rpms/memcached/F-11 memcached-1.2.8_proper_vlen_fix.patch, NONE, 1.1 memcached.spec, 1.15, 1.16
Paul Lindner
plindner at fedoraproject.org
Tue Dec 1 09:19:28 UTC 2009
- Previous message: rpms/etoys/F-11 .cvsignore, 1.10, 1.11 etoys.spec, 1.11, 1.12 sources, 1.10, 1.11
- Next message: rpms/olpc-library/F-11 .cvsignore, 1.2, 1.3 olpc-library.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: plindner
Update of /cvs/pkgs/rpms/memcached/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28617
Modified Files:
memcached.spec
Added Files:
memcached-1.2.8_proper_vlen_fix.patch
Log Message:
CVE-2009-2415, Resolve 542058
memcached-1.2.8_proper_vlen_fix.patch:
memcached.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- NEW FILE memcached-1.2.8_proper_vlen_fix.patch ---
diff --git a/memcached.c b/memcached.c
index 097588a..cbbbf48 100644
--- a/memcached.c
+++ b/memcached.c
@@ -1388,7 +1388,7 @@ static void process_update_command(conn *c, token_t *tokens, const size_t ntoken
flags = strtoul(tokens[2].value, NULL, 10);
exptime = strtol(tokens[3].value, NULL, 10);
- vlen = strtol(tokens[4].value, NULL, 10);
+ vlen = strtol(tokens[4].value, NULL, 10) + 2;
// does cas value exist?
if(handle_cas)
@@ -1397,7 +1397,7 @@ static void process_update_command(conn *c, token_t *tokens, const size_t ntoken
}
if(errno == ERANGE || ((flags == 0 || exptime == 0) && errno == EINVAL)
- || vlen < 0) {
+ || vlen < 0 || vlen - 2 < 0) {
out_string(c, "CLIENT_ERROR bad command line format");
return;
}
@@ -1406,16 +1406,16 @@ static void process_update_command(conn *c, token_t *tokens, const size_t ntoken
stats_prefix_record_set(key);
}
- it = item_alloc(key, nkey, flags, realtime(exptime), vlen+2);
+ it = item_alloc(key, nkey, flags, realtime(exptime), vlen);
if (it == 0) {
- if (! item_size_ok(nkey, flags, vlen + 2))
+ if (! item_size_ok(nkey, flags, vlen))
out_string(c, "SERVER_ERROR object too large for cache");
else
out_string(c, "SERVER_ERROR out of memory storing object");
/* swallow the data line */
c->write_and_go = conn_swallow;
- c->sbytes = vlen + 2;
+ c->sbytes = vlen;
/* Avoid stale data persisting in cache because we failed alloc.
* Unacceptable for SET. Anywhere else too? */
Index: memcached.spec
===================================================================
RCS file: /cvs/pkgs/rpms/memcached/F-11/memcached.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -p -r1.15 -r1.16
--- memcached.spec 30 Apr 2009 13:06:52 -0000 1.15
+++ memcached.spec 1 Dec 2009 09:19:28 -0000 1.16
@@ -7,7 +7,7 @@
Name: memcached
Version: 1.2.8
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: High Performance, Distributed Memory Object Cache
Group: System Environment/Daemons
@@ -18,6 +18,9 @@ Source0: http://www.danga.com/mem
# custom init script
Source1: memcached.sysv
+# Patch
+Patch: http://consoleninja.net/code/memcached/memcached-1.2.8_proper_vlen_fix.patch
+
# SELinux files
Source10: %{modulename}.te
Source11: %{modulename}.fc
@@ -63,7 +66,7 @@ SELinux policy module supporting memcach
mkdir SELinux
cp -p %{SOURCE10} %{SOURCE11} %{SOURCE12} SELinux/
-
+%patch -p1
%build
%configure --enable-threads
@@ -196,6 +199,11 @@ fi
%changelog
+* Tue Dec 1 2009 Paul Lindner <lindner at mirth.inuus.com> - 1.2.8-2
+- Apply patch memcached-1.2.8_proper_vlen_fix.patch
+- Addresses CVE-2009-2415
+- Resolves 542058
+
* Wed Apr 29 2009 Paul Lindner <lindner at inuus.com> - 1.2.8-1
- Upgrade to memcached-1.2.8
- Addresses CVE-2009-1255
- Previous message: rpms/etoys/F-11 .cvsignore, 1.10, 1.11 etoys.spec, 1.11, 1.12 sources, 1.10, 1.11
- Next message: rpms/olpc-library/F-11 .cvsignore, 1.2, 1.3 olpc-library.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list