf0ad4a017184285e814a704322f59a28869 Mon Sep 17 00:00:00 2001 +From: Michael Heimpold +Date: Wed, 12 Apr 2017 23:36:17 +0200 +Subject: [PATCH] dataxfer.c: fix possible buffer overruns caused by + gai_strerror + +This fixes a possible buffer overrun that could occur due to +gai_strerror() returning a string which is longer than the portbuff +array, i.e. longer than 32 byte. + +Reported-by: David Thornley +Signed-off-by: Michael Heimpold +Signed-off-by: Corey Minyard + +diff --git a/dataxfer.c b/dataxfer.c +index 3d1e713..988f4e4 100644 +--- a/dataxfer.c ++++ b/dataxfer.c +@@ -3702,18 +3702,20 @@ showshortport(struct controller_info *cntlr, port_info_t *port) + portbuff, sizeof(portbuff), + NI_NUMERICHOST | NI_NUMERICSERV); + if (err) { +- strcpy(buffer, "*err*"); +- sprintf(portbuff, "%s", gai_strerror(err)); ++ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); ++ count = controller_outputf(cntlr, "%s", buffer); ++ } else { ++ count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); + } +- bytes_recv = netcon->bytes_received; +- bytes_sent = netcon->bytes_sent; + +- count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); + while (count < 23) { + controller_outs(cntlr, " "); + count++; + } + ++ bytes_recv = netcon->bytes_received; ++ bytes_sent = netcon->bytes_sent; ++ + controller_outputf(cntlr, "%-22s ", port->io.devname); + controller_outputf(cntlr, "%-14s ", state_str[port->net_to_dev_state]); + controller_outputf(cntlr, "%-14s ", state_str[port->dev_to_net_state]); +@@ -3758,11 +3760,12 @@ showport(struct controller_info *cntlr, port_info_t *port) + portbuff, sizeof(portbuff), + NI_NUMERICHOST | NI_NUMERICSERV); + if (err) { +- strcpy(buffer, "*err*"); +- sprintf(portbuff, "%s", gai_strerror(err)); ++ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); ++ controller_outputf(cntlr, " connected to: %s\r\n", buffer); ++ } else { ++ controller_outputf(cntlr, " connected to: %s,%s\r\n", ++ buffer, portbuff); + } +- controller_outputf(cntlr, " connected to: %s,%s\r\n", +- buffer, portbuff); + controller_outputf(cntlr, " bytes read from TCP: %d\r\n", + netcon->bytes_received); + controller_outputf(cntlr, " bytes written to TCP: %d\r\n", +-- +2.7.4 + diff --git a/net/ser2net/patches/0002-dataxfer.c-truncate-error-message-to-fit-the-column-.patch b/net/ser2net/patches/0002-dataxfer.c-truncate-error-message-to-fit-the-column-.patch new file mode 100644 index 0000000000..215a3579b8 --- /dev/null +++ b/net/ser2net/patches/0002-dataxfer.c-truncate-error-message-to-fit-the-column-.patch @@ -0,0 +1,30 @@ +From b303432f2dbd6a20afa99cb462aa0a1bb740b86d Mon Sep 17 00:00:00 2001 +From: Michael Heimpold +Date: Wed, 12 Apr 2017 23:43:18 +0200 +Subject: [PATCH] dataxfer.c: truncate error message to fit the column width + +gai_strerror() could return a string which is longer than our current +column width of "Remote address". To make the output nice again, +truncate the error string in this case. + +Signed-off-by: Michael Heimpold +Signed-off-by: Corey Minyard + +diff --git a/dataxfer.c b/dataxfer.c +index 988f4e4..75c2777 100644 +--- a/dataxfer.c ++++ b/dataxfer.c +@@ -3703,6 +3703,10 @@ showshortport(struct controller_info *cntlr, port_info_t *port) + NI_NUMERICHOST | NI_NUMERICSERV); + if (err) { + snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); ++ /* gai_strerror could return an elongated string which could break ++ our pretty formatted output below, so truncate the string nicely */ ++ if (strlen(buffer) > 22) ++ strcpy(&buffer[22 - 3], "..."); + count = controller_outputf(cntlr, "%s", buffer); + } else { + count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); +-- +2.7.4 + diff --git a/net/ser2net/patches/0003-dataxfer.c-adjust-Remote-address-column-width.patch b/net/ser2net/patches/0003-dataxfer.c-adjust-Remote-address-column-width.patch new file mode 100644 index 0000000000..fbc7aede2c --- /dev/null +++ b/net/ser2net/patches/0003-dataxfer.c-adjust-Remote-address-column-width.patch @@ -0,0 +1,59 @@ +From 81f3991e232fd45b05ff52b5091393532e4305e5 Mon Sep 17 00:00:00 2001 +From: Michael Heimpold +Date: Thu, 13 Apr 2017 20:29:10 +0200 +Subject: [PATCH] dataxfer.c: adjust "Remote address" column width + +In case we are connected to an IPv6 address the current column width +is too small to take the complete address and port number so adjust it. + +Signed-off-by: Michael Heimpold +Signed-off-by: Corey Minyard + +diff --git a/dataxfer.c b/dataxfer.c +index 75c2777..9955403 100644 +--- a/dataxfer.c ++++ b/dataxfer.c +@@ -3674,6 +3674,9 @@ clear_old_port_config(int curr_config) + UNLOCK(ports_lock); + } + ++#define REMOTEADDR_COLUMN_WIDTH \ ++ (INET6_ADDRSTRLEN - 1 /* terminating NUL */ + 1 /* comma */ + 5 /* strlen("65535") */) ++ + /* Print information about a port to the control port given in cntlr. */ + static void + showshortport(struct controller_info *cntlr, port_info_t *port) +@@ -3705,14 +3708,14 @@ showshortport(struct controller_info *cntlr, port_info_t *port) + snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); + /* gai_strerror could return an elongated string which could break + our pretty formatted output below, so truncate the string nicely */ +- if (strlen(buffer) > 22) +- strcpy(&buffer[22 - 3], "..."); ++ if (strlen(buffer) > REMOTEADDR_COLUMN_WIDTH) ++ strcpy(&buffer[REMOTEADDR_COLUMN_WIDTH - 3], "..."); + count = controller_outputf(cntlr, "%s", buffer); + } else { + count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); + } + +- while (count < 23) { ++ while (count < REMOTEADDR_COLUMN_WIDTH + 1) { + controller_outs(cntlr, " "); + count++; + } +@@ -3878,10 +3881,11 @@ showshortports(struct controller_info *cntlr, char *portspec) + port_info_t *port; + + controller_outputf(cntlr, +- "%-22s %-6s %7s %-22s %-22s %-14s %-14s %9s %9s %9s %9s %s\r\n", ++ "%-22s %-6s %7s %-*s %-22s %-14s %-14s %9s %9s %9s %9s %s\r\n", + "Port name", + "Type", + "Timeout", ++ REMOTEADDR_COLUMN_WIDTH, + "Remote address", + "Device", + "TCP to device", +-- +2.7.4 + diff --git a/net/ser2net/patches/0004-dataxfer.c-in-case-port-is-not-connected-display-thi.patch b/net/ser2net/patches/0004-dataxfer.c-in-case-port-is-not-connected-display-thi.patch new file mode 100644 index 0000000000..04cbddcea8 --- /dev/null +++ b/net/ser2net/patches/0004-dataxfer.c-in-case-port-is-not-connected-display-thi.patch @@ -0,0 +1,94 @@ +From 1479d3acc7ffb77225ea294f83a8d3fbdadfece6 Mon Sep 17 00:00:00 2001 +From: Michael Heimpold +Date: Thu, 13 Apr 2017 20:37:35 +0200 +Subject: [PATCH] dataxfer.c: in case port is not connected display this + directly + +In this case we don't bother to call into getnameinfo but show +directly "unconnected", this prevents showing an error message. + +Signed-off-by: Michael Heimpold +Signed-off-by: Corey Minyard + +diff --git a/dataxfer.c b/dataxfer.c +index 9955403..d6a59d9 100644 +--- a/dataxfer.c ++++ b/dataxfer.c +@@ -3700,19 +3700,23 @@ showshortport(struct controller_info *cntlr, port_info_t *port) + if (!netcon) + netcon = &(port->netcons[0]); + +- err = getnameinfo(netcon->raddr, netcon->raddrlen, +- buffer, sizeof(buffer), +- portbuff, sizeof(portbuff), +- NI_NUMERICHOST | NI_NUMERICSERV); +- if (err) { +- snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); +- /* gai_strerror could return an elongated string which could break +- our pretty formatted output below, so truncate the string nicely */ +- if (strlen(buffer) > REMOTEADDR_COLUMN_WIDTH) +- strcpy(&buffer[REMOTEADDR_COLUMN_WIDTH - 3], "..."); +- count = controller_outputf(cntlr, "%s", buffer); ++ if (port->net_to_dev_state != PORT_UNCONNECTED) { ++ err = getnameinfo(netcon->raddr, netcon->raddrlen, ++ buffer, sizeof(buffer), ++ portbuff, sizeof(portbuff), ++ NI_NUMERICHOST | NI_NUMERICSERV); ++ if (err) { ++ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); ++ /* gai_strerror could return an elongated string which could break ++ our pretty formatted output below, so truncate the string nicely */ ++ if (strlen(buffer) > REMOTEADDR_COLUMN_WIDTH) ++ strcpy(&buffer[REMOTEADDR_COLUMN_WIDTH - 3], "..."); ++ count = controller_outputf(cntlr, "%s", buffer); ++ } else { ++ count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); ++ } + } else { +- count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); ++ count = controller_outputf(cntlr, "unconnected"); + } + + while (count < REMOTEADDR_COLUMN_WIDTH + 1) { +@@ -3762,21 +3766,25 @@ showport(struct controller_info *cntlr, port_info_t *port) + controller_outputf(cntlr, " timeout: %d\r\n", port->timeout); + + for_each_connection(port, netcon) { +- err = getnameinfo(netcon->raddr, netcon->raddrlen, +- buffer, sizeof(buffer), +- portbuff, sizeof(portbuff), +- NI_NUMERICHOST | NI_NUMERICSERV); +- if (err) { +- snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); +- controller_outputf(cntlr, " connected to: %s\r\n", buffer); ++ if (port->net_to_dev_state != PORT_UNCONNECTED) { ++ err = getnameinfo(netcon->raddr, netcon->raddrlen, ++ buffer, sizeof(buffer), ++ portbuff, sizeof(portbuff), ++ NI_NUMERICHOST | NI_NUMERICSERV); ++ if (err) { ++ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); ++ controller_outputf(cntlr, " connected to: %s\r\n", buffer); ++ } else { ++ controller_outputf(cntlr, " connected to: %s,%s\r\n", ++ buffer, portbuff); ++ } ++ controller_outputf(cntlr, " bytes read from TCP: %d\r\n", ++ netcon->bytes_received); ++ controller_outputf(cntlr, " bytes written to TCP: %d\r\n", ++ netcon->bytes_sent); + } else { +- controller_outputf(cntlr, " connected to: %s,%s\r\n", +- buffer, portbuff); ++ controller_outputf(cntlr, " unconnected\r\n"); + } +- controller_outputf(cntlr, " bytes read from TCP: %d\r\n", +- netcon->bytes_received); +- controller_outputf(cntlr, " bytes written to TCP: %d\r\n", +- netcon->bytes_sent); + } + + controller_outputf(cntlr, " device: %s\r\n", port->io.devname); +-- +2.7.4 +