rpms/ganglia/F-9 gmetad-bof-dos.patch, NONE, 1.1 ganglia.spec, 1.13, 1.14

Kostas Georgiou georgiou at fedoraproject.org
Thu Jan 15 00:06:57 UTC 2009 

Author: georgiou

Update of /cvs/extras/rpms/ganglia/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32555

Modified Files:
	ganglia.spec 
Added Files:
	gmetad-bof-dos.patch 
Log Message:
Fix gmetad buffer overflow


gmetad-bof-dos.patch:

--- NEW FILE gmetad-bof-dos.patch ---
--- gmetad/server.c.orig	2009-01-09 00:30:10.000000000 +0800
+++ gmetad/server.c	2009-01-09 00:42:52.000000000 +0800
@@ -11,6 +11,7 @@
 #include "dtd.h"
 #include "gmetad.h"
 #include "my_inet_ntop.h"
+#include <stdlib.h>
 
 extern g_tcp_socket *server_socket;
 extern pthread_mutex_t  server_socket_mutex;
@@ -377,7 +378,7 @@
 process_path (client_t *client, char *path, datum_t *myroot, datum_t *key)
 {
    char *p, *q, *pathend;
-   char element[256];
+   char *element;
    int rc, len;
    datum_t *found;
    datum_t findkey;
@@ -419,6 +420,8 @@
          if (!q) q=pathend;
       
          len = q-p;
+         /* +1 not needed as q-p is already accounting for that */
+         element = malloc(len);
          strncpy(element, p, len);
          element[len] = '\0';
       
@@ -435,10 +438,13 @@
                rc = process_path(client, q, found, &findkey);
                
                datum_free(found);
+               free(element);
             }
          else
             {
-               rc = process_path(client, 0, myroot, NULL);
+               /* element not found */
+               free(element);
+               return 1;
             }
       }
    if (rc) return 1;
@@ -600,8 +606,8 @@
                if (process_request(&client, request))
                   {
                      err_msg("Got a malformed path request from %s", remote_ip);
-                     /* Send them the entire tree to discourage attacks. */
-                     strcpy(request, "/");
+                     close(client.fd);
+                     continue;
                   }
             }
          else


Index: ganglia.spec
===================================================================
RCS file: /cvs/extras/rpms/ganglia/F-9/ganglia.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- ganglia.spec	1 Jul 2008 11:36:19 -0000	1.13
+++ ganglia.spec	15 Jan 2009 00:06:26 -0000	1.14
@@ -1,12 +1,13 @@
 Name:               ganglia
 Version:            3.0.7
-Release:            2%{?dist}
+Release:            3%{?dist}
 Summary:            Ganglia Distributed Monitoring System
 
 Group:              Applications/Internet
 License:            BSD
 URL:                http://ganglia.sourceforge.net/
 Source0:            http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}.tar.gz
+Patch0:             gmetad-bof-dos.patch
 Buildroot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:      rrdtool-devel
@@ -70,6 +71,7 @@
 
 %prep 
 %setup -q
+%patch0 -p0
 ## Hey, those shouldn't be executable...
 chmod -x lib/*.{h,x}
 
@@ -205,6 +207,9 @@
 %{_datadir}/%{name}
 
 %changelog
+* Wed Jan 14 2009 Kostas Georgiou <k.georgiou at imperial.ac.uk> - 3.0.7-3
+- Fix for gmetad server buffer overflow 
+
 * Tue Jul  1 2008 Kostas Georgiou <k.georgiou at imperial.ac.uk> 3.0.7-2
 - Rebuild for new rrdtool release

More information about the fedora-extras-commits mailing list