rpms/libsilc/devel silc-toolkit-1.1.8-CVE-2008-7160.patch, NONE, 1.1 libsilc.spec, 1.29, 1.30
Stu Tomlinson
nosnilmot at fedoraproject.org
Fri Sep 4 16:50:19 UTC 2009
- Previous message: rpms/bluez/devel .cvsignore, 1.45, 1.46 bluez.spec, 1.94, 1.95 sources, 1.45, 1.46
- Next message: rpms/libsilc/F-10 silc-toolkit-1.1.8-CVE-2008-7160.patch, NONE, 1.1 libsilc.spec, 1.26, 1.27
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nosnilmot
Update of /cvs/pkgs/rpms/libsilc/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28981/devel
Modified Files:
libsilc.spec
Added Files:
silc-toolkit-1.1.8-CVE-2008-7160.patch
Log Message:
- Backport patch to fix stack corruption (CVE-2008-7160) (#521256)
silc-toolkit-1.1.8-CVE-2008-7160.patch:
silchttpserver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE silc-toolkit-1.1.8-CVE-2008-7160.patch ---
From: Kp <kp at valhallalegends.com>
Date: Sat, 13 Dec 2008 03:38:54 +0000 (-0600)
Subject: HTTP: fix stack overwrite due to format string error.
X-Git-Tag: silc.server.1.1.15~6^2~8
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=b2b91b074b6701455053425b583a6fd0beedc8cc
HTTP: fix stack overwrite due to format string error.
On AMD64, %lu refers to a 64-bit unsigned value, but the address passed
to sscanf points to a 32-bit unsigned value. This causes an adjoining
value on the stack to be overwritten with data from the converted
integer. Fix the format string to match the size of the supplied value,
and remove the pointer cast.
---
diff --git a/lib/silchttp/silchttpserver.c b/lib/silchttp/silchttpserver.c
index cd94c40..e83d2f3 100644
--- a/lib/silchttp/silchttpserver.c
+++ b/lib/silchttp/silchttpserver.c
@@ -194,7 +194,7 @@ static SilcBool silc_http_server_parse(SilcHttpServer httpd,
/* Check we have received all data */
cl = silc_mime_get_field(conn->curheaders, "Content-Length");
- if (cl && sscanf(cl, "%lu", (unsigned long *)&cll) == 1) {
+ if (cl && sscanf(cl, "%u", &cll) == 1) {
if (data_len < cll) {
/* More data to come */
silc_mime_free(conn->curheaders);
Index: libsilc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libsilc/devel/libsilc.spec,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -p -r1.29 -r1.30
--- libsilc.spec 4 Sep 2009 14:38:01 -0000 1.29
+++ libsilc.spec 4 Sep 2009 16:50:18 -0000 1.30
@@ -1,7 +1,7 @@
Summary: SILC Client Library
Name: libsilc
Version: 1.1.8
-Release: 6%{dist}
+Release: 7%{dist}
License: GPLv2 or BSD
Group: System Environment/Libraries
URL: http://www.silcnet.org/
@@ -12,6 +12,7 @@ Patch2: silc-toolkit-1.1.5-docinst.patc
Patch3: silc-toolkit-1.1.8-libtool.patch
Patch4: silc-toolkit-1.1.8-stringformat.patch
Patch5: silc-toolkit-1.1.8-stringformat2.patch
+Patch6: silc-toolkit-1.1.8-CVE-2008-7160.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: libidn-devel
BuildRequires: libtool, autoconf, automake
@@ -48,6 +49,7 @@ applications.
%patch3 -p1 -b .libtool
%patch4 -p1 -b .stringformat
%patch5 -p1 -b .stringformat2
+%patch6 -p1 -b .CVE-2008-7160
# filter out libsilc module SONAME Provides (#245323)
cat << \EOF > %{name}-prov
@@ -137,6 +139,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri Sep 04 2009 Stu Tomlinson <stu at nosnilmot.com> 1.1.8-7
+- Backport patch to fix stack corruption (CVE-2008-7160) (#521256)
+
* Fri Sep 04 2009 Stu Tomlinson <stu at nosnilmot.com> 1.1.8-6
- Backport patch to fix additional string format vulnerabilities (#515648)
- Previous message: rpms/bluez/devel .cvsignore, 1.45, 1.46 bluez.spec, 1.94, 1.95 sources, 1.45, 1.46
- Next message: rpms/libsilc/F-10 silc-toolkit-1.1.8-CVE-2008-7160.patch, NONE, 1.1 libsilc.spec, 1.26, 1.27
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list