Difuse/routing
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

olsrd: security fixes for olsrd plugins

Browse source
This commit is contained in:
Saverio Proto 2014-05-17 19:09:30 +02:00
parent c00eb4f16a
commit 3fac54d01f
2 changed files with 64 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
olsrd/patches/002-hotfix-long-http-headers-txtinfo.patch Normal file
View file

@ -0,0 +1,36 @@
commit d68c96cf53f188030452aadec466aa6389e81511
Author: Henning Rogge <hrogge@gmail.com>
Date: Tue May 13 21:23:36 2014 +0200
Hotfix for much too long http headers
diff --git a/lib/txtinfo/src/olsrd_txtinfo.c b/lib/txtinfo/src/olsrd_txtinfo.c
index b56545d..2bcce41 100644
--- a/lib/txtinfo/src/olsrd_txtinfo.c
+++ b/lib/txtinfo/src/olsrd_txtinfo.c
@@ -301,8 +301,15 @@ ipc_action(int fd, void *data __attribute__ ((unused)), unsigned int flags __att
FD_ZERO(&rfds);
FD_SET((unsigned int)ipc_connection, &rfds); /* Win32 needs the cast here */
if (0 <= select(ipc_connection + 1, &rfds, NULL, NULL, &tv)) {
- char requ[128];
- ssize_t s = recv(ipc_connection, (void *)&requ, sizeof(requ), 0); /* Win32 needs the cast here */
+ char requ[1024];
+ ssize_t s = recv(ipc_connection, (void *)&requ, sizeof(requ)-1, 0); /* Win32 needs the cast here */
+
+ if (s == sizeof(requ)-1) {
+ /* input was much too long, just skip the rest */
+ char dummy[1024];
+
+ while (recv(ipc_connection, (void *)&dummy, sizeof(dummy), 0) == sizeof(dummy), 0);
+ }
if (0 < s) {
requ[s] = 0;
/* To print out neighbours only on the Freifunk Status
@@ -329,6 +336,7 @@ ipc_action(int fd, void *data __attribute__ ((unused)), unsigned int flags __att
if (0 != strstr(requ, "/ver")) send_what |= SIW_VERSION;
}
}
+
if ( send_what == 0 ) send_what = SIW_ALL;
}

28
olsrd/patches/003-hotfix-long-http-headers-json.patch Normal file
View file

@ -0,0 +1,28 @@
commit 528176910ee1d00278e4108cc23d9f4f2de8a639
Author: Alessio Caiazza <nolith@abisso.org>
Date: Wed May 14 22:45:33 2014 +0200
Hotfix for very long http headers also for jsoninfo
diff --git a/lib/jsoninfo/src/olsrd_jsoninfo.c b/lib/jsoninfo/src/olsrd_jsoninfo.c
index 966292c..817c64a 100644
--- a/lib/jsoninfo/src/olsrd_jsoninfo.c
+++ b/lib/jsoninfo/src/olsrd_jsoninfo.c
@@ -508,8 +508,15 @@ ipc_action(int fd, void *data __attribute__ ((unused)), unsigned int flags __att
FD_ZERO(&rfds);
FD_SET((unsigned int)ipc_connection, &rfds); /* Win32 needs the cast here */
if (0 <= select(ipc_connection + 1, &rfds, NULL, NULL, &tv)) {
- char requ[128];
- ssize_t s = recv(ipc_connection, (void *)&requ, sizeof(requ), 0); /* Win32 needs the cast here */
+ char requ[1024];
+ ssize_t s = recv(ipc_connection, (void *)&requ, sizeof(requ)-1, 0); /* Win32 needs the cast here */
+
+ if (s == sizeof(requ)-1) {
+ /* input was too much long, just skip the rest */
+ char dummy[1024];
+
+ while (recv(ipc_connection, (void *)&dummy, sizeof(dummy), 0) == sizeof(dummy), 0);
+ }
if (0 < s) {
requ[s] = 0;
/* print out the requested tables */