[Pkg-cups-devel] r733 - in cupsys/trunk: . debian debian/patches
Martin Pitt
mpitt at alioth.debian.org
Sat Mar 22 11:42:49 UTC 2008
Author: mpitt
Date: Sat Mar 22 11:42:49 2008
New Revision: 733
Log:
* Add cgiCompileSearch_buffer_overflow.dpatch: Fix buffer overflow in
cgiCompileSearch() using crafted search expressions. Exploitable if
printer sharing is enabled. (CVE-2008-0047, STR #2729, Closes: #472105)
Added:
cupsys/trunk/debian/patches/cgiCompileSearch_buffer_overflow.dpatch (contents, props changed)
Modified:
cupsys/trunk/ (props changed)
cupsys/trunk/debian/changelog
cupsys/trunk/debian/patches/00list
Modified: cupsys/trunk/debian/changelog
==============================================================================
--- cupsys/trunk/debian/changelog (original)
+++ cupsys/trunk/debian/changelog Sat Mar 22 11:42:49 2008
@@ -10,8 +10,11 @@
[ Martin Pitt ]
* debian/local/apparmor-profile: Allow cups-pdf to read files in ~/PDF/, so
that it can overwrite files. (LP: #161222)
+ * Add cgiCompileSearch_buffer_overflow.dpatch: Fix buffer overflow in
+ cgiCompileSearch() using crafted search expressions. Exploitable if
+ printer sharing is enabled. (CVE-2008-0047, STR #2729, Closes: #472105)
- -- Martin Pitt <mpitt at debian.org> Fri, 21 Mar 2008 14:59:52 +0100
+ -- Martin Pitt <mpitt at debian.org> Sat, 22 Mar 2008 12:37:57 +0100
cupsys (1.3.6-2) unstable; urgency=low
Modified: cupsys/trunk/debian/patches/00list
==============================================================================
--- cupsys/trunk/debian/patches/00list (original)
+++ cupsys/trunk/debian/patches/00list Sat Mar 22 11:42:49 2008
@@ -1,3 +1,4 @@
+cgiCompileSearch_buffer_overflow
freebsd.dpatch
removecvstag.dpatch
pam.dpatch
Added: cupsys/trunk/debian/patches/cgiCompileSearch_buffer_overflow.dpatch
==============================================================================
--- (empty file)
+++ cupsys/trunk/debian/patches/cgiCompileSearch_buffer_overflow.dpatch Sat Mar 22 11:42:49 2008
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## cgiCompileSearch_buffer_overflow.dpatch by <mpitt at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix buffer overflow in cgiCompileSearch() when using crafted search
+## DP: queries, when printer sharing is enabled. (CVE-2008-0047, STR #2729)
+
+ at DPATCH@
+diff -urNad trunk~/cgi-bin/search.c trunk/cgi-bin/search.c
+--- trunk~/cgi-bin/search.c 2008-01-16 23:20:33.000000000 +0100
++++ trunk/cgi-bin/search.c 2008-03-22 12:33:49.000000000 +0100
+@@ -167,7 +167,9 @@
+ * string + RE overhead...
+ */
+
+- wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4;
++ wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
++ if (lword)
++ wlen += strlen(lword);
+
+ if (wlen > slen)
+ {
More information about the Pkg-cups-devel
mailing list