// ettercap 0.7.5 - 0.7.5.1 buffer overflow patch
// patch -p1 < ec.patch
Index: include/ec.h
--- EC-vulnerable/include/ec.h
+++ EC-fixed/include/ec.h
@@ -81,6 +81,11 @@
#define SAFE_FREE(x) do{ if(x) { free(x); x = NULL; } }while(0)
+
+/* convert to string */
+#define EC_STRINGIFY(in) #in
+#define EC_TOSTRING(in) EC_STRINGIFY(in)
+
#ifdef OS_LINUX
#define __init __attribute__((constructor(101)))
#define __init_last __attribute__((constructor(200))
Index: include/ec_inet.h
--- EC-vulnerable/include/ec_inet.h
+++ EC-fixed/include/ec_inet.h
@@ -24,24 +24,22 @@
#endif
#endif
-enum {
- NS_IN6ADDRSZ = 16,
- NS_INT16SZ = 2,
+#define NS_IN6ADDRSZ 16
+#define NS_INT16SZ = 2
- ETH_ADDR_LEN = 6,
- TR_ADDR_LEN = 6,
- FDDI_ADDR_LEN = 6,
- MEDIA_ADDR_LEN = 6,
+#define ETH_ADDR_LEN 6
+#define TR_ADDR_LEN 6
+#define FDDI_ADDR_LEN 6
+#define MEDIA_ADDR_LEN 6
- IP_ADDR_LEN = 4,
- IP6_ADDR_LEN = 16,
- MAX_IP_ADDR_LEN = IP6_ADDR_LEN,
+#define IP_ADDR_LEN 4
+#define IP6_ADDR_LEN 16
+#define MAX_IP_ADDR_LEN IP6_ADDR_LEN
- ETH_ASCII_ADDR_LEN = sizeof("ff:ff:ff:ff:ff:ff")+1,
- IP_ASCII_ADDR_LEN = sizeof("255.255.255.255")+1,
- IP6_ASCII_ADDR_LEN = sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")+1,
- MAX_ASCII_ADDR_LEN = IP6_ASCII_ADDR_LEN,
-};
+#define ETH_ASCII_ADDR_LEN 19 // sizeof("ff:ff:ff:ff:ff:ff")+1
+#define IP_ASCII_ADDR_LEN 17 // sizeof("255.255.255.255")+1
+#define IP6_ASCII_ADDR_LEN 47 // sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")+1
+#define MAX_ASCII_ADDR_LEN IP6_ASCII_ADDR_LEN
/*
* Some predefined addresses here
Index: src/ec_scan.c
--- EC-vulnerable/src/ec_scan.c
+++ EC-fixed/src/ec_scan.c
@@ -630,7 +630,7 @@
for (nhosts = 0; !feof(hf); nhosts++) {
int proto;
- if (fscanf(hf, "%s %s %s\n", ip, mac, name) != 3 ||
+ if (fscanf(hf, "%"EC_TOSTRING(MAX_ASCII_ADDR_LEN)"s %"EC_TOSTRING(ETH_ASCII_ADDR_LEN)"s %"EC_TOSTRING(MAX_HOSTNAME_LEN)"s\n", ip, mac, name) != 3 ||
*ip == '#' || *mac == '#' || *name == '#')
continue;
// Sajjad Pourali .
// http://www.securation.com/ .