[nut/f17] fix heap-based buffer overflow due improper processing of non-printable

Michal Hlavinka mhlavink at fedoraproject.org
Thu May 31 10:46:22 UTC 2012 

commit 52ee1d5ab79e732894dd3ebe9593b89cf5b54eba
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Thu May 31 12:46:18 2012 +0200

    fix heap-based buffer overflow due improper processing of non-printable
    
      characters in random network data (CVE-2012-2944)

 nut-2.6.3-cve-2012-2944.patch |   16 ++++++++++++++++
 nut.spec                      |    9 +++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)
---
diff --git a/nut-2.6.3-cve-2012-2944.patch b/nut-2.6.3-cve-2012-2944.patch
new file mode 100644
index 0000000..236e811
--- /dev/null
+++ b/nut-2.6.3-cve-2012-2944.patch
@@ -0,0 +1,16 @@
+Index: trunk/common/parseconf.c
+===================================================================
+--- trunk/common/parseconf.c	(revision 3487)
++++ trunk/common/parseconf.c	(revision 3633)
+@@ -171,4 +171,11 @@
+ 
+ 	wbuflen = strlen(ctx->wordbuf);
++
++	/* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
++	if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
++		fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
++				ctx->ch);
++		return;
++	}
+ 
+ 	if (ctx->wordlen_limit != 0) {
diff --git a/nut.spec b/nut.spec
index 9a03727..a16ff9a 100644
--- a/nut.spec
+++ b/nut.spec
@@ -14,14 +14,14 @@
 Summary: Network UPS Tools
 Name: nut
 Version: 2.6.3
-Release: 3%{?dist}
+Release: 4%{?dist}
 Group: Applications/System
 License: GPLv2+
-Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Url: http://www.networkupstools.org/
 Source: http://www.networkupstools.org/source/2.6/%{name}-%{version}.tar.gz
 Source3: nut-client.tmpfiles
 Patch1: nut-2.6.3-tmpfiles.patch
+Patch2: nut-2.6.3-cve-2012-2944.patch
 
 Requires(pre): shadow-utils udev
 Requires(post): fileutils chkconfig 
@@ -110,6 +110,7 @@ necessary to develop NUT client applications.
 %prep
 %setup -q
 %patch1 -p1 -b .tmpfiles
+%patch2 -p1 -b .cve-2012-2944
 sed -i 's|=NUT-Monitor|=nut-monitor|'  scripts/python/app/nut-monitor.desktop
 sed -i "s|sys.argv\[0\]|'%{_datadir}/%{name}/nut-monitor/nut-monitor'|" scripts/python/app/NUT-Monitor
 sed -i 's|LIBSSL_LDFLAGS|LIBSSL_LIBS|' lib/libupsclient-config.in
@@ -483,6 +484,10 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/libnutscan.pc
 
 %changelog
+* Thu May 31 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.3-3
+- fix heap-based buffer overflow due improper processing of non-printable 
+  characters in random network data (CVE-2012-2944)
+
 * Mon May 28 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.3-3
 - bump release nubmer to fix upgrade path

More information about the scm-commits mailing list