#compdef mausezahn # # mausezahn.zsh -- zsh completion function for mausezahn # # Copyright (C) 2013 Hideo Hattori # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. typeset -A opt_args _packet_type () { _values \ "arp" \ "bpdu" \ "cdp" \ "ip" \ "icmp" \ "udp" \ "tcp" \ "dns" \ "rtp" \ "syslog" \ "lldp" } _interface_keywords () { _values "interface keyword" \ "rand[Use a random MAC address]" \ "bc[Use a broadcast MAC address]" \ "own[Use own interface MAC address (default for source MAC)]" \ "stp[Use IEEE 802.1d STP multicast address]" \ "cisco[Use Cisco multicast address as used for CDP, VTP, or PVST+]" } _interfaces () { _wanted interfaces expl 'network interface' \ _net_interfaces _values "Pseudo-device that captures on all interfaces" "any" } _arguments -s -S \ "-x[Interactive mode with telnet CLI, default port: 25542]" \ "-l[Listen address in interactive mode, default: 0.0.0.0]" \ "(-6)-4[IPv4 mode (default)]" \ "(-4)-6[IPv6 mode]" \ "-c[Send packet count times, default:1, infinite:0]" \ "-d[Apply delay between transmissions. The delay value can be specified in usec (default, no additional unit needed), or in msec (e.g. 100m or 100msec), or in seconds (e.g. 100s or 100sec)]" \ "-r[Multiplies the specified delay with a random value]" \ "-p[Pad the raw frame to specified length (using random bytes)]" \ "-a[Use specified source mac address, no matter what has been specified with other arguments; keywords see below, Default is own interface]:keyword:_interface_keywords" \ "-b[Same with destination mac address; keywords]:keywords:_interface_keywords" \ "-A[Use specified source IP address (default is own interface IP)]" \ "-B[Send packet to specified destination IP or domain name]" \ "-P[Use the specified ASCII payload]" \ "-f[Read the ASCII payload from a file]:filename:_files" \ "-F[Read the hexadecimal payload from a file]:filename:_files" \ "-Q[Specify 802.1Q VLAN tag and optional Class of Service, you can specify multiple 802.1Q VLAN tags (QinQ...) by separating them via a comma or a period (e.g. '5:10,20,2:30')]" \ "-t[Specify packet type for autobuild (you don't need to care for encapsulations in lower layers, most packet types allow/require additional packet-specific arguments in an ; Currently supported types: arp, bpdu, cdp, ip, icmp, udp, tcp, dns, rtp, syslog, lldp and more; For context-help use 'help' as !]:packet_type:_packet_type" \ "-T[Specify packet type for server mode, currently only rtp is supported; Enter -T help or -T rtp help for further information]" \ "-M[Insert a MPLS label, enter '-M help' for a syntax description]" \ "(-V -VV -VVV)"{-V,-VV,-VVV}"[Verbose and more verbose mode]" \ "-q[Quiet mode, even omit 'important' standard short messages]" \ "-S[Simulation mode: DOES NOT put anything on the wire, this is typically combined with one of the verbose modes (v or V)]" \ "-v[Show version and exit]:" \ "-h[Print help and exit]:" \ "*::args:_gnu_generic" :space:mode:
authorDavid Howells <dhowells@redhat.com>2016-10-26 15:01:54 +0100
committerJames Morris <james.l.morris@oracle.com>2016-10-27 16:03:24 +1100
commit03dab869b7b239c4e013ec82aea22e181e441cfc (patch)
treef4ea0ce7461ba382a66218661f8d763c04e9ef1c /security
parent9fe68cad6e74967b88d0c6aeca7d9cd6b6e91942 (diff)
KEYS: Fix short sprintf buffer in /proc/keys show function
This fixes CVE-2016-7042. Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector is turned on, this can cause a panic due to stack corruption. The problem is that xbuf[] is not big enough to hold a 64-bit timeout rendered as weeks: (gdb) p 0xffffffffffffffffULL/(60*60*24*7) $2 = 30500568904943 That's 14 chars plus NUL, not 11 chars plus NUL. Expand the buffer to 16 chars. I think the unpatched code apparently works if the stack-protector is not enabled because on a 32-bit machine the buffer won't be overflowed and on a 64-bit machine there's a 64-bit aligned pointer at one side and an int that isn't checked again on the other side. The panic incurred looks something like: Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81352ebe CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6 ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679 Call Trace: [<ffffffff813d941f>] dump_stack+0x63/0x84 [<ffffffff811b2cb6>] panic+0xde/0x22a [<ffffffff81352ebe>] ? proc_keys_show+0x3ce/0x3d0 [<ffffffff8109f7f9>] __stack_chk_fail+0x19/0x30 [<ffffffff81352ebe>] proc_keys_show+0x3ce/0x3d0 [<ffffffff81350410>] ? key_validate+0x50/0x50 [<ffffffff8134db30>] ? key_default_cmp+0x20/0x20 [<ffffffff8126b31c>] seq_read+0x2cc/0x390 [<ffffffff812b6b12>] proc_reg_read+0x42/0x70 [<ffffffff81244fc7>] __vfs_read+0x37/0x150 [<ffffffff81357020>] ? security_file_permission+0xa0/0xc0 [<ffffffff81246156>] vfs_read+0x96/0x130 [<ffffffff81247635>] SyS_read+0x55/0xc0 [<ffffffff817eb872>] entry_SYSCALL_64_fastpath+0x1a/0xa4 Reported-by: Ondrej Kozina <okozina@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Ondrej Kozina <okozina@redhat.com> cc: stable@vger.kernel.org Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security')