[rrdtool] Added imginfo format check
Jaroslav Škarvada
jskarvad at fedoraproject.org
Fri Jun 7 08:12:15 UTC 2013
commit f04c66a1c904411b0459b8e6b55ff6c41803cd0c
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date: Fri Jun 7 10:11:59 2013 +0200
Added imginfo format check
Resolves: CVE-2013-2131
rrdtool-1.4.8-imginfo-check.patch | 68 +++++++++++++++++++++++++++++++++++++
rrdtool.spec | 9 ++++-
2 files changed, 76 insertions(+), 1 deletions(-)
---
diff --git a/rrdtool-1.4.8-imginfo-check.patch b/rrdtool-1.4.8-imginfo-check.patch
new file mode 100644
index 0000000..cd7d104
--- /dev/null
+++ b/rrdtool-1.4.8-imginfo-check.patch
@@ -0,0 +1,68 @@
+diff -up rrdtool-1.4.8/src/rrd_graph.c.orig2 rrdtool-1.4.8/src/rrd_graph.c
+--- rrdtool-1.4.8/src/rrd_graph.c.orig2 2013-05-23 09:55:07.000000000 +0200
++++ rrdtool-1.4.8/src/rrd_graph.c 2013-06-03 15:56:35.820593192 +0200
+@@ -4022,6 +4022,12 @@ rrd_info_t *rrd_graph_v(
+ char *path;
+ char *filename;
+
++ if (bad_format_imginfo(im.imginfo)) {
++ rrd_info_free(im.grinfo);
++ im_free(&im);
++ rrd_set_error("bad format for imginfo");
++ return NULL;
++ }
+ path = strdup(im.graphfile);
+ filename = basename(path);
+ info.u_str =
+@@ -4827,6 +4833,51 @@ int bad_format(
+ }
+
+
++int bad_format_imginfo(
++ char *fmt)
++{
++ char *ptr;
++ int n = 0;
++
++ ptr = fmt;
++ while (*ptr != '\0')
++ if (*ptr++ == '%') {
++
++ /* line cannot end with percent char */
++ if (*ptr == '\0')
++ return 1;
++ /* '%%' is allowed */
++ if (*ptr == '%')
++ ptr++;
++ /* '%s', '%S' are allowed */
++ else if (*ptr == 's' || *ptr == 'S') {
++ n = 1;
++ ptr++;
++ }
++
++ /* or else '% 4lu' and such are allowed */
++ else {
++ /* optional padding character */
++ if (*ptr == ' ')
++ ptr++;
++ /* This should take care of 'm' */
++ while (*ptr >= '0' && *ptr <= '9')
++ ptr++;
++ /* 'lu' must follow here */
++ if (*ptr++ != 'l')
++ return 1;
++ if (*ptr == 'u')
++ ptr++;
++ else
++ return 1;
++ n++;
++ }
++ }
++
++ return (n != 3);
++}
++
++
+ int vdef_parse(
+ struct graph_desc_t
+ *gdes,
diff --git a/rrdtool.spec b/rrdtool.spec
index 0092b9c..4213d0c 100644
--- a/rrdtool.spec
+++ b/rrdtool.spec
@@ -18,7 +18,7 @@
Summary: Round Robin Database Tool to store and display time-series data
Name: rrdtool
Version: 1.4.8
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+ with exceptions
Group: Applications/Databases
URL: http://oss.oetiker.ch/rrdtool/
@@ -31,6 +31,8 @@ Patch2: rrdtool-1.4.7-ruby-2-fix.patch
Patch3: rrdtool-1.4.7-php55.patch
Patch4: rrdtool-1.4.7-autoconf-fix.patch
Patch5: rrdtool-1.4.7-lua-5.2.patch
+# patch merged upstream, http://github.com/oetiker/rrdtool-1.x/pull/397
+Patch6: rrdtool-1.4.8-imginfo-check.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: dejavu-sans-mono-fonts
@@ -173,6 +175,7 @@ The %{name}-lua package includes RRDtool bindings for Lua.
%patch2 -p1 -b .ruby-2-fix
%patch4 -p1 -b .autoconf-fix
%patch5 -p1 -b .lua-52
+%patch6 -p1 -b .imginfo-check
# Fix to find correct python dir on lib64
%{__perl} -pi -e 's|get_python_lib\(0,0,prefix|get_python_lib\(1,0,prefix|g' \
@@ -386,6 +389,10 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} php -n \
%endif
%changelog
+* Fri Jun 7 2013 Jaroslav Škarvada <jskarvad at redhat.com> - 1.4.8-2
+- Added imginfo format check
+ Resolves: CVE-2013-2131
+
* Thu May 23 2013 Jaroslav Škarvada <jskarvad at redhat.com> - 1.4.8-1
- New version
Resolves: rhbz#966639
More information about the scm-commits
mailing list