On Wed, Mar 23, 2005 at 10:48:42PM +0100, [EMAIL PROTECTED] wrote:
> I have prepared Debian packages for Dibbler - an open and portable DHCPv6
> implementation. Is supports stateful (i.e. IPv6 address granting) as well
> as stateless (i.e. option granting) autoconfiguration for IPv6. It is
> one of two Linux DHCPv6 implementations available, but it has numerous
> advantages over "competition":
> - provides client, server and relay
> - implements base standard as well as numerous extentions
> - provides detailed man pages and 20+ page User's Guide
> - mailing list with rather quick support
> - bug tracking system
> Finally, here's quick justification, why I belive those packages should be
> part of the Debian: After almost 2 years of development, Dibbler is stable
> enough to be merged into Debian. Sooner or later, IPv6 will come. Debian
> should be ready for that.
Looks good at first glance, but there are a few areas of concern.
For some reason the author seems to confuse the use of strncpy,
the following code for example is doing exactly the wrong thing:
strncpy(command,argv[1],strlen(argv[1])+1);
This leads to buffer overflows in the command line handling of
each of the binaries:
/usr/sbin/dibbler-relay `perl -e 'print "X"x3434'`
| Dibbler - a portable DHCPv6, version 0.4.0(RELAY)
...
...
Segmentation fault
These aren't setuid but it is a bit sloppy ..
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
