[nut/f17] fix heap-based buffer overflow due improper processing of non-printable
Michal Hlavinka
mhlavink at fedoraproject.org
Thu May 31 10:46:22 UTC 2012
commit 52ee1d5ab79e732894dd3ebe9593b89cf5b54eba
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Thu May 31 12:46:18 2012 +0200
fix heap-based buffer overflow due improper processing of non-printable
characters in random network data (CVE-2012-2944)
nut-2.6.3-cve-2012-2944.patch | 16 ++++++++++++++++
nut.spec | 9 +++++++--
2 files changed, 23 insertions(+), 2 deletions(-)
---
diff --git a/nut-2.6.3-cve-2012-2944.patch b/nut-2.6.3-cve-2012-2944.patch
new file mode 100644
index 0000000..236e811
--- /dev/null
+++ b/nut-2.6.3-cve-2012-2944.patch
@@ -0,0 +1,16 @@
+Index: trunk/common/parseconf.c
+===================================================================
+--- trunk/common/parseconf.c (revision 3487)
++++ trunk/common/parseconf.c (revision 3633)
+@@ -171,4 +171,11 @@
+
+ wbuflen = strlen(ctx->wordbuf);
++
++ /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
++ if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
++ fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
++ ctx->ch);
++ return;
++ }
+
+ if (ctx->wordlen_limit != 0) {
diff --git a/nut.spec b/nut.spec
index 9a03727..a16ff9a 100644
--- a/nut.spec
+++ b/nut.spec
@@ -14,14 +14,14 @@
Summary: Network UPS Tools
Name: nut
Version: 2.6.3
-Release: 3%{?dist}
+Release: 4%{?dist}
Group: Applications/System
License: GPLv2+
-Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Url: http://www.networkupstools.org/
Source: http://www.networkupstools.org/source/2.6/%{name}-%{version}.tar.gz
Source3: nut-client.tmpfiles
Patch1: nut-2.6.3-tmpfiles.patch
+Patch2: nut-2.6.3-cve-2012-2944.patch
Requires(pre): shadow-utils udev
Requires(post): fileutils chkconfig
@@ -110,6 +110,7 @@ necessary to develop NUT client applications.
%prep
%setup -q
%patch1 -p1 -b .tmpfiles
+%patch2 -p1 -b .cve-2012-2944
sed -i 's|=NUT-Monitor|=nut-monitor|' scripts/python/app/nut-monitor.desktop
sed -i "s|sys.argv\[0\]|'%{_datadir}/%{name}/nut-monitor/nut-monitor'|" scripts/python/app/NUT-Monitor
sed -i 's|LIBSSL_LDFLAGS|LIBSSL_LIBS|' lib/libupsclient-config.in
@@ -483,6 +484,10 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/libnutscan.pc
%changelog
+* Thu May 31 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.3-3
+- fix heap-based buffer overflow due improper processing of non-printable
+ characters in random network data (CVE-2012-2944)
+
* Mon May 28 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.3-3
- bump release nubmer to fix upgrade path
More information about the scm-commits
mailing list