[smokeping] Add patch to fix CVE-2012-0790 (#783584)

terjeros terjeros at fedoraproject.org
Sun Jan 22 14:52:50 UTC 2012 

commit f913bd6aeb0effb0e138be4206064412f5e32915
Author: Terje Røsten <terje.rosten at ntnu.no>
Date:   Sun Jan 22 15:52:46 2012 +0100

    Add patch to fix CVE-2012-0790 (#783584)

 smokeping-2.4.2-cve-2012-0790.patch |   68 +++++++++++++++++++++++++++++++++++
 smokeping.spec                      |    7 +++-
 2 files changed, 74 insertions(+), 1 deletions(-)
---
diff --git a/smokeping-2.4.2-cve-2012-0790.patch b/smokeping-2.4.2-cve-2012-0790.patch
new file mode 100644
index 0000000..5923a70
--- /dev/null
+++ b/smokeping-2.4.2-cve-2012-0790.patch
@@ -0,0 +1,68 @@
+--- smokeping-2.6.6/lib/Smokeping.pm	2011-11-12 04:00:24.000000000 -0700
++++ smokeping-2.6.6/lib/Smokeping.pm	2012-01-11 01:48:43.000000000 -0700
+@@ -168,8 +168,10 @@ sub cgiurl {
+ sub hierarchy ($){
+     my $q = shift;
+     my $hierarchy = '';
++    my $h = $q->param('hierarchy');
+     if ($q->param('hierarchy')){
+-       $hierarchy = 'hierarchy='.$q->param('hierarchy').';';
++       $h =~ s/[<>&%]/./g;
++       $hierarchy = 'hierarchy='.$h.';';
+     }; 
+     return $hierarchy;
+ }        
+@@ -210,6 +212,7 @@ sub update_dynaddr ($$){
+     my $address = $ENV{REMOTE_ADDR};
+     my $targetptr = $cfg->{Targets};
+     foreach my $step (@target){
++        $step =~ s/[<>&%]/./g; 
+         return "Error: Unknown target $step" 
+           unless defined $targetptr->{$step};
+         $targetptr =  $targetptr->{$step};
+@@ -1044,7 +1047,7 @@ sub get_detail ($$$$;$){
+     my $tree = shift;
+     my $open = shift;
+     my $mode = shift || $q->param('displaymode') || 's';
+-    
++    $mode =~ s/[<>&%]/./g; 
+     my $phys_tree = $tree;
+     my $phys_open = $open;    
+     if ($tree->{__tree_link}){
+@@ -1443,13 +1446,15 @@ sub get_detail ($$$$;$){
+         } elsif ($mode eq 's') { # classic mode
+             $startstr =~ s/\s/%20/g;
+             $endstr =~ s/\s/%20/g;
++            my $t = $q->param('target');
++            $t =~ s/[<>&%]/./g; 
+             for my $slave (@slaves){
+                 my $s = $slave ? "~$slave" : "";
+                 $page .= "<div>";
+ #           $page .= (time-$timer_start)."<br/>";
+ #           $page .= join " ",map {"'$_'"} @task;
+                 $page .= "<br/>";
+-                $page .= ( qq{<a href="}.cgiurl($q,$cfg)."?".hierarchy($q).qq{displaymode=n;start=$startstr;end=now;}."target=".$q->param('target').$s.'">'
++                $page .= ( qq{<a href="}.cgiurl($q,$cfg)."?".hierarchy($q).qq{displaymode=n;start=$startstr;end=now;}."target=".$t.$s.'">'
+                       . qq{<IMG BORDER="0" SRC="${imghref}${s}_${end}_${start}.png">}."</a>" ); #"
+                 $page .= "</div>";
+             }
+@@ -1593,8 +1598,10 @@ sub display_webpage($$){
+     my $cfg = shift;
+     my $q = shift;
+     my $targ = '';
+-    if ( $q->param('target') and $q->param('target') !~ /\.\./ and $q->param('target') =~ /(\S+)/){
++    my $t = $q->param('target');
++    if ( $t and $t !~ /\.\./ and $t =~ /(\S+)/){
+         $targ = $1;
++        $targ =~ s/[<>;%]/./g;
+     }
+     my ($path,$slave) = split(/~/,$targ);
+     if ($slave and $slave =~ /(\S+)/){
+@@ -1603,6 +1610,7 @@ sub display_webpage($$){
+         $slave = $1;
+     }
+     my $hierarchy = $q->param('hierarchy');
++    $hierarchy =~ s/[<>;%]/./g;
+     die "ERROR: unknown hierarchy $hierarchy\n" 
+ 	if $hierarchy and not $cfg->{Presentation}{hierarchies}{$hierarchy};
+     my $open = [ (split /\./,$path||'') ];
diff --git a/smokeping.spec b/smokeping.spec
index 31b8994..04dd087 100644
--- a/smokeping.spec
+++ b/smokeping.spec
@@ -7,7 +7,7 @@
 Summary:          Latency Logging and Graphing System
 Name:             smokeping
 Version:          2.4.2
-Release:          15%{?dist}
+Release:          16%{?dist}
 License:          GPLv2+
 Group:            Applications/Internet
 URL:              http://oss.oetiker.ch/smokeping/
@@ -24,6 +24,7 @@ Patch2:           smokeping-2.4.2-tr.patch
 Patch3:           smokeping-2.3.5-silence.patch
 Patch4:           smokeping-2.4.2-jsonrpc-strict.patch
 Patch5:           smokeping-2.4.2-scriptname.patch
+Patch6:           smokeping-2.4.2-cve-2012-0790.patch
 BuildRequires:    glibc-common
 BuildRequires:    systemd-units
 Requires:         perl >= 5.6.1 
@@ -53,6 +54,7 @@ which presents the graphs.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %{__install} -p -m 0644 %{SOURCE5} . 
 iconv -f ISO-8859-1 -t utf-8 -o CHANGES.utf8 CHANGES
@@ -151,6 +153,9 @@ fi
 %attr(0755, apache, root) %{_localstatedir}/lib/%{name}/images
 
 %changelog
+* Sun Jan 22 2012 Terje Rosten <terje.rosten at ntnu.no> - 2.4.2-16
+- Add patch to fix CVE-2012-0790 (#783584)
+
 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.2-15
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

More information about the scm-commits mailing list