[nut/f16] fix heap-based buffer overflow due improper processing of non-printable

Michal Hlavinka mhlavink at fedoraproject.org
Thu May 31 11:09:37 UTC 2012 

commit b625c15324314769e07637b9176fdc83aefe0cbd
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Thu May 31 13:09:33 2012 +0200

    fix heap-based buffer overflow due improper processing of non-printable
    
      characters in random network data (CVE-2012-2944)

 nut-2.6.3-cve-2012-2944.patch |   16 ++++++++++++++++
 nut.spec                      |    8 +++++++-
 2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/nut-2.6.3-cve-2012-2944.patch b/nut-2.6.3-cve-2012-2944.patch
new file mode 100644
index 0000000..236e811
--- /dev/null
+++ b/nut-2.6.3-cve-2012-2944.patch
@@ -0,0 +1,16 @@
+Index: trunk/common/parseconf.c
+===================================================================
+--- trunk/common/parseconf.c	(revision 3487)
++++ trunk/common/parseconf.c	(revision 3633)
+@@ -171,4 +171,11 @@
+ 
+ 	wbuflen = strlen(ctx->wordbuf);
++
++	/* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
++	if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
++		fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
++				ctx->ch);
++		return;
++	}
+ 
+ 	if (ctx->wordlen_limit != 0) {
diff --git a/nut.spec b/nut.spec
index 2c9c074..36cdbde 100644
--- a/nut.spec
+++ b/nut.spec
@@ -14,7 +14,7 @@
 Summary: Network UPS Tools
 Name: nut
 Version: 2.6.3
-Release: 3%{?dist}
+Release: 4%{?dist}
 Group: Applications/System
 License: GPLv2+
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -24,6 +24,7 @@ Source3: nut-client.tmpfiles
 
 Patch1: nut-2.6.3-fixbuild.patch
 Patch2: nut-2.6.3-tmpfiles.patch
+Patch3: nut-2.6.3-cve-2012-2944.patch
 
 Requires(pre): shadow-utils udev
 Requires(post): fileutils chkconfig 
@@ -113,6 +114,7 @@ necessary to develop NUT client applications.
 %setup -q
 %patch1 -p1 -b .fixbuild
 %patch2 -p1 -b .tmpfiles
+%patch3 -p1 -b .cve-2012-2944
 sed -i 's|=NUT-Monitor|=nut-monitor|'  scripts/python/app/nut-monitor.desktop
 sed -i "s|sys.argv\[0\]|'%{_datadir}/%{name}/nut-monitor/nut-monitor'|" scripts/python/app/NUT-Monitor
 sed -i 's|LIBSSL_LDFLAGS|LIBSSL_LIBS|' lib/libupsclient-config.in
@@ -473,6 +475,10 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/libupsclient.pc
 
 %changelog
+* Thu May 31 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.3-4
+- fix heap-based buffer overflow due improper processing of non-printable 
+  characters in random network data (CVE-2012-2944)
+
 * Mon May 14 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.3-3
 - fix paths, UsrMove happened only in F17+

More information about the scm-commits mailing list