[mongoose/el6: 15/17] Add backport patch to fix CVE-2011-2900 (729146)
Florencia Fotorello
florencia at fedoraproject.org
Wed Aug 29 03:11:07 UTC 2012
commit c35d7f193fae5d4bdcb4ab6edc425b698dead9b9
Author: Rafael Aquini <aquini at redhat.com>
Date: Wed Aug 31 10:44:58 2011 -0300
Add backport patch to fix CVE-2011-2900 (729146)
mongoose-fix-buffer-overflow-put_dir.patch | 44 ++++++++++++++++++++++++++++
1 files changed, 44 insertions(+), 0 deletions(-)
---
diff --git a/mongoose-fix-buffer-overflow-put_dir.patch b/mongoose-fix-buffer-overflow-put_dir.patch
new file mode 100644
index 0000000..079f223
--- /dev/null
+++ b/mongoose-fix-buffer-overflow-put_dir.patch
@@ -0,0 +1,44 @@
+--- a/mongoose.c 2011-08-31 09:49:39.422425550 -0300
++++ b/mongoose.c 2011-08-31 10:00:43.070128846 -0300
+@@ -3394,24 +3394,32 @@ put_dir(const char *path)
+ char buf[FILENAME_MAX];
+ const char *s, *p;
+ struct mgstat st;
+- size_t len;
++ int len, res = 1;
+
+- for (s = p = path + 2; (p = strchr(s, '/')) != NULL; s = ++p) {
++ for (s = p = path + 2; (p = strchr(s, DIRSEP)) != NULL; s = ++p) {
+ len = p - path;
+- assert(len < sizeof(buf));
+- (void) memcpy(buf, path, len);
++ if (len >= (int) sizeof(buf)) {
++ res = -1;
++ break;
++ }
++ memcpy(buf, path, len);
+ buf[len] = '\0';
+
+ /* Try to create intermediate directory */
+- if (mg_stat(buf, &st) == -1 && mg_mkdir(buf, 0755) != 0)
+- return (-1);
++ DEBUG_TRACE(("mkdir(%s)", buf));
++ if (mg_stat(buf, &st) == -1 && mg_mkdir(buf, 0755) != 0) {
++ res = -1;
++ break;
++ }
+
+ /* Is path itself a directory ? */
+- if (p[1] == '\0')
+- return (0);
++ if (p[1] == '\0') {
++ res = 0;
++ break;
++ }
+ }
+
+- return (1);
++ return res;
+ }
+
+ static void
More information about the scm-commits
mailing list