0b65ece85b
- Added a patch to add both communication partners in arpspoof - Added patch to allow multiple targets to be imitated simultaniously - Added patch to allow the selection of source hw address in arpspoof - Added a patch which fixes and modernizes the POP decoder - Fixed segmentation faults related to libnet_name2addr4() (#1009879) - Added a patch to fix bit-shift in pntohl() macro (#714958, #850496) - Avoid xdrs being used without being initialised (#715042, #850494)
141 lines
4.2 KiB
Diff
141 lines
4.2 KiB
Diff
Patch by Robert Scheck <robert@fedoraproject.org> for dsniff >= 2.4b1 which fixes
|
|
possible segmentation faults of arpspoof, sshmitm, webmitm and webspy if any non-
|
|
resolving hostname is passed. Issue was introduced by dsniff-2.4-libnet_11.patch;
|
|
libnet_name_resolve() was replaced by libnet_name2addr4() while there must be the
|
|
structure libnet_t passed additionally. And if that structure is not initialized
|
|
using libnet_init() and the passed name can't be resolved (like "192.168.2."), it
|
|
causes a snprintf() to NULL and thus the segmentation fault. Note that macof isn't
|
|
affected as no resolving was involved here ever. Please also have a look to Red Hat
|
|
Bugzilla ID #1009879 for further information.
|
|
|
|
--- dsniff-2.4/sshmitm.c 2013-12-20 21:19:58.000000000 +0100
|
|
+++ dsniff-2.4/sshmitm.c.libnet_name2addr4 2013-12-20 21:29:44.000000000 +0100
|
|
@@ -45,6 +45,8 @@
|
|
struct sockaddr_in csin, ssin;
|
|
int sig_pipe[2];
|
|
|
|
+static libnet_t *l;
|
|
+
|
|
static void
|
|
usage(void)
|
|
{
|
|
@@ -364,6 +366,7 @@
|
|
u_long ip;
|
|
u_short lport, rport;
|
|
int c;
|
|
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
|
|
|
|
lport = rport = 22;
|
|
|
|
@@ -390,12 +393,15 @@
|
|
if (argc < 1)
|
|
usage();
|
|
|
|
- if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)
|
|
- usage();
|
|
-
|
|
if (argc == 2 && (rport = atoi(argv[1])) == 0)
|
|
usage();
|
|
|
|
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
|
|
+ errx(1, "%s", libnet_ebuf);
|
|
+
|
|
+ if ((ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
+ usage();
|
|
+
|
|
record_init(NULL);
|
|
|
|
mitm_init(lport, ip, rport);
|
|
--- dsniff-2.4/webmitm.c 2013-12-20 21:19:58.000000000 +0100
|
|
+++ dsniff-2.4/webmitm.c.libnet_name2addr4 2013-12-20 21:40:09.000000000 +0100
|
|
@@ -47,6 +47,8 @@
|
|
int do_ssl, sig_pipe[2];
|
|
in_addr_t static_host = 0;
|
|
|
|
+static libnet_t *l;
|
|
+
|
|
extern int decode_http(char *, int, char *, int);
|
|
|
|
static void
|
|
@@ -242,7 +244,7 @@
|
|
word = buf_tok(&msg, "/", 1);
|
|
vhost = buf_strdup(word);
|
|
}
|
|
- ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);
|
|
+ ssin.sin_addr.s_addr = libnet_name2addr4(l, vhost, LIBNET_RESOLVE);
|
|
free(vhost);
|
|
|
|
if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
|
|
@@ -496,6 +498,7 @@
|
|
extern char *optarg;
|
|
extern int optind;
|
|
int c;
|
|
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
|
|
|
|
while ((c = getopt(argc, argv, "dh?V")) != -1) {
|
|
switch (c) {
|
|
@@ -509,8 +512,11 @@
|
|
argc -= optind;
|
|
argv += optind;
|
|
|
|
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
|
|
+ errx(1, "%s", libnet_ebuf);
|
|
+
|
|
if (argc == 1) {
|
|
- if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
|
|
+ if ((static_host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
usage();
|
|
}
|
|
else if (argc != 0) usage();
|
|
--- dsniff-2.4/webspy.c 2013-12-20 21:19:58.000000000 +0100
|
|
+++ dsniff-2.4/webspy.c.libnet_name2addr4 2013-12-20 21:45:57.000000000 +0100
|
|
@@ -33,6 +33,7 @@
|
|
extern int mozilla_remote_commands (Display *, Window, char **);
|
|
char *expected_mozilla_version = "4.7";
|
|
char *progname = "webspy";
|
|
+static libnet_t *l;
|
|
|
|
Display *dpy;
|
|
char cmd[2048], *cmdtab[2];
|
|
@@ -183,6 +184,7 @@
|
|
extern char *optarg;
|
|
extern int optind;
|
|
int c;
|
|
+ char libnet_ebuf[LIBNET_ERRBUF_SIZE];
|
|
|
|
while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
|
|
switch (c) {
|
|
@@ -205,7 +207,10 @@
|
|
cmdtab[0] = cmd;
|
|
cmdtab[1] = NULL;
|
|
|
|
- if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
|
|
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
|
|
+ errx(1, "%s", libnet_ebuf);
|
|
+
|
|
+ if ((host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
errx(1, "unknown host");
|
|
|
|
if ((dpy = XOpenDisplay(NULL)) == NULL)
|
|
--- dsniff-2.4/arpspoof.c 2013-12-20 22:00:53.000000000 +0100
|
|
+++ dsniff-2.4/arpspoof.c.libnet_name2addr4 2013-12-20 22:00:38.000000000 +0100
|
|
@@ -207,6 +207,9 @@
|
|
/* allocate enough memory for target list */
|
|
targets = calloc( argc+1, sizeof(struct host) );
|
|
|
|
+ if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
|
|
+ errx(1, "%s", libnet_ebuf);
|
|
+
|
|
while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
|
|
switch (c) {
|
|
case 'i':
|
|
@@ -263,6 +266,8 @@
|
|
if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
|
|
usage();
|
|
|
|
+ libnet_destroy(l);
|
|
+
|
|
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
|
|
errx(1, "%s", pcap_ebuf);
|
|
|