logrotate/logrotate-CVE-2011-1155.patch

Index: logrotate.c
===================================================================
--- logrotate.c.orig
+++ logrotate.c
@@ -36,6 +36,12 @@ int selinux_enforce = 0;
 #define GLOB_ABORTED GLOB_ABEND
 #endif
 
+#ifdef PATH_MAX
+#define STATEFILE_BUFFER_SIZE 2 * PATH_MAX + 16
+#else
+#define STATEFILE_BUFFER_SIZE 4096
+#endif
+
 struct logState {
     char *fn;
     struct tm lastRotated;	/* only tm.mon, tm_mday, tm_year are good! */
@@ -82,6 +88,34 @@ static int globerr(const char *pathname,
     return 1;
 }
 
+static void unescape(char *arg)
+{
+	char *p = arg;
+	char *next;
+	char escaped;
+	while ((next = strchr(p, '\\')) != NULL) {
+
+		p = next;
+
+		switch (p[1]) {
+		case 'n':
+			escaped = '\n';
+			break;
+		case '\\':
+			escaped = '\\';
+			break;
+		default:
+			++p;
+			continue;
+		}
+
+		/* Overwrite the backslash with the intended character,
+		 * and shift everything down one */
+		*p++ = escaped;
+		memmove(p, p+1, 1 + strlen(p+1));
+	}
+}
+
 #define HASH_SIZE_MIN 64
 static int allocateHash(void)
 {
@@ -1467,7 +1501,13 @@ static int writeState(char *stateFilenam
 			for (chptr = p->fn; *chptr; chptr++) {
 				switch (*chptr) {
 				case '"':
+				case '\\':
 					fputc('\\', f);
+					break;
+				case '\n':
+					fputc('\\', f);
+					fputc('n', f);
+					continue;
 				}
 
 				fputc(*chptr, f);
@@ -1488,7 +1528,8 @@ static int writeState(char *stateFilenam
 static int readState(char *stateFilename)
 {
     FILE *f;
-    char buf[1024];
+    char buf[STATEFILE_BUFFER_SIZE];
+	char *filename;
     const char **argv;
     int argc;
     int year, month, day;
@@ -1599,7 +1640,10 @@ static int readState(char *stateFilename
 
 	year -= 1900, month -= 1;
 
-	if ((st = findState(argv[0])) == NULL)
+	filename = strdup(argv[0]);
+	unescape(filename);
+	
+	if ((st = findState(filename)) == NULL)
 		return 1;
 
 	st->lastRotated.tm_mon = month;
@@ -1611,6 +1655,7 @@ static int readState(char *stateFilename
 	st->lastRotated = *localtime(&lr_time);
 
 	free(argv);
+	free(filename);
     }
 
     fclose(f);
Accepting request 70307 from home:puzel:branches:Base:System - add logrotate-CVE-2011-1098.patch (bnc#677336) - add logrotate-shred-CVE-2011-1154.patch (bnc#679661) - add logrotate-CVE-2011-1155.patch (bnc#679662) OBS-URL: https://build.opensuse.org/request/show/70307 OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=12 2011-05-18 19:37:01 +02:00			`Index: logrotate.c`
			`===================================================================`
			`--- logrotate.c.orig`
			`+++ logrotate.c`
			`@@ -36,6 +36,12 @@ int selinux_enforce = 0;`
			`#define GLOB_ABORTED GLOB_ABEND`
			`#endif`

			`+#ifdef PATH_MAX`
			`+#define STATEFILE_BUFFER_SIZE 2 * PATH_MAX + 16`
			`+#else`
			`+#define STATEFILE_BUFFER_SIZE 4096`
			`+#endif`
			`+`
			`struct logState {`
			`char *fn;`
			`struct tm lastRotated; /* only tm.mon, tm_mday, tm_year are good! */`
			`@@ -82,6 +88,34 @@ static int globerr(const char *pathname,`
			`return 1;`
			`}`

			`+static void unescape(char *arg)`
			`+{`
			`+ char *p = arg;`
			`+ char *next;`
			`+ char escaped;`
			`+ while ((next = strchr(p, '\\')) != NULL) {`
			`+`
			`+ p = next;`
			`+`
			`+ switch (p[1]) {`
			`+ case 'n':`
			`+ escaped = '\n';`
			`+ break;`
			`+ case '\\':`
			`+ escaped = '\\';`
			`+ break;`
			`+ default:`
			`+ ++p;`
			`+ continue;`
			`+ }`
			`+`
			`+ /* Overwrite the backslash with the intended character,`
			`+ * and shift everything down one */`
			`+ *p++ = escaped;`
			`+ memmove(p, p+1, 1 + strlen(p+1));`
			`+ }`
			`+}`
			`+`
			`#define HASH_SIZE_MIN 64`
			`static int allocateHash(void)`
			`{`
			`@@ -1467,7 +1501,13 @@ static int writeState(char *stateFilenam`
			`for (chptr = p->fn; *chptr; chptr++) {`
			`switch (*chptr) {`
			`case '"':`
			`+ case '\\':`
			`fputc('\\', f);`
			`+ break;`
			`+ case '\n':`
			`+ fputc('\\', f);`
			`+ fputc('n', f);`
			`+ continue;`
			`}`

			`fputc(*chptr, f);`
			`@@ -1488,7 +1528,8 @@ static int writeState(char *stateFilenam`
			`static int readState(char *stateFilename)`
			`{`
			`FILE *f;`
			`- char buf[1024];`
			`+ char buf[STATEFILE_BUFFER_SIZE];`
			`+ char *filename;`
			`const char **argv;`
			`int argc;`
			`int year, month, day;`
			`@@ -1599,7 +1640,10 @@ static int readState(char *stateFilename`

			`year -= 1900, month -= 1;`

			`- if ((st = findState(argv[0])) == NULL)`
			`+ filename = strdup(argv[0]);`
			`+ unescape(filename);`
			`+`
			`+ if ((st = findState(filename)) == NULL)`
			`return 1;`

			`st->lastRotated.tm_mon = month;`
			`@@ -1611,6 +1655,7 @@ static int readState(char *stateFilename`
			`st->lastRotated = *localtime(&lr_time);`

			`free(argv);`
			`+ free(filename);`
			`}`

			`fclose(f);`