From: | "Michael Weber (xmw)" <xmw@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo-x86 commit in sys-power/nut/files: nut-2.6.3-CVE-2012-2944.patch |
Date: | Sat, 02 Jun 2012 18:04:59 |
Message-Id: | 20120602180448.DF45B20033@flycatcher.gentoo.org |
1 | xmw 12/06/02 18:04:48 |
2 | |
3 | Added: nut-2.6.3-CVE-2012-2944.patch |
4 | Log: |
5 | Version bump (bug 406099, thanks Matthew Stapleton and Guillaume Castagnino). Include ubuntus CVE-2012-2944.patch to fix bug 419377. |
6 | |
7 | (Portage version: 2.1.10.63/cvs/Linux x86_64) |
8 | |
9 | Revision Changes Path |
10 | 1.1 sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch |
11 | |
12 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch?rev=1.1&view=markup |
13 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch?rev=1.1&content-type=text/plain |
14 | |
15 | Index: nut-2.6.3-CVE-2012-2944.patch |
16 | =================================================================== |
17 | Origin: http://trac.networkupstools.org/projects/nut/changeset/3633 |
18 | Description: Fix CVE-2012-2944: upsd can be remotely crashed |
19 | |
20 | Index: nut-2.6.3/common/parseconf.c |
21 | =================================================================== |
22 | --- nut-2.6.3.orig/common/parseconf.c 2011-10-04 02:06:25.000000000 -0500 |
23 | +++ nut-2.6.3/common/parseconf.c 2012-05-30 13:29:41.000000000 -0500 |
24 | @@ -171,6 +171,13 @@ |
25 | |
26 | wbuflen = strlen(ctx->wordbuf); |
27 | |
28 | + /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */ |
29 | + if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) { |
30 | + fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n", |
31 | + ctx->ch); |
32 | + return; |
33 | + } |
34 | + |
35 | if (ctx->wordlen_limit != 0) { |
36 | if (wbuflen >= ctx->wordlen_limit) { |