dsniff/dsniff-2.4-libnet_name2addr4.patch

Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1 which fixes
possible segmentation faults of arpspoof, sshmitm, webmitm and webspy if any non-
resolving hostname is passed. Issue was introduced by dsniff-2.4-libnet_11.patch;
libnet_name_resolve() was replaced by libnet_name2addr4() while there must be the
structure libnet_t passed additionally. And if that structure is not initialized
using libnet_init() and the passed name can't be resolved (like "192.168.2."), it
causes a snprintf() to NULL and thus the segmentation fault. Note that macof isn't
affected as no resolving was involved here ever. Please also have a look to Red Hat
Bugzilla ID #1009879 for further information.

--- dsniff-2.4/sshmitm.c			2013-12-20 21:19:58.000000000 +0100
+++ dsniff-2.4/sshmitm.c.libnet_name2addr4	2013-12-20 21:29:44.000000000 +0100
@@ -45,6 +45,8 @@
 struct	 sockaddr_in csin, ssin;
 int	 sig_pipe[2];
 
+static	 libnet_t *l;
+
 static void
 usage(void)
 {
@@ -364,6 +366,7 @@
 	u_long ip;
 	u_short lport, rport;
 	int c;
+	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
 
 	lport = rport = 22;
 
@@ -390,12 +393,15 @@
 	if (argc < 1)
 		usage();
 	
-	if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)
-		usage();
-
 	if (argc == 2 && (rport = atoi(argv[1])) == 0)
 		usage();
 	
+	if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+		errx(1, "%s", libnet_ebuf);
+	
+	if ((ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+		usage();
+	
 	record_init(NULL);
 	
 	mitm_init(lport, ip, rport);
--- dsniff-2.4/webmitm.c			2013-12-20 21:19:58.000000000 +0100
+++ dsniff-2.4/webmitm.c.libnet_name2addr4	2013-12-20 21:40:09.000000000 +0100
@@ -47,6 +47,8 @@
 int	 do_ssl, sig_pipe[2];
 in_addr_t	static_host = 0;
 
+static	 libnet_t *l;
+
 extern int decode_http(char *, int, char *, int);
 
 static void
@@ -242,7 +244,7 @@
 			word = buf_tok(&msg, "/", 1);
 			vhost = buf_strdup(word);
 		}
-		ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);
+		ssin.sin_addr.s_addr = libnet_name2addr4(l, vhost, LIBNET_RESOLVE);
 		free(vhost);
 		
 		if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
@@ -496,6 +498,7 @@
 	extern char *optarg;
 	extern int optind;
 	int c;
+	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
 
 	while ((c = getopt(argc, argv, "dh?V")) != -1) {
 		switch (c) {
@@ -509,8 +512,11 @@
 	argc -= optind;
 	argv += optind;
 
+	if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+		errx(1, "%s", libnet_ebuf);
+	
 	if (argc == 1) {
-		if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
+		if ((static_host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
 			usage();
 	}
 	else if (argc != 0) usage();
--- dsniff-2.4/webspy.c				2013-12-20 21:19:58.000000000 +0100
+++ dsniff-2.4/webspy.c.libnet_name2addr4	2013-12-20 21:45:57.000000000 +0100
@@ -33,6 +33,7 @@
 extern int mozilla_remote_commands (Display *, Window, char **);
 char	*expected_mozilla_version = "4.7";
 char	*progname = "webspy";
+static	libnet_t *l;
 
 Display		*dpy;
 char		 cmd[2048], *cmdtab[2];
@@ -183,6 +184,7 @@
 	extern char *optarg;
 	extern int optind;
 	int c;
+	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
 	
 	while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
 		switch (c) {
@@ -205,7 +207,10 @@
 	cmdtab[0] = cmd;
 	cmdtab[1] = NULL;
 	
-	if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
+	if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+		errx(1, "%s", libnet_ebuf);
+	
+	if ((host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
 		errx(1, "unknown host");
 	
 	if ((dpy = XOpenDisplay(NULL)) == NULL)
--- dsniff-2.4/arpspoof.c			2013-12-20 22:00:53.000000000 +0100
+++ dsniff-2.4/arpspoof.c.libnet_name2addr4	2013-12-20 22:00:38.000000000 +0100
@@ -207,6 +207,9 @@
 	/* allocate enough memory for target list */
 	targets = calloc( argc+1, sizeof(struct host) );
 	
+	if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
+		errx(1, "%s", libnet_ebuf);
+	
 	while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
 		switch (c) {
 		case 'i':
@@ -263,6 +266,8 @@
 	if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
 		usage();
 	
