[libsoup/f14] Add patch for CVE-2011-2524
Dan Winship
danw at fedoraproject.org
Thu Jul 28 18:37:26 UTC 2011
commit b4bd405fcf0535bffe037d699de78fe422693752
Author: Dan Winship <danw at gnome.org>
Date: Thu Jul 28 14:36:55 2011 -0400
Add patch for CVE-2011-2524
libsoup-CVE-2011-2524.patch | 38 ++++++++++++++++++++++++++++++++++++++
libsoup.spec | 8 +++++++-
2 files changed, 45 insertions(+), 1 deletions(-)
---
diff --git a/libsoup-CVE-2011-2524.patch b/libsoup-CVE-2011-2524.patch
new file mode 100644
index 0000000..9dbba5b
--- /dev/null
+++ b/libsoup-CVE-2011-2524.patch
@@ -0,0 +1,38 @@
+From cbeeb7a0f7f0e8b16f2d382157496f9100218dea Mon Sep 17 00:00:00 2001
+From: Dan Winship <danw at gnome.org>
+Date: Wed, 29 Jun 2011 10:04:06 -0400
+Subject: [PATCH 1/2] SoupServer: fix to not allow smuggling ".." into path
+
+When SoupServer:raw-paths was set (the default), it was possible to
+sneak ".." segments into the path passed to the SoupServerHandler,
+which could then end up tricking some handlers into retrieving
+arbitrary files from the filesystem. Fix that.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=653258
+---
+ libsoup/soup-server.c | 9 +++++++++
+ 1 files changed, 9 insertions(+), 0 deletions(-)
+
+diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c
+index d56efd1..7225337 100644
+--- a/libsoup/soup-server.c
++++ b/libsoup/soup-server.c
+@@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClientContext *client)
+
+ uri = soup_message_get_uri (req);
+ decoded_path = soup_uri_decode (uri->path);
++
++ if (strstr (decoded_path, "/../") ||
++ g_str_has_suffix (decoded_path, "/..")) {
++ /* Introducing new ".." segments is not allowed */
++ g_free (decoded_path);
++ soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST);
++ return;
++ }
++
+ soup_uri_set_path (uri, decoded_path);
+ g_free (decoded_path);
+ }
+--
+1.7.6
+
diff --git a/libsoup.spec b/libsoup.spec
index 7cd8858..a02dedb 100644
--- a/libsoup.spec
+++ b/libsoup.spec
@@ -4,7 +4,7 @@
Name: libsoup
Version: 2.32.2
-Release: 1%{?dist}
+Release: 2%{?dist}
License: LGPLv2
Group: Development/Libraries
Summary: Soup, an HTTP library implementation
@@ -27,6 +27,8 @@ BuildRequires: gnome-keyring-devel
Patch0: goi-build.patch
BuildRequires: autoconf automake libtool
+Patch1: libsoup-CVE-2011-2524.patch
+
%description
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
@@ -53,6 +55,7 @@ you to develop applications that use the libsoup library.
%prep
%setup -q
%patch0 -p1 -b .goi-build
+%patch1 -p1 -b .cve-2011-2524
autoreconf -i -f
@@ -94,6 +97,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/gtk-doc/html/%{name}-2.4
%changelog
+* Thu Jul 28 2011 Dan Winship <danw at redhat.com> - 2.32.2-2
+- Add patch for CVE-2011-2524
+
* Thu Dec 2 2010 Dan Winship <danw at redhat.com> - 2.32.2-1
- Update to 2.32.2
More information about the scm-commits
mailing list