rpms/mt-daapd/devel mt-daapd-svn-1696-check-input.patch, NONE, 1.1 mt-daapd.spec, 1.8, 1.9

W. Michael Petullo (mikep) fedora-extras-commits at redhat.com
Thu Apr 17 19:53:14 UTC 2008 

Author: mikep

Update of /cvs/extras/rpms/mt-daapd/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32125

Modified Files:
	mt-daapd.spec 
Added Files:
	mt-daapd-svn-1696-check-input.patch 
Log Message:
Apply security patch

mt-daapd-svn-1696-check-input.patch:

--- NEW FILE mt-daapd-svn-1696-check-input.patch ---
diff -urNad mt-daapd-0.9~r1696~/src/webserver.c mt-daapd-0.9~r1696/src/webserver.c
--- mt-daapd-0.9~r1696~/src/webserver.c	2007-10-22 05:40:29.000000000 +0200
+++ mt-daapd-0.9~r1696/src/webserver.c	2008-04-17 19:01:56.000000000 +0200
@@ -719,7 +719,12 @@
         return FALSE;
     }
 
-    length=atoi(content_length);
+    length=strtol(content_length, NULL, 10);
+    if(EINVAL == errno || UINT_MAX - 1 <= length){
+        ws_dprintf(L_WS_WARN, "Thread %d: Suspicious Content-Length value, ignoring request\n", pwsc->threadno);
+        return FALSE;
+    }
+
     ws_dprintf(L_WS_DBG,"Thread %d: Post var length: %d\n",
             pwsc->threadno,length);
 


Index: mt-daapd.spec
===================================================================
RCS file: /cvs/extras/rpms/mt-daapd/devel/mt-daapd.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- mt-daapd.spec	26 Feb 2008 11:59:13 -0000	1.8
+++ mt-daapd.spec	17 Apr 2008 19:52:39 -0000	1.9
@@ -11,7 +11,7 @@
 Summary: An iTunes-compatible media server
 Name: mt-daapd
 Version: 0.9
-Release: 0.1.%{svntag}%{?dist}
+Release: 0.2.%{svntag}%{?dist}
 License: GPLv2+
 Group: Applications/Multimedia
 #Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
@@ -19,6 +19,7 @@
 Source: mt-daapd-svn-%{svntag}.tar.gz
 Patch0: mt-daapd-svn-1696-defaults.patch
 Patch1: mt-daapd-svn-1696-fedora.patch
+Patch2: mt-daapd-svn-1696-check-input.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Url: http://www.fireflymediaserver.org/
 BuildRequires: fedora-usermgmt-devel
@@ -43,6 +44,7 @@
 %setup -q -n mt-daapd-svn-%{svntag}
 %patch0 -p1 -b .defaults
 %patch1 -p1 -b .fedora
+%patch2 -p1 -b .check-input
 
 %build
 %configure --enable-avahi --enable-oggvorbis --enable-sqlite3 --enable-flac
@@ -91,6 +93,9 @@
 %doc AUTHORS COPYING CREDITS INSTALL NEWS README TODO
 
 %changelog
+* Fri Apr 18 2008 W. Michael Petullo <mike[at]flyn.org> - 0.9-0.2.1696
+   - Apply patch by Nico Golde to fix integer overflow, Bugzilla #442688.
+
 * Tue Feb 26 2008 W. Michael Petullo <mike[at]flyn.org> - 0.9-0.1.1696
    - New upstream version.

More information about the scm-commits mailing list