[firebird/el5] security fix firebird CORE-4630
Philippe Makowski
makowski at fedoraproject.org
Sun Dec 7 17:58:45 UTC 2014
commit 5a4b428ab74a26a91cb6e20d670ec4ff80cb23b8
Author: Philippe Makowski <pmakowski at espelida.com>
Date: Sun Dec 7 18:58:23 2014 +0100
security fix firebird CORE-4630
firebird.spec | 8 +++++-
firebird_fix_CORE-4630.patch | 44 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 50 insertions(+), 2 deletions(-)
---
diff --git a/firebird.spec b/firebird.spec
index a0eef79..36a5099 100644
--- a/firebird.spec
+++ b/firebird.spec
@@ -6,7 +6,7 @@
Summary: SQL relational database management system
Name: firebird
Version: 2.1.5.18496.0
-Release: 4%{?dist}
+Release: 5%{?dist}
Group: Applications/Databases
License: Interbase
@@ -21,7 +21,7 @@ Patch0: firebird-mcpu-to-mtune.patch
Patch2: firebird-fix-initscript.patch
Patch3: firebird_lock-file-location.patch
Patch4: firebird-2.1.6-svn-CORE-4058.patch
-
+Patch5: firebird_fix_CORE-4630.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -130,6 +130,7 @@ iconv -f ISO-8859-1 -t utf-8 -c ./doc/README.intl -o ./doc/README.intl
%patch0
%patch3
%patch4
+%patch5 -p0
%build
@@ -535,6 +536,9 @@ fi
%changelog
+* Sun Dec 7 2014 Philippe Makowski <makowski at fedoraproject.org> 2.1.5.18496.0-5
+- security fix firebird CORE-4630
+
* Sun Mar 10 2013 Philippe Makowski <makowski at fedoraproject.org> 2.1.5.18496.0-4
- added patch from upstream to fix Firebird CORE-4058 CVE-2013-2492
diff --git a/firebird_fix_CORE-4630.patch b/firebird_fix_CORE-4630.patch
new file mode 100644
index 0000000..a77a592
--- /dev/null
+++ b/firebird_fix_CORE-4630.patch
@@ -0,0 +1,44 @@
+Index: src/remote/protocol.cpp
+===================================================================
+--- src/remote/protocol.cpp (.../R2_1_6) (révision 60344)
++++ src/remote/protocol.cpp (.../R2_1_7) (révision 60344)
+@@ -442,6 +442,8 @@
+ reinterpret_cast<SSHORT&>(response->p_resp_object));
+ MAP(xdr_quad, response->p_resp_blob_id);
+ MAP(xdr_cstring, response->p_resp_data);
++ if (!response->p_resp_status_vector) // incorrectly called - packet not prepared
++ return P_FALSE(xdrs, p);
+ return xdr_status_vector(xdrs, response->p_resp_status_vector,
+ reinterpret_cast<char**>(response->p_resp_strings))
+ ? P_TRUE(xdrs, p) : P_FALSE(xdrs, p);
+@@ -1832,7 +1834,11 @@
+ return TRUE;
+ }
+
++ ISC_STATUS* const vec_end = &vector[ISC_STATUS_LENGTH];
++
+ while (true) {
++ if (vector >= vec_end)
++ return FALSE;
+ if (xdrs->x_op == XDR_ENCODE)
+ vec = (SLONG) * vector++;
+ if (!xdr_long(xdrs, &vec))
+@@ -1845,6 +1851,8 @@
+
+ case isc_arg_interpreted:
+ case isc_arg_string:
++ if (vector >= vec_end)
++ return FALSE;
+ if (xdrs->x_op == XDR_ENCODE) {
+ if (!xdr_wrapstring(xdrs, reinterpret_cast<SCHAR**>(vector++)))
+ return FALSE;
+@@ -1873,6 +1881,8 @@
+
+ case isc_arg_number:
+ default:
++ if (vector >= vec_end)
++ return FALSE;
+ if (xdrs->x_op == XDR_ENCODE)
+ vec = (SLONG) * vector++;
+ if (!xdr_long(xdrs, &vec))
+
More information about the scm-commits
mailing list