rpms/ganglia/devel ganglia.spec, 1.23, 1.24 gmetad-bof-dos.patch, 1.1, 1.2

Kostas Georgiou georgiou at fedoraproject.org
Tue Jan 20 19:31:23 UTC 2009 

Author: georgiou

Update of /cvs/extras/rpms/ganglia/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15332

Modified Files:
	ganglia.spec gmetad-bof-dos.patch 
Log Message:
Additional security fixes from #480236



Index: ganglia.spec
===================================================================
RCS file: /cvs/extras/rpms/ganglia/devel/ganglia.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- ganglia.spec	14 Jan 2009 21:14:20 -0000	1.23
+++ ganglia.spec	20 Jan 2009 19:30:52 -0000	1.24
@@ -1,6 +1,6 @@
 Name:               ganglia
 Version:            3.1.1
-Release:            3%{?svnrev:.r%{svnrev}}%{?dist}
+Release:            4%{?svnrev:.r%{svnrev}}%{?dist}
 Summary:            Ganglia Distributed Monitoring System
 
 Group:              Applications/Internet
@@ -271,6 +271,10 @@
 %{_datadir}/%{name}
 
 %changelog
+* Tue Jan 20 2009 Kostas Georgiou <k.georgiou at imperial.ac.uk> - 3.1.1-4
+- [480236] Updated patch for the buffer overflow from upstream with
+  additional fixes
+
 * Wed Jan 14 2009 Kostas Georgiou <k.georgiou at imperial.ac.uk> - 3.1.1-3
 - Fix for gmetad server buffer overflow
 - The private_clusters file should not be readable by everyone

gmetad-bof-dos.patch:

Index: gmetad-bof-dos.patch
===================================================================
RCS file: /cvs/extras/rpms/ganglia/devel/gmetad-bof-dos.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- gmetad-bof-dos.patch	14 Jan 2009 21:14:21 -0000	1.1
+++ gmetad-bof-dos.patch	20 Jan 2009 19:30:53 -0000	1.2
@@ -1,5 +1,5 @@
---- gmetad/server.c.orig	2009-01-09 00:30:10.000000000 +0800
-+++ gmetad/server.c	2009-01-09 00:42:52.000000000 +0800
+--- gmetad/server.c.orig
++++ gmetad/server.c
 @@ -11,6 +11,7 @@
  #include "dtd.h"
  #include "gmetad.h"
@@ -8,7 +8,15 @@
  
  extern g_tcp_socket *server_socket;
  extern pthread_mutex_t  server_socket_mutex;
-@@ -377,7 +378,7 @@
+@@ -370,14 +371,13 @@ tree_report(datum_t *key, datum_t *val, void *arg)
+    
+ /* sacerdoti: This function does a tree walk while respecting the filter path.
+  * Will return valid XML even if we have chosen a subtree. Since tree depth is
+- * bounded, this function guarantees O(1) search time. The recursive structure 
+- * does not require any memory allocations. 
++ * bounded, this function guarantees O(1) search time.
+  */
+ static int
  process_path (client_t *client, char *path, datum_t *myroot, datum_t *key)
  {
     char *p, *q, *pathend;
@@ -17,16 +25,18 @@
     int rc, len;
     datum_t *found;
     datum_t findkey;
-@@ -419,6 +420,8 @@
+@@ -419,6 +419,10 @@ process_path (client_t *client, char *path, datum_t *myroot, datum_t *key)
           if (!q) q=pathend;
        
           len = q-p;
-+         /* +1 not needed as q-p is already accounting for that */
-+         element = malloc(len);
++         element = malloc(len + 1);
++         if ( element == NULL )
++             return 1;
++
           strncpy(element, p, len);
           element[len] = '\0';
        
-@@ -435,10 +438,13 @@
+@@ -435,10 +439,13 @@ process_path (client_t *client, char *path, datum_t *myroot, datum_t *key)
                 rc = process_path(client, q, found, &findkey);
                 
                 datum_free(found);
@@ -41,7 +51,16 @@
              }
        }
     if (rc) return 1;
-@@ -600,8 +606,8 @@
+@@ -537,7 +544,7 @@ server_thread (void *arg)
+    socklen_t len;
+    client_t client;
+    char remote_ip[16];
+-   char request[REQUESTLEN];
++   char request[REQUESTLEN + 1];
+    llist_entry *le;
+    datum_t rootdatum;
+ 
+@@ -600,8 +607,8 @@ server_thread (void *arg)
                 if (process_request(&client, request))
                    {
                       err_msg("Got a malformed path request from %s", remote_ip);

More information about the fedora-extras-commits mailing list