[mongoose/el5] Add backport patch to fix CVE-2011-2900 (729146)

Rafael Azenha Aquini aquini at fedoraproject.org
Wed Aug 31 14:02:53 UTC 2011 

commit 01b4cb63b26caff670aea938919c82c4f859a475
Author: Rafael Aquini <aquini at redhat.com>
Date:   Wed Aug 31 10:57:09 2011 -0300

    Add backport patch to fix CVE-2011-2900 (729146)

 mongoose-fix-buffer-overflow-put_dir.patch |   44 ++++++++++++++++++++++++++++
 mongoose.spec                              |    9 +++++-
 2 files changed, 52 insertions(+), 1 deletions(-)
---
diff --git a/mongoose-fix-buffer-overflow-put_dir.patch b/mongoose-fix-buffer-overflow-put_dir.patch
new file mode 100644
index 0000000..079f223
--- /dev/null
+++ b/mongoose-fix-buffer-overflow-put_dir.patch
@@ -0,0 +1,44 @@
+--- a/mongoose.c	2011-08-31 09:49:39.422425550 -0300
++++ b/mongoose.c	2011-08-31 10:00:43.070128846 -0300
+@@ -3394,24 +3394,32 @@ put_dir(const char *path)
+ 	char		buf[FILENAME_MAX];
+ 	const char	*s, *p;
+ 	struct mgstat	st;
+-	size_t		len;
++	int len, res = 1;
+ 
+-	for (s = p = path + 2; (p = strchr(s, '/')) != NULL; s = ++p) {
++	for (s = p = path + 2; (p = strchr(s, DIRSEP)) != NULL; s = ++p) {
+ 		len = p - path;
+-		assert(len < sizeof(buf));
+-		(void) memcpy(buf, path, len);
++		if (len >= (int) sizeof(buf)) {
++			res = -1;
++			break;
++		}
++		memcpy(buf, path, len);
+ 		buf[len] = '\0';
+ 
+ 		/* Try to create intermediate directory */
+-		if (mg_stat(buf, &st) == -1 && mg_mkdir(buf, 0755) != 0)
+-			return (-1);
++		DEBUG_TRACE(("mkdir(%s)", buf));
++		if (mg_stat(buf, &st) == -1 && mg_mkdir(buf, 0755) != 0) {
++			res = -1;
++			break;
++		}
+ 
+ 		/* Is path itself a directory ? */
+-		if (p[1] == '\0')
+-			return (0);
++		if (p[1] == '\0') {
++			res = 0;
++			break;
++		}
+ 	}
+ 
+-	return (1);
++	return res;
+ }
+ 
+ static void
diff --git a/mongoose.spec b/mongoose.spec
index 2068b73..613baa0 100644
--- a/mongoose.spec
+++ b/mongoose.spec
@@ -2,7 +2,7 @@ Name:      mongoose
 Group:     Applications/System 
 Summary:   An easy-to-use self-sufficient web server
 Version:   2.8
-Release:   6%{?dist}
+Release:   7%{?dist}
 License:   MIT
 URL:       http://code.google.com/p/mongoose
 Source0:   http://mongoose.googlecode.com/files/mongoose-%{version}.tgz
@@ -14,6 +14,9 @@ BuildRequires: openssl-devel
 Patch0:    mongoose-makefile-include-debuginfo.patch
 # http://code.google.com/p/mongoose/issues/detail?id=143
 Patch1:    mongoose-use-openssl-versioned-shlib.patch
+# Backport upstream commit FIX for CVE-2011-2900:
+# https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0#
+Patch2:    mongoose-fix-buffer-overflow-put_dir.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -31,6 +34,7 @@ of demos, quick tests, file sharing, and Web programming.
 %setup -q -n %{name}
 %patch0 -p1 -b .debug
 %patch1 -p1 -b .libssl
+%patch2 -p1 -b .fixcve
 %{__install} -p -m 0644  %{SOURCE1} .
 
 %build
@@ -54,6 +58,9 @@ LIBV=$(find '%{_libdir}' | grep -E '/libssl.so.[0-9]?[0-9]?$' | sed -e 's!%{_lib
 %{_mandir}/man1/%{name}.1*
 
 %changelog
+* Wed Aug 31 2011 Rafael Azenha Aquini <aquini at linux dot com> - 2.8-7
+- Add backport patch to fix CVE-2011-2900 (729146)
+
 * Wed Jul 21 2010 Rafael Azenha Aquini <aquini at linux dot com> - 2.8-6
 - Adjust the approach to grab correct OpenSSL versioned shared libs in 
   build time, as suggested by Toshio Ernie Kuratomi (592670#c25)

More information about the scm-commits mailing list