Archives
Archives
| From: | "Michael Weber (xmw)" <xmw@g.o> |
|---|---|
| To: | gentoo-commits@l.g.o |
| Subject: | [gentoo-commits] gentoo-x86 commit in sys-power/nut/files: nut-2.6.3-CVE-2012-2944.patch |
| Date: | Sat, 02 Jun 2012 18:04:59 |
| Message-Id: | 20120602180448.DF45B20033@flycatcher.gentoo.org |
| 1 | xmw 12/06/02 18:04:48 |
| 2 | |
| 3 | Added: nut-2.6.3-CVE-2012-2944.patch |
| 4 | Log: |
| 5 | Version bump (bug 406099, thanks Matthew Stapleton and Guillaume Castagnino). Include ubuntus CVE-2012-2944.patch to fix bug 419377. |
| 6 | |
| 7 | (Portage version: 2.1.10.63/cvs/Linux x86_64) |
| 8 | |
| 9 | Revision Changes Path |
| 10 | 1.1 sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch |
| 11 | |
| 12 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch?rev=1.1&view=markup |
| 13 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch?rev=1.1&content-type=text/plain |
| 14 | |
| 15 | Index: nut-2.6.3-CVE-2012-2944.patch |
| 16 | =================================================================== |
| 17 | Origin: http://trac.networkupstools.org/projects/nut/changeset/3633 |
| 18 | Description: Fix CVE-2012-2944: upsd can be remotely crashed |
| 19 | |
| 20 | Index: nut-2.6.3/common/parseconf.c |
| 21 | =================================================================== |
| 22 | --- nut-2.6.3.orig/common/parseconf.c 2011-10-04 02:06:25.000000000 -0500 |
| 23 | +++ nut-2.6.3/common/parseconf.c 2012-05-30 13:29:41.000000000 -0500 |
| 24 | @@ -171,6 +171,13 @@ |
| 25 | |
| 26 | wbuflen = strlen(ctx->wordbuf); |
| 27 | |
| 28 | + /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */ |
| 29 | + if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) { |
| 30 | + fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n", |
| 31 | + ctx->ch); |
| 32 | + return; |
| 33 | + } |
| 34 | + |
| 35 | if (ctx->wordlen_limit != 0) { |
| 36 | if (wbuflen >= ctx->wordlen_limit) { |