Package: radvd / 1:1.9.1-1.3

Metadata

Package Version Patches format
radvd 1:1.9.1-1.3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 set_interface_var doesn t check interface name and b.patch | (download)

device-linux.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 
 [patch] set_interface_var() doesn't check interface name and blindly
 does fopen(path "/" ifname, "w") on it.  As "ifname" is an
 untrusted input, it should be checked for ".." and/or "/"
 in it.  Otherwise, an infected unprivileged daemon may
 overwrite contents of file named "mtu", "hoplimit", etc. in
 arbitrary location with arbitrary 32-bit value in decimal
 representation ("%d").  If an attacker has a local account
 or may create arbitrary symlinks with these names in any
 location (e.g. /tmp), any file may be overwritten with a
 decimal value.
0006 removing mdelay in unicast only case.patch | (download)

process.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 
 [patch] removing mdelay in unicast only case
0007 checking iface name more carefully.patch | (download)

device-linux.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] checking iface name more carefully

modified:   device-linux.c
kfreebsd.patch | (download)

configure.ac | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 
---