[putty] Fixed integer overflow

Jaroslav Škarvada jskarvad at fedoraproject.org
Mon Aug 5 13:52:07 UTC 2013 

commit 50eac02aaac70866d3b22c9a41e92d74b84976e0
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date:   Mon Aug 5 15:51:57 2013 +0200

    Fixed integer overflow
    
      Resolves: CVE-2013-4852
    - Fixed bogus dates in changelog (best estimated)

 putty-CVE-2013-4852.patch |   43 +++++++++++++++++++++++++++++++++++++++++++
 putty.spec                |   17 ++++++++++++-----
 2 files changed, 55 insertions(+), 5 deletions(-)
---
diff --git a/putty-CVE-2013-4852.patch b/putty-CVE-2013-4852.patch
new file mode 100644
index 0000000..9cc39af
--- /dev/null
+++ b/putty-CVE-2013-4852.patch
@@ -0,0 +1,43 @@
+--- putty/import.c	2013/07/07 14:34:37	9895
++++ putty/import.c	2013/07/08 22:36:04	9896
+@@ -290,7 +290,7 @@
+     if (len < 4)
+         goto error;
+     bytes = GET_32BIT(d);
+-    if (len < 4+bytes)
++    if (bytes < 0 || len-4 < bytes)
+         goto error;
+ 
+     ret->start = d + 4;
+--- putty/sshdss.c	2013/07/07 14:34:37	9895
++++ putty/sshdss.c	2013/07/08 22:36:04	9896
+@@ -43,6 +43,8 @@
+     if (*datalen < 4)
+ 	return;
+     *length = GET_32BIT(*data);
++    if (*length < 0)
++        return;
+     *datalen -= 4;
+     *data += 4;
+     if (*datalen < *length)
+@@ -98,7 +100,7 @@
+     }
+ #endif
+ 
+-    if (!p || memcmp(p, "ssh-dss", 7)) {
++    if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
+ 	sfree(dss);
+ 	return NULL;
+     }
+--- putty/sshrsa.c	2013/07/07 14:34:37	9895
++++ putty/sshrsa.c	2013/07/08 22:36:04	9896
+@@ -526,6 +526,8 @@
+     if (*datalen < 4)
+ 	return;
+     *length = GET_32BIT(*data);
++    if (*length < 0)
++        return;
+     *datalen -= 4;
+     *data += 4;
+     if (*datalen < *length)
+
diff --git a/putty.spec b/putty.spec
index 621eac0..092fa12 100644
--- a/putty.spec
+++ b/putty.spec
@@ -1,6 +1,6 @@
 Name:		putty
 Version:	0.62
-Release:	5%{?dist}
+Release:	6%{?dist}
 Summary:	SSH, Telnet and Rlogin client
 License:	MIT
 Group:		Applications/Internet
@@ -9,6 +9,7 @@ Source0:	http://the.earth.li/~sgtatham/putty/latest/%{name}-%{version}.tar.gz
 Source2:	%{name}.desktop
 # By default create new files as non-executables
 Patch0:		putty-perms.patch
+Patch1:		putty-CVE-2013-4852.patch
 BuildRequires:	gtk2-devel krb5-devel halibut desktop-file-utils
 BuildRequires:	ImageMagick
 
@@ -19,6 +20,7 @@ Putty is a SSH, Telnet & Rlogin client - this time for Linux.
 
 %setup -q
 %patch0 -p1
+%patch1 -p1 -b .CVE-2013-4852
 
 %build
 ./mkfiles.pl
@@ -58,6 +60,11 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon Aug  5 2013 Jaroslav Škarvada <jskarvad at redhat.com> - 0.62-6
+- Fixed integer overflow
+  Resolves: CVE-2013-4852
+- Fixed bogus dates in changelog (best estimated)
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.62-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
@@ -110,7 +117,7 @@ rm -rf $RPM_BUILD_ROOT
 - Macro-ized Source filenames
 - Cleanup of spaces/tabs to eliminate rpmlint warnings
 
-* Mon Aug 27 2006 Michael J. Knox <michael[AT]knox.net.nz> - 0.58-3
+* Sun Aug 27 2006 Michael J. Knox <michael[AT]knox.net.nz> - 0.58-3
 - Rebuild for FC6
 
 * Wed May 03 2006 Michael J. Knox <michael[AT]knox.net.nz> - 0.58-2
@@ -119,13 +126,13 @@ rm -rf $RPM_BUILD_ROOT
 * Tue Apr 19 2005 Adrian Reber <adrian at lisas.de> - 0.58-1
 - Updated to 0.58
 
-* Tue Feb 29 2005 Adrian Reber <adrian at lisas.de> - 0.57-2
+* Tue Mar 01 2005 Adrian Reber <adrian at lisas.de> - 0.57-2
 - fix build with gcc4
 
 * Mon Feb 21 2005 Adrian Reber <adrian at lisas.de> - 0.57-1
 - Updated to 0.57
 
-* Tue Oct 28 2004 Adrian Reber <adrian at lisas.de> - 0.56-0.fdr.1
+* Tue Oct 26 2004 Adrian Reber <adrian at lisas.de> - 0.56-0.fdr.1
 - Updated to 0.56 (bug #2209)
 
 * Fri Aug  6 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.55-0.fdr.2
@@ -134,7 +141,7 @@ rm -rf $RPM_BUILD_ROOT
 * Thu Aug 05 2004 Andreas Pfaffeneder <fedora at zuhause-local.de> 0:0.55.fdr.1
 - Update to 0.55 due to security problem (CORE-2004-0705).
 
-* Mon Nov 18 2003 Andreas Pfaffeneder <fedora at zuhause-local.de> 0:0.0-0.fdr.2.20030821
+* Tue Nov 18 2003 Andreas Pfaffeneder <fedora at zuhause-local.de> 0:0.0-0.fdr.2.20030821
 - Add desktop-file-utils to build requires
 
 * Sun Aug 24 2003 Adrian Reber <adrian at lisas.de> 0:0.0-0.fdr.1.20030821

More information about the scm-commits mailing list