From 3f63c9889f1f0afc488c321b5e5c29df846d054d Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Sun, 18 Jan 2015 17:44:12 +0100 Subject: [PATCH] minor corrections to docu and test.sh --- CHANGES | 12 +++++++++++- README | 2 +- doc/socat.yo | 11 +++++++++-- test.sh | 7 +++++-- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 4364d81..2002f08 100644 --- a/CHANGES +++ b/CHANGES @@ -119,6 +119,12 @@ porting: including and a weakness in the conditional code. Thanks to Michel Normand for reporting this issue. +doc: + In the man page the PTY example was badly formatted. Thanks to + J.F.Sebastian for sending a patch. + + Added missing CVE ids to security issues in CHANGES + testing: Do not distribute testcert.conf with socat source but generate it (and new testcert6.conf) during test.sh run. @@ -228,6 +234,7 @@ security: ####################### V 1.7.2.2: security: + CVE-2013-3571: after refusing a client connection due to bad source address or source port socat shutdown() the socket but did not close() it, resulting in a file descriptor leak in the listening process, visible with lsof and @@ -238,6 +245,7 @@ security: ####################### V 1.7.2.1: security: + CVE-2012-0219: fixed a possible heap buffer overflow in the readline address. This bug could be exploited when all of the following conditions were met: 1) one of the addresses is READLINE without the noprompt and without the @@ -370,6 +378,7 @@ docu: ####################### V 1.7.1.3: security: + CVE-2010-2799: fixed a stack overflow vulnerability that occurred when command line arguments (whole addresses, host names, file names) were longer than 512 bytes. @@ -869,7 +878,8 @@ further corrections: ####################### V 1.4.0.3: -corrections: +security: + CVE-2004-1484: fix to a syslog() based format string vulnerability that can lead to remote code execution. See advisory socat-adv-1.txt diff --git a/README b/README index ae8e289..5836338 100644 --- a/README +++ b/README @@ -257,7 +257,7 @@ correction must be performed in /usr/share/yodl/shared.yo in two places: license ------- -socat is distributed under the terms of the GNU GPL; +socat is distributed under the terms of the GNU GPLv2; except for install-sh, which is copyright MIT, with its own license; In addition, as a special exception, the copyright holder diff --git a/doc/socat.yo b/doc/socat.yo index e030a02..b77cc57 100644 --- a/doc/socat.yo +++ b/doc/socat.yo @@ -3148,7 +3148,14 @@ label(EXAMPLE_ADDRESS_PTY) label(EXAMPLE_OPTION_SYMBOLIC_LINK) label(EXAMPLE_OPTION_WAIT_SLAVE) label(EXAMPLE_OPTION_NONBLOCK) -(bf(tt(socat PTY,link=$HOME/dev/vmodem0,raw,echo=0,wait-slave EXEC:'"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,raw,echo=0"'))) +mancommand(\.LP) +mancommand(\.nf) +mancommand(\fBsocat PTY,link=$HOME/dev/vmodem0,raw,echo=0,wait-slave \\\bf) +mancommand(\fBEXEC:"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,raw,echo=0"\fP) +mancommand(\.fi) + +htmlcommand(
socat PTY,link=$HOME/dev/vmodem0,raw,echo=0,wait-slave \
+EXEC:'"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,raw,echo=0"'
) generates a pseudo terminal device (link(PTY)(ADDRESS_PTY)) on the client that can be reached under the @@ -3463,7 +3470,7 @@ socat sets this variable to the transfer class of the received packet. dit(bf(SOCAT_OPENSSL_X509_ISSUER) (output)) Issuer field from peer certificate -dit(bf(SOCAT_OPENSSL_X509_SUBJECT (output))) Subject field from peer certificate +dit(bf(SOCAT_OPENSSL_X509_SUBJECT) (output)) Subject field from peer certificate dit(bf(SOCAT_OPENSSL_X509_COMMONNAME) (output)) commonName entries from peer certificates subject. Multiple values are separated by " // ". diff --git a/test.sh b/test.sh index 9520027..4378893 100755 --- a/test.sh +++ b/test.sh @@ -10826,6 +10826,7 @@ elif ! testaddrs tcp ip4 >/dev/null || ! runsip4 >/dev/null; then $PRINTF "test $F_n $TEST... ${YELLOW}TCP/IPv4 not available${NORMAL}\n" $N numCANT=$((numCANT+1)) else +gentestcert testsrv tf="$td/test$N.stdout" te="$td/test$N.stderr" tdiff="$td/test$N.diff" @@ -10880,6 +10881,7 @@ elif ! testaddrs tcp ip4 >/dev/null || ! runsip4 >/dev/null; then $PRINTF "test $F_n $TEST... ${YELLOW}TCP/IPv4 not available${NORMAL}\n" $N numCANT=$((numCANT+1)) else +gentestcert testsrv tf="$td/test$N.stdout" te="$td/test$N.stderr" tdiff="$td/test$N.diff" @@ -11519,11 +11521,12 @@ elif [ -z "$SECONDADDR" ]; then numCANT=$((numCANT+1)) else tf="$td/test$N.stdout" +te="$td/test$N.stderr" tdiff="$td/test$N.diff" da="test$N $(date) $RANDOM" #testserversec "$N" "$TEST" "$opts -s" "tcp4-l:$PORT,reuseaddr,fork,retry=1" "" "range=$SECONDADDR/32" "tcp4:127.0.0.1:$PORT" 4 tcp $PORT 0 -CMD0="$TRACE $SOCAT $opts TCP4-LISTEN:$PORT,reuseaddr,range=127.0.0.1/0 CREATE:$tf" -CMD1="$TRACE $SOCAT $opts - TCP4-CONNECT:$SECONDADDR:$PORT,bind=$SECONDADDR" +CMD0="$TRACE $SOCAT $opts -u TCP4-LISTEN:$PORT,reuseaddr,range=127.0.0.1/0 CREATE:$tf" +CMD1="$TRACE $SOCAT $opts -u - TCP4-CONNECT:$SECONDADDR:$PORT,bind=$SECONDADDR" printf "test $F_n $TEST... " $N $CMD0 2>"${te}0" & pid0=$!