+	libnet_destroy(l);
+	
 	if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
 		errx(1, "%s", pcap_ebuf);
- Corrected patch which touches tabular data stream protocol handler - Added a patch to add both communication partners in arpspoof - Added patch to allow multiple targets to be imitated simultaniously - Added patch to allow the selection of source hw address in arpspoof - Added a patch which fixes and modernizes the POP decoder - Fixed segmentation faults related to libnet_name2addr4() (#1009879) - Added a patch to fix bit-shift in pntohl() macro (#714958, #850496) - Avoid xdrs being used without being initialised (#715042, #850494) 2013-12-20 22:02:10 +00:00			`Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1 which fixes`
			`possible segmentation faults of arpspoof, sshmitm, webmitm and webspy if any non-`
			`resolving hostname is passed. Issue was introduced by dsniff-2.4-libnet_11.patch;`
			`libnet_name_resolve() was replaced by libnet_name2addr4() while there must be the`
			`structure libnet_t passed additionally. And if that structure is not initialized`
			`using libnet_init() and the passed name can't be resolved (like "192.168.2."), it`
			`causes a snprintf() to NULL and thus the segmentation fault. Note that macof isn't`
			`affected as no resolving was involved here ever. Please also have a look to Red Hat`
			`Bugzilla ID #1009879 for further information.`

			`--- dsniff-2.4/sshmitm.c 2013-12-20 21:19:58.000000000 +0100`
			`+++ dsniff-2.4/sshmitm.c.libnet_name2addr4 2013-12-20 21:29:44.000000000 +0100`
			`@@ -45,6 +45,8 @@`
			`struct sockaddr_in csin, ssin;`
			`int sig_pipe[2];`

			`+static libnet_t *l;`
			`+`
			`static void`
			`usage(void)`
			`{`
			`@@ -364,6 +366,7 @@`
			`u_long ip;`
			`u_short lport, rport;`
			`int c;`
			`+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];`

			`lport = rport = 22;`

			`@@ -390,12 +393,15 @@`
			`if (argc < 1)`
			`usage();`

			`- if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)`
			`- usage();`
			`-`
			`if (argc == 2 && (rport = atoi(argv[1])) == 0)`
			`usage();`

			`+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)`
			`+ errx(1, "%s", libnet_ebuf);`
			`+`
			`+ if ((ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)`
			`+ usage();`
			`+`
			`record_init(NULL);`

			`mitm_init(lport, ip, rport);`
			`--- dsniff-2.4/webmitm.c 2013-12-20 21:19:58.000000000 +0100`
			`+++ dsniff-2.4/webmitm.c.libnet_name2addr4 2013-12-20 21:40:09.000000000 +0100`
			`@@ -47,6 +47,8 @@`
			`int do_ssl, sig_pipe[2];`
			`in_addr_t static_host = 0;`

			`+static libnet_t *l;`
			`+`
			`extern int decode_http(char , int, char , int);`

			`static void`
			`@@ -242,7 +244,7 @@`
			`word = buf_tok(&msg, "/", 1);`
			`vhost = buf_strdup(word);`
			`}`
			`- ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);`
			`+ ssin.sin_addr.s_addr = libnet_name2addr4(l, vhost, LIBNET_RESOLVE);`
			`free(vhost);`

			`if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) \|\|`
			`@@ -496,6 +498,7 @@`
			`extern char *optarg;`
			`extern int optind;`
			`int c;`
			`+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];`

			`while ((c = getopt(argc, argv, "dh?V")) != -1) {`
			`switch (c) {`
			`@@ -509,8 +512,11 @@`
			`argc -= optind;`
			`argv += optind;`

			`+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)`
			`+ errx(1, "%s", libnet_ebuf);`
			`+`
			`if (argc == 1) {`
			`- if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)`
			`+ if ((static_host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)`
			`usage();`
			`}`
			`else if (argc != 0) usage();`
			`--- dsniff-2.4/webspy.c 2013-12-20 21:19:58.000000000 +0100`
			`+++ dsniff-2.4/webspy.c.libnet_name2addr4 2013-12-20 21:45:57.000000000 +0100`
			`@@ -33,6 +33,7 @@`
			`extern int mozilla_remote_commands (Display , Window, char *);`
			`char *expected_mozilla_version = "4.7";`
			`char *progname = "webspy";`
			`+static libnet_t *l;`

			`Display *dpy;`
			`char cmd[2048], *cmdtab[2];`
			`@@ -183,6 +184,7 @@`
			`extern char *optarg;`
			`extern int optind;`
			`int c;`
			`+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];`

			`while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {`
			`switch (c) {`
			`@@ -205,7 +207,10 @@`
			`cmdtab[0] = cmd;`
			`cmdtab[1] = NULL;`

			`- if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)`
			`+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)`
			`+ errx(1, "%s", libnet_ebuf);`
			`+`
			`+ if ((host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)`
			`errx(1, "unknown host");`

			`if ((dpy = XOpenDisplay(NULL)) == NULL)`
			`--- dsniff-2.4/arpspoof.c 2013-12-20 22:00:53.000000000 +0100`
			`+++ dsniff-2.4/arpspoof.c.libnet_name2addr4 2013-12-20 22:00:38.000000000 +0100`
			`@@ -207,6 +207,9 @@`
			`/* allocate enough memory for target list */`
			`targets = calloc( argc+1, sizeof(struct host) );`

			`+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)`
			`+ errx(1, "%s", libnet_ebuf);`
			`+`
			`while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {`
			`switch (c) {`
			`case 'i':`
			`@@ -263,6 +266,8 @@`
			`if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)`
			`usage();`

			`+ libnet_destroy(l);`
			`+`
			`if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)`
			`errx(1, "%s", pcap_ebuf);`