[nut/el5] fix heap-based buffer overflow due improper processing of non-printable
Michal Hlavinka
mhlavink at fedoraproject.org
Thu May 31 13:26:32 UTC 2012
commit e09f2a854636be7fb61cc3c4202a467e46459647
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Thu May 31 14:25:04 2012 +0200
fix heap-based buffer overflow due improper processing of non-printable
characters in random network data (CVE-2012-2944)
nut-2.6.3-cve-2012-2944.patch | 16 ++++++++++++++++
nut.spec | 4 ++++
2 files changed, 20 insertions(+), 0 deletions(-)
---
diff --git a/nut-2.6.3-cve-2012-2944.patch b/nut-2.6.3-cve-2012-2944.patch
new file mode 100644
index 0000000..236e811
--- /dev/null
+++ b/nut-2.6.3-cve-2012-2944.patch
@@ -0,0 +1,16 @@
+Index: trunk/common/parseconf.c
+===================================================================
+--- trunk/common/parseconf.c (revision 3487)
++++ trunk/common/parseconf.c (revision 3633)
+@@ -171,4 +171,11 @@
+
+ wbuflen = strlen(ctx->wordbuf);
++
++ /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
++ if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
++ fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
++ ctx->ch);
++ return;
++ }
+
+ if (ctx->wordlen_limit != 0) {
diff --git a/nut.spec b/nut.spec
index cf3602f..741811f 100644
--- a/nut.spec
+++ b/nut.spec
@@ -314,6 +314,10 @@ udevadm control --reload ||:
%{_libdir}/pkgconfig/libupsclient.pc
%changelog
+* Thu May 31 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.2.2-2
+- fix heap-based buffer overflow due improper processing of non-printable
+ characters in random network data (CVE-2012-2944)
+
* Mon Apr 30 2012 Michal Hlavinka <mhlavink at redhat.com> 2.2.2-1
- reload udev rules after instalation
More information about the scm-commits
mailing list