From 1910e5c917dc4f819c68ad080ef4df97f479a3bc5254f879d4a638076be1bdd8 Mon Sep 17 00:00:00 2001 From: Denisart Benjamin Date: Thu, 4 Dec 2014 17:37:04 +0000 Subject: [PATCH] Accepting request 264060 from home:kstreitova:branches:devel:languages:python - add rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch that adds check to the imginfo format to prevent crash or exploit bnc#828003, CVE-2013-2131. OBS-URL: https://build.opensuse.org/request/show/264060 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/rrdtool?expand=0&rev=60 --- ...7-CVE-2013-2131-imginfo_format_check.patch | 69 +++++++++++++++++++ rrdtool.changes | 7 ++ rrdtool.spec | 3 + 3 files changed, 79 insertions(+) create mode 100644 rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch diff --git a/rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch b/rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch new file mode 100644 index 0000000..59cdd79 --- /dev/null +++ b/rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch @@ -0,0 +1,69 @@ +Index: rrdtool-1.4.7/src/rrd_graph.c +=================================================================== +--- rrdtool-1.4.7.orig/src/rrd_graph.c ++++ rrdtool-1.4.7/src/rrd_graph.c +@@ -4016,6 +4016,12 @@ rrd_info_t *rrd_graph_v( + char *path; + char *filename; + ++ if (bad_format_imginfo(im.imginfo)) { ++ rrd_info_free(im.grinfo); ++ im_free(&im); ++ rrd_set_error("bad format for imginfo"); ++ return NULL; ++ } + path = strdup(im.graphfile); + filename = basename(path); + info.u_str = +@@ -4820,6 +4826,51 @@ int bad_format( + } + + ++int bad_format_imginfo( ++ char *fmt) ++{ ++ char *ptr; ++ int n = 0; ++ ++ ptr = fmt; ++ while (*ptr != '\0') ++ if (*ptr++ == '%') { ++ ++ /* line cannot end with percent char */ ++ if (*ptr == '\0') ++ return 1; ++ /* '%%' is allowed */ ++ if (*ptr == '%') ++ ptr++; ++ /* '%s', '%S' are allowed */ ++ else if (*ptr == 's' || *ptr == 'S') { ++ n = 1; ++ ptr++; ++ } ++ ++ /* or else '% 4lu' and such are allowed */ ++ else { ++ /* optional padding character */ ++ if (*ptr == ' ') ++ ptr++; ++ /* This should take care of 'm' */ ++ while (*ptr >= '0' && *ptr <= '9') ++ ptr++; ++ /* 'lu' must follow here */ ++ if (*ptr++ != 'l') ++ return 1; ++ if (*ptr == 'u') ++ ptr++; ++ else ++ return 1; ++ n++; ++ } ++ } ++ ++ return (n != 3); ++} ++ ++ + int vdef_parse( + struct graph_desc_t + *gdes, diff --git a/rrdtool.changes b/rrdtool.changes index e2d1ac9..23b0e3f 100644 --- a/rrdtool.changes +++ b/rrdtool.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Dec 4 16:40:33 UTC 2014 - kstreitova@suse.com + +- add rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch that + adds check to the imginfo format to prevent crash or exploit + bnc#828003, CVE-2013-2131. + ------------------------------------------------------------------- Sun Nov 23 06:16:00 UTC 2014 - Led diff --git a/rrdtool.spec b/rrdtool.spec index a232de8..1ad4b9e 100644 --- a/rrdtool.spec +++ b/rrdtool.spec @@ -46,6 +46,8 @@ Source: http://oss.oetiker.ch/rrdtool/pub/rrdtool-%{version}.tar.gz Patch1: rrdtool-lua-ruby_lib64.patch Patch2: rrdtool-tclversion.patch Patch3: rrdtool-tclsegfault.patch +# PATCH-FIX-UPSTREAM bnc#828003 kstreitova@suse.com -- adds check to the imginfo format to prevent crash or exploit +Patch4: rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch Source1: http://www.infodrom.org/projects/cgilib/download/cgilib-%{cgilib_version}.tar.gz Patch11: cgilib-fix_automake.patch #PATCH FIX UPSTREAM BNC#793636 @@ -154,6 +156,7 @@ daemon was written to alleviate these problems. %endif %patch2 %patch3 +%patch4 -p1 pushd "cgilib-%{cgilib_version}" %patch11 popd #cgilib