[radvd/f14] fixes CVE-2011-3602

Jiri Skala jskala at fedoraproject.org
Mon Oct 10 13:04:11 UTC 2011 

commit 89931313cd56ccb4c35cb0d2ce3ef8758eeca87e
Author: Jiri Skala <jskala at redhat.com>
Date:   Mon Oct 10 15:04:08 2011 +0200

    fixes CVE-2011-3602

 radvd-1.8.2-iface.patch |   12 ++++++++++++
 radvd.spec              |    9 ++++++++-
 2 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/radvd-1.8.2-iface.patch b/radvd-1.8.2-iface.patch
new file mode 100644
index 0000000..c1ed9d3
--- /dev/null
+++ b/radvd-1.8.2-iface.patch
@@ -0,0 +1,12 @@
+diff -up radvd-1.8.2/device-linux.c.iface radvd-1.8.2/device-linux.c
+--- radvd-1.8.2/device-linux.c.iface	2011-10-10 10:26:47.089760082 +0200
++++ radvd-1.8.2/device-linux.c	2011-10-10 10:27:12.149014098 +0200
+@@ -244,7 +244,7 @@ set_interface_var(const char *iface,
+ 		return -1;
+ 
+ 	/* No path traversal */
+-	if (strstr(name, "..") || strchr(name, '/'))
++	if (!iface[0] || !strcmp(iface, ".") || !strcmp(iface, "..") || strchr(iface, '/'))
+ 		return -1;
+ 
+ 	if (access(spath, F_OK) != 0)
diff --git a/radvd.spec b/radvd.spec
index 22eda58..c63a52b 100644
--- a/radvd.spec
+++ b/radvd.spec
@@ -5,7 +5,7 @@
 Summary:    A Router Advertisement daemon
 Name:       radvd
 Version:    1.8.2
-Release:    1%{?dist}
+Release:    2%{?dist}
 # The code includes the advertising clause, so it's GPL-incompatible
 License:    BSD with advertising
 Group:      System Environment/Daemons
@@ -19,6 +19,8 @@ Requires(pre):      /usr/sbin/useradd
 BuildRequires:      flex, byacc
 BuildRoot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
+Patch1: radvd-1.8.2-iface.patch
+
 %description
 radvd is the router advertisement daemon for IPv6.  It listens to router
 solicitations and sends router advertisements as described in "Neighbor
@@ -33,6 +35,8 @@ services.
 %prep
 %setup -q
 
+%patch1 -p1 -b .iface
+
 %build
 export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -fPIE" 
 export LDFLAGS='-pie -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen'
@@ -92,6 +96,9 @@ exit 0
 %{_sbindir}/radvdump
 
 %changelog
+* Mon Oct 10 2011 Jiri Skala <jskala at redhat.com> - 1.8.2-2
+- fixes CVE-2011-3602
+
 * Fri Oct 07 2011 Jiri Skala <jskala at redhat.com> - 1.8.2-1
 - update to latest upstream version 1.8.2
 - this update fixes CVE-2011-360{1..5}

More information about the scm-commits mailing list