rpm/rrdtool
SHA256
1
0
Fork 0
forked from pool/rrdtool
Code Pull Requests Activity

Accepting request 264071 from devel:languages:python

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/264071
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rrdtool?expand=0&rev=57
This commit is contained in:
Dominique Leuenberger 2014-12-06 12:45:24 +00:00 committed by Git OBS Bridge
commit 2794c42cd1
3 changed files with 79 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch Normal file
View File

@ -0,0 +1,69 @@
Index: rrdtool-1.4.7/src/rrd_graph.c
===================================================================
--- rrdtool-1.4.7.orig/src/rrd_graph.c
+++ rrdtool-1.4.7/src/rrd_graph.c
@@ -4016,6 +4016,12 @@ rrd_info_t *rrd_graph_v(
char *path;
char *filename;
+ if (bad_format_imginfo(im.imginfo)) {
+ rrd_info_free(im.grinfo);
+ im_free(&im);
+ rrd_set_error("bad format for imginfo");
+ return NULL;
+ }
path = strdup(im.graphfile);
filename = basename(path);
info.u_str =
@@ -4820,6 +4826,51 @@ int bad_format(
}
+int bad_format_imginfo(
+ char *fmt)
+{
+ char *ptr;
+ int n = 0;
+
+ ptr = fmt;
+ while (*ptr != '\0')
+ if (*ptr++ == '%') {
+
+ /* line cannot end with percent char */
+ if (*ptr == '\0')
+ return 1;
+ /* '%%' is allowed */
+ if (*ptr == '%')
+ ptr++;
+ /* '%s', '%S' are allowed */
+ else if (*ptr == 's' || *ptr == 'S') {
+ n = 1;
+ ptr++;
+ }
+
+ /* or else '% 4lu' and such are allowed */
+ else {
+ /* optional padding character */
+ if (*ptr == ' ')
+ ptr++;
+ /* This should take care of 'm' */
+ while (*ptr >= '0' && *ptr <= '9')
+ ptr++;
+ /* 'lu' must follow here */
+ if (*ptr++ != 'l')
+ return 1;
+ if (*ptr == 'u')
+ ptr++;
+ else
+ return 1;
+ n++;
+ }
+ }
+
+ return (n != 3);
+}
+
+
int vdef_parse(
struct graph_desc_t
*gdes,

7
rrdtool.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Dec 4 16:40:33 UTC 2014 - kstreitova@suse.com
- add rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch that
adds check to the imginfo format to prevent crash or exploit
bnc#828003, CVE-2013-2131.
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Nov 23 06:16:00 UTC 2014 - Led <ledest@gmail.com> Sun Nov 23 06:16:00 UTC 2014 - Led <ledest@gmail.com>

3
rrdtool.spec
View File

@ -46,6 +46,8 @@ Source: http://oss.oetiker.ch/rrdtool/pub/rrdtool-%{version}.tar.gz
Patch1: rrdtool-lua-ruby_lib64.patch Patch1: rrdtool-lua-ruby_lib64.patch
Patch2: rrdtool-tclversion.patch Patch2: rrdtool-tclversion.patch
Patch3: rrdtool-tclsegfault.patch Patch3: rrdtool-tclsegfault.patch
# PATCH-FIX-UPSTREAM bnc#828003 kstreitova@suse.com -- adds check to the imginfo format to prevent crash or exploit
Patch4: rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch
Source1: http://www.infodrom.org/projects/cgilib/download/cgilib-%{cgilib_version}.tar.gz Source1: http://www.infodrom.org/projects/cgilib/download/cgilib-%{cgilib_version}.tar.gz
Patch11: cgilib-fix_automake.patch Patch11: cgilib-fix_automake.patch
#PATCH FIX UPSTREAM BNC#793636 #PATCH FIX UPSTREAM BNC#793636
@ -154,6 +156,7 @@ daemon was written to alleviate these problems.
%endif %endif
%patch2 %patch2
%patch3 %patch3
%patch4 -p1
pushd "cgilib-%{cgilib_version}" pushd "cgilib-%{cgilib_version}"
%patch11 %patch11
popd #cgilib popd #cgilib