rpms/dnsmasq/F-11 dnsmasq-2.46-tftp-server-vulnerabilities.patch, NONE, 1.1 dnsmasq.spec, 1.37, 1.38
Mark McLoughlin
markmc at fedoraproject.org
Mon Oct 5 10:26:46 UTC 2009
Author: markmc
Update of /cvs/pkgs/rpms/dnsmasq/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30536
Modified Files:
dnsmasq.spec
Added Files:
dnsmasq-2.46-tftp-server-vulnerabilities.patch
Log Message:
* Mon Oct 5 2009 Mark McLoughlin <markmc at redhat.com> - 2.46-3
- Fix multiple TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958)
dnsmasq-2.46-tftp-server-vulnerabilities.patch:
tftp.c | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
--- NEW FILE dnsmasq-2.46-tftp-server-vulnerabilities.patch ---
diff -up dnsmasq-2.48/src/tftp.c.tftp-server-vulnerabilities dnsmasq-2.48/src/tftp.c
--- dnsmasq-2.48/src/tftp.c.tftp-server-vulnerabilities 2009-10-05 11:15:10.104555320 +0100
+++ dnsmasq-2.48/src/tftp.c 2009-10-05 11:15:12.104564277 +0100
@@ -192,20 +192,21 @@ void tftp_request(struct listener *liste
while ((opt = next(&p, end)))
{
- if (strcasecmp(opt, "blksize") == 0 &&
- (opt = next(&p, end)) &&
- !(daemon->options & OPT_TFTP_NOBLOCK))
+ if (strcasecmp(opt, "blksize") == 0)
{
- transfer->blocksize = atoi(opt);
- if (transfer->blocksize < 1)
- transfer->blocksize = 1;
- if (transfer->blocksize > (unsigned)daemon->packet_buff_sz - 4)
- transfer->blocksize = (unsigned)daemon->packet_buff_sz - 4;
- transfer->opt_blocksize = 1;
- transfer->block = 0;
+ if ((opt = next(&p, end)) &&
+ !(daemon->options & OPT_TFTP_NOBLOCK))
+ {
+ transfer->blocksize = atoi(opt);
+ if (transfer->blocksize < 1)
+ transfer->blocksize = 1;
+ if (transfer->blocksize > (unsigned)daemon->packet_buff_sz - 4)
+ transfer->blocksize = (unsigned)daemon->packet_buff_sz - 4;
+ transfer->opt_blocksize = 1;
+ transfer->block = 0;
+ }
}
-
- if (strcasecmp(opt, "tsize") == 0 && next(&p, end) && !transfer->netascii)
+ else if (strcasecmp(opt, "tsize") == 0 && next(&p, end) && !transfer->netascii)
{
transfer->opt_transize = 1;
transfer->block = 0;
@@ -217,17 +218,17 @@ void tftp_request(struct listener *liste
{
if (daemon->tftp_prefix[0] == '/')
daemon->namebuff[0] = 0;
- strncat(daemon->namebuff, daemon->tftp_prefix, MAXDNAME);
+ strncat(daemon->namebuff, daemon->tftp_prefix, (MAXDNAME-1) - strlen(daemon->namebuff));
if (daemon->tftp_prefix[strlen(daemon->tftp_prefix)-1] != '/')
- strncat(daemon->namebuff, "/", MAXDNAME);
+ strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff));
if (daemon->options & OPT_TFTP_APREF)
{
size_t oldlen = strlen(daemon->namebuff);
struct stat statbuf;
- strncat(daemon->namebuff, inet_ntoa(peer.sin_addr), MAXDNAME);
- strncat(daemon->namebuff, "/", MAXDNAME);
+ strncat(daemon->namebuff, inet_ntoa(peer.sin_addr), (MAXDNAME-1) - strlen(daemon->namebuff));
+ strncat(daemon->namebuff, "/", (MAXDNAME-1) - strlen(daemon->namebuff));
/* remove unique-directory if it doesn't exist */
if (stat(daemon->namebuff, &statbuf) == -1 || !S_ISDIR(statbuf.st_mode))
@@ -245,8 +246,7 @@ void tftp_request(struct listener *liste
}
else if (filename[0] == '/')
daemon->namebuff[0] = 0;
- strncat(daemon->namebuff, filename, MAXDNAME);
- daemon->namebuff[MAXDNAME-1] = 0;
+ strncat(daemon->namebuff, filename, (MAXDNAME-1) - strlen(daemon->namebuff));
/* check permissions and open file */
if ((transfer->file = check_tftp_fileperm(&len)))
Index: dnsmasq.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dnsmasq/F-11/dnsmasq.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -p -r1.37 -r1.38
--- dnsmasq.spec 24 Feb 2009 12:12:18 -0000 1.37
+++ dnsmasq.spec 5 Oct 2009 10:26:46 -0000 1.38
@@ -11,7 +11,7 @@
Name: dnsmasq
Version: 2.46
-Release: 2%{?extraversion}%{?dist}
+Release: 3%{?extraversion}%{?dist}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
@@ -20,6 +20,7 @@ URL: http://www.thekelleys.or
Source0: http://www.thekelleys.org.uk/dnsmasq/%{?extrapath}%{name}-%{version}%{?extraversion}.tar.gz
Patch0: %{name}-2.33-initscript.patch
Patch1: %{name}-configuration.patch
+Patch2: %{name}-2.46-tftp-server-vulnerabilities.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: dbus-devel
@@ -46,6 +47,7 @@ machines.
%setup -q -n %{name}-%{version}%{?extraversion}
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
make %{?_smp_mflags}
@@ -109,6 +111,9 @@ fi
%changelog
+* Mon Oct 5 2009 Mark McLoughlin <markmc at redhat.com> - 2.46-3
+- Fix multiple TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958)
+
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.46-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
More information about the fedora-extras-commits
mailing list