- added memcached-1.4.x_delete_verbose_mode_dos.patch (bnc#798458)

DoS when printing out keys to be deleted in verbose mode Upstream bug 306 (CVE-2013-0179) OBS-URL: https://build.opensuse.org/package/show/network:utilities/memcached?expand=0&rev=18
2013-01-15 11:44:27 +00:00 · 2013-01-15 11:44:27 +00:00 · f66bbcc1d4
commit f66bbcc1d4
parent a3b5252d1f
3 changed files with 41 additions and 0 deletions
--- a/memcached-1.4.x_delete_verbose_mode_dos.patch
+++ b/memcached-1.4.x_delete_verbose_mode_dos.patch
@ -0,0 +1,32 @@
+From d711492c32626c0d7ba201791a681a5bffebcedf Mon Sep 17 00:00:00 2001
+From: Jeremy Sowden <jeremy.sowden@gmail.com>
+Date: Wed, 9 Jan 2013 15:43:41 +0000
+Subject: [PATCH] Fix buffer-overrun when logging key to delete in binary
+ protocol.
+
+
+---
+ memcached.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+
+diff --git a/memcached.c b/memcached.c
+index d157b4e..1fd87c9 100644
+--- a/memcached.c
+++ b/memcached.c
+@@ -2150,7 +2150,12 @@ static void process_bin_delete(conn *c) {
+     assert(c != NULL);
+ 
+     if (settings.verbose > 1) {
+-        fprintf(stderr, "Deleting %s\n", key);
+        int ii;
+        fprintf(stderr, "Deleting ");
+        for (ii = 0; ii < nkey; ++ii) {
+            fprintf(stderr, "%c", key[ii]);
+        }
+        fprintf(stderr, "\n");
+     }
+ 
+     if (settings.detail_enabled) {
+-- 
+1.7.10.4
--- a/memcached.changes
+++ b/memcached.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jan 15 11:44:05 UTC 2013 - mrueckert@suse.de
+
+- added memcached-1.4.x_delete_verbose_mode_dos.patch (bnc#798458)
+  DoS when printing out keys to be deleted in verbose mode
+  Upstream bug 306 (CVE-2013-0179)
+
 -------------------------------------------------------------------
 Tue Nov 20 07:51:02 UTC 2012 - dimstar@opensuse.org

--- a/memcached.spec
+++ b/memcached.spec
@ -52,6 +52,7 @@ Source4:        memcached.service
 Patch0:         memcached-1.4.5.dif
 Patch1:         memcached-autofoo.patch
 Patch2:         memcached-use-endian_h.patch
+Patch3:         memcached-1.4.x_delete_verbose_mode_dos.patch
 #
 Summary:        A high-performance, distributed memory object caching system
 License:        BSD-3-Clause
@ -77,6 +78,7 @@ miss.
 %patch0
 %patch1
 %patch2
+%patch3 -p1

 %build
 autoreconf -fiv