r36329 - in /packages/unstable/libproxy/debian: changelog patches/cve-2012-4505.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Sat Nov 24 10:59:16 UTC 2012
Author: joss
Date: Sat Nov 24 10:59:16 2012
New Revision: 36329
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=36329
Log:
* Non-maintainer upload.
* Fix cve-2012-4505: buffer overflow in lib/pac.c (closes: #690376).
Added:
packages/unstable/libproxy/debian/patches/cve-2012-4505.patch
Modified:
packages/unstable/libproxy/debian/changelog
packages/unstable/libproxy/debian/patches/series
Modified: packages/unstable/libproxy/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/unstable/libproxy/debian/changelog?rev=36329&op=diff
==============================================================================
--- packages/unstable/libproxy/debian/changelog [utf-8] (original)
+++ packages/unstable/libproxy/debian/changelog [utf-8] Sat Nov 24 10:59:16 2012
@@ -1,3 +1,10 @@
+libproxy (0.3.1-5.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix cve-2012-4505: buffer overflow in lib/pac.c (closes: #690376).
+
+ -- Michael Gilbert <mgilbert at debian.org> Sat, 27 Oct 2012 04:44:22 -0400
+
libproxy (0.3.1-5) unstable; urgency=low
[ Kees Cook ]
Added: packages/unstable/libproxy/debian/patches/cve-2012-4505.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/unstable/libproxy/debian/patches/cve-2012-4505.patch?rev=36329&op=file
==============================================================================
--- packages/unstable/libproxy/debian/patches/cve-2012-4505.patch (added)
+++ packages/unstable/libproxy/debian/patches/cve-2012-4505.patch [utf-8] Sat Nov 24 10:59:16 2012
@@ -1,0 +1,33 @@
+Index: libproxy-0.3.1/src/lib/pac.c
+===================================================================
+--- libproxy-0.3.1.orig/src/lib/pac.c 2012-10-27 04:37:44.000000000 -0400
++++ libproxy-0.3.1/src/lib/pac.c 2012-10-27 04:46:25.932719469 -0400
+@@ -36,6 +36,9 @@
+
+ #define PAC_MIME_TYPE "application/x-ns-proxy-autoconfig"
+
++// This is the maximum pac size (to avoid memory attacks)
++#define PAC_MAX_SIZE 102400
++
+ /**
+ * ProxyAutoConfig object. All fields are private.
+ */
+@@ -160,12 +163,15 @@
+ }
+
+ /* Get content */
+- if (!content_length || !correct_mime_type) goto error;
++ if (content_length == 0 || content_length > PAC_MAX_SIZE || !correct_mime_type) goto error;
+ px_free(line); line = NULL;
+ px_free(self->cache);
+ self->cache = px_malloc0(content_length+1);
+- for (int recvd=0 ; recvd != content_length ; )
+- recvd += recv(sock, self->cache + recvd, content_length - recvd, 0);
++ for (int recvd=0 ; recvd != content_length ; ) {
++ int r = recv(sock, self->cache + recvd, content_length - recvd, 0);
++ if (r <= 0) goto error;
++ recvd += r;
++ }
+ }
+ else
+ { /* file:// url */
Modified: packages/unstable/libproxy/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/unstable/libproxy/debian/patches/series?rev=36329&op=diff
==============================================================================
--- packages/unstable/libproxy/debian/patches/series [utf-8] (original)
+++ packages/unstable/libproxy/debian/patches/series [utf-8] Sat Nov 24 10:59:16 2012
@@ -1,3 +1,4 @@
01_pac_http.patch
02_url_user.patch
03_format-security.patch
+cve-2012-4505.patch
More information about the pkg-gnome-commits
mailing list