[mongoose/f16] Add upstream patch to fix CVE-2011-2900 (729146)
Rafael Azenha Aquini
aquini at fedoraproject.org
Sat Aug 27 22:10:32 UTC 2011
commit ca592c7df110fec5d2aec0666b645c05f75bbdd7
Author: Rafael Aquini <aquini at redhat.com>
Date: Sat Aug 27 19:01:02 2011 -0300
Add upstream patch to fix CVE-2011-2900 (729146)
mongoose-fix-buffer-overflow-put_dir.patch | 52 ++++++++++++++++++++++++++++
1 files changed, 52 insertions(+), 0 deletions(-)
---
diff --git a/mongoose-fix-buffer-overflow-put_dir.patch b/mongoose-fix-buffer-overflow-put_dir.patch
new file mode 100644
index 0000000..3b8e804
--- /dev/null
+++ b/mongoose-fix-buffer-overflow-put_dir.patch
@@ -0,0 +1,52 @@
+diff -r 983c674b7cfc -r 556f4de91eae mongoose.c
+--- a/mongoose.c Tue Jul 26 00:39:05 2011 +0100
++++ b/mongoose.c Wed Aug 03 11:39:55 2011 +0200
+@@ -3029,26 +3029,31 @@
+ char buf[PATH_MAX];
+ const char *s, *p;
+ struct mgstat st;
+- size_t len;
+-
+- for (s = p = path + 2; (p = strchr(s, '/')) != NULL; s = ++p) {
++ int len, res = 1;
++
++ for (s = p = path + 2; (p = strchr(s, DIRSEP)) != NULL; s = ++p) {
+ len = p - path;
+- assert(len < sizeof(buf));
+- (void) memcpy(buf, path, len);
++ if (len >= (int) sizeof(buf)) {
++ res = -1;
++ break;
++ }
++ memcpy(buf, path, len);
+ buf[len] = '\0';
+
+ // Try to create intermediate directory
++ DEBUG_TRACE(("mkdir(%s)", buf));
+ if (mg_stat(buf, &st) == -1 && mg_mkdir(buf, 0755) != 0) {
+- return -1;
++ res = -1;
++ break;
+ }
+
+ // Is path itself a directory?
+ if (p[1] == '\0') {
+- return 0;
++ res = 0;
+ }
+ }
+
+- return 1;
++ return res;
+ }
+
+ static void put_file(struct mg_connection *conn, const char *path) {
+@@ -3245,7 +3250,7 @@
+ * conn->request_info.query_string++ = '\0';
+ }
+ uri_len = strlen(ri->uri);
+- (void) url_decode(ri->uri, (size_t)uri_len, ri->uri, (size_t)(uri_len + 1), 0);
++ url_decode(ri->uri, (size_t)uri_len, ri->uri, (size_t)(uri_len + 1), 0);
+ remove_double_dots_and_double_slashes(ri->uri);
+ convert_uri_to_file_name(conn, ri->uri, path, sizeof(path));
+
More information about the scm-commits
mailing list