// ettercap 0.7.5 - 0.7.5.1 buffer overflow patch // patch -p1 < ec.patch Index: include/ec.h --- EC-vulnerable/include/ec.h +++ EC-fixed/include/ec.h @@ -81,6 +81,11 @@ #define SAFE_FREE(x) do{ if(x) { free(x); x = NULL; } }while(0) + +/* convert to string */ +#define EC_STRINGIFY(in) #in +#define EC_TOSTRING(in) EC_STRINGIFY(in) + #ifdef OS_LINUX #define __init __attribute__((constructor(101))) #define __init_last __attribute__((constructor(200)) Index: include/ec_inet.h --- EC-vulnerable/include/ec_inet.h +++ EC-fixed/include/ec_inet.h @@ -24,24 +24,22 @@ #endif #endif -enum { - NS_IN6ADDRSZ = 16, - NS_INT16SZ = 2, +#define NS_IN6ADDRSZ 16 +#define NS_INT16SZ = 2 - ETH_ADDR_LEN = 6, - TR_ADDR_LEN = 6, - FDDI_ADDR_LEN = 6, - MEDIA_ADDR_LEN = 6, +#define ETH_ADDR_LEN 6 +#define TR_ADDR_LEN 6 +#define FDDI_ADDR_LEN 6 +#define MEDIA_ADDR_LEN 6 - IP_ADDR_LEN = 4, - IP6_ADDR_LEN = 16, - MAX_IP_ADDR_LEN = IP6_ADDR_LEN, +#define IP_ADDR_LEN 4 +#define IP6_ADDR_LEN 16 +#define MAX_IP_ADDR_LEN IP6_ADDR_LEN - ETH_ASCII_ADDR_LEN = sizeof("ff:ff:ff:ff:ff:ff")+1, - IP_ASCII_ADDR_LEN = sizeof("255.255.255.255")+1, - IP6_ASCII_ADDR_LEN = sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")+1, - MAX_ASCII_ADDR_LEN = IP6_ASCII_ADDR_LEN, -}; +#define ETH_ASCII_ADDR_LEN 19 // sizeof("ff:ff:ff:ff:ff:ff")+1 +#define IP_ASCII_ADDR_LEN 17 // sizeof("255.255.255.255")+1 +#define IP6_ASCII_ADDR_LEN 47 // sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")+1 +#define MAX_ASCII_ADDR_LEN IP6_ASCII_ADDR_LEN /* * Some predefined addresses here Index: src/ec_scan.c --- EC-vulnerable/src/ec_scan.c +++ EC-fixed/src/ec_scan.c @@ -630,7 +630,7 @@ for (nhosts = 0; !feof(hf); nhosts++) { int proto; - if (fscanf(hf, "%s %s %s\n", ip, mac, name) != 3 || + if (fscanf(hf, "%"EC_TOSTRING(MAX_ASCII_ADDR_LEN)"s %"EC_TOSTRING(ETH_ASCII_ADDR_LEN)"s %"EC_TOSTRING(MAX_HOSTNAME_LEN)"s\n", ip, mac, name) != 3 || *ip == '#' || *mac == '#' || *name == '#') continue; // Sajjad Pourali . // http://www.securation.com/ .