[nut/f16] fix heap-based buffer overflow due improper processing of non-printable
Michal Hlavinka
mhlavink at fedoraproject.org
Thu May 31 11:09:37 UTC 2012
commit b625c15324314769e07637b9176fdc83aefe0cbd
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Thu May 31 13:09:33 2012 +0200
fix heap-based buffer overflow due improper processing of non-printable
characters in random network data (CVE-2012-2944)
nut-2.6.3-cve-2012-2944.patch | 16 ++++++++++++++++
nut.spec | 8 +++++++-
2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/nut-2.6.3-cve-2012-2944.patch b/nut-2.6.3-cve-2012-2944.patch
new file mode 100644
index 0000000..236e811
--- /dev/null
+++ b/nut-2.6.3-cve-2012-2944.patch
@@ -0,0 +1,16 @@
+Index: trunk/common/parseconf.c
+===================================================================
+--- trunk/common/parseconf.c (revision 3487)
++++ trunk/common/parseconf.c (revision 3633)
+@@ -171,4 +171,11 @@
+
+ wbuflen = strlen(ctx->wordbuf);
++
++ /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
++ if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
++ fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
++ ctx->ch);
++ return;
++ }
+
+ if (ctx->wordlen_limit != 0) {
diff --git a/nut.spec b/nut.spec
index 2c9c074..36cdbde 100644
--- a/nut.spec
+++ b/nut.spec
@@ -14,7 +14,7 @@
Summary: Network UPS Tools
Name: nut
Version: 2.6.3
-Release: 3%{?dist}
+Release: 4%{?dist}
Group: Applications/System
License: GPLv2+
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -24,6 +24,7 @@ Source3: nut-client.tmpfiles
Patch1: nut-2.6.3-fixbuild.patch
Patch2: nut-2.6.3-tmpfiles.patch
+Patch3: nut-2.6.3-cve-2012-2944.patch
Requires(pre): shadow-utils udev
Requires(post): fileutils chkconfig
@@ -113,6 +114,7 @@ necessary to develop NUT client applications.
%setup -q
%patch1 -p1 -b .fixbuild
%patch2 -p1 -b .tmpfiles
+%patch3 -p1 -b .cve-2012-2944
sed -i 's|=NUT-Monitor|=nut-monitor|' scripts/python/app/nut-monitor.desktop
sed -i "s|sys.argv\[0\]|'%{_datadir}/%{name}/nut-monitor/nut-monitor'|" scripts/python/app/NUT-Monitor
sed -i 's|LIBSSL_LDFLAGS|LIBSSL_LIBS|' lib/libupsclient-config.in
@@ -473,6 +475,10 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/libupsclient.pc
%changelog
+* Thu May 31 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.3-4
+- fix heap-based buffer overflow due improper processing of non-printable
+ characters in random network data (CVE-2012-2944)
+
* Mon May 14 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.3-3
- fix paths, UsrMove happened only in F17+
More information about the scm-commits
mailing list