[Pkg-mongodb-maintainers] [pkg-mongodb] 313/394: Use upstream backported fix for CVE-2015-1609
Apollon Oikonomopoulos
apoikos at moszumanska.debian.org
Wed Sep 21 13:59:50 UTC 2016
This is an automated email from the git hooks/post-receive script.
apoikos pushed a commit to branch master
in repository pkg-mongodb.
commit da586ba8dc20d3e6913262420e0278bc89936cbb
Author: Laszlo Boszormenyi (GCS) <gcs at debian.org>
Date: Tue Jun 30 16:10:06 2015 +0000
Use upstream backported fix for CVE-2015-1609
---
debian/changelog | 6 +++
.../3a7e85ea1f672f702660e5472566234b1d19038e.patch | 53 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 60 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 591f215..d339b47 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+mongodb (1:2.4.10-5) unstable; urgency=high
+
+ * Use upstream backported fix for CVE-2015-1609 (closes: #780129).
+
+ -- Laszlo Boszormenyi (GCS) <gcs at debian.org> Mon, 09 Mar 2015 21:21:24 +0000
+
mongodb (1:2.4.10-4) unstable; urgency=high
* Backport potential information leak security fix from 2.4.11 .
diff --git a/debian/patches/3a7e85ea1f672f702660e5472566234b1d19038e.patch b/debian/patches/3a7e85ea1f672f702660e5472566234b1d19038e.patch
new file mode 100644
index 0000000..42288d9
--- /dev/null
+++ b/debian/patches/3a7e85ea1f672f702660e5472566234b1d19038e.patch
@@ -0,0 +1,53 @@
+From 3a7e85ea1f672f702660e5472566234b1d19038e Mon Sep 17 00:00:00 2001
+From: Eliot Horowitz <eliot at 10gen.com>
+Date: Wed, 11 Feb 2015 22:12:37 -0500
+Subject: [PATCH] SERVER-17264: improve bson validation for utf-8 strings
+
+(cherry picked from commit 394a8569ff14a215c0691aa34440227b2e62a4de)
+
+Conflicts:
+ src/mongo/bson/bson_validate_test.cpp
+---
+ src/mongo/bson/bson_validate.cpp | 5 +++++
+ src/mongo/bson/bson_validate_test.cpp | 14 ++++++++++++++
+ 2 files changed, 19 insertions(+)
+
+diff --git a/src/mongo/bson/bson_validate.cpp b/src/mongo/bson/bson_validate.cpp
+index 9ac0bcb..a7c95ad 100644
+--- a/src/mongo/bson/bson_validate.cpp
++++ b/src/mongo/bson/bson_validate.cpp
+@@ -62,6 +62,11 @@ namespace mongo {
+ if ( !readNumber<int>( &sz ) )
+ return Status( ErrorCodes::InvalidBSON, "invalid bson" );
+
++ if ( sz <= 0 ) {
++ // must have NULL at the very least
++ return Status( ErrorCodes::InvalidBSON, "invalid bson");
++ }
++
+ if ( out ) {
+ *out = StringData( _buffer + _position, sz );
+ }
+diff --git a/src/mongo/bson/bson_validate_test.cpp b/src/mongo/bson/bson_validate_test.cpp
+index 61e67f3..a36dbc5 100644
+--- a/src/mongo/bson/bson_validate_test.cpp
++++ b/src/mongo/bson/bson_validate_test.cpp
+@@ -213,4 +213,18 @@ namespace {
+ ASSERT_NOT_OK(validateBSON(x.objdata(), x.objsize() / 2));
+ }
+
++ TEST(BSONValidateFast, StringHasSomething) {
++ BufBuilder bb;
++ BSONObjBuilder ob(bb);
++ bb.appendChar(String);
++ bb.appendStr("x", /*withNUL*/true);
++ bb.appendNum(0);
++ const BSONObj x = ob.done();
++ ASSERT_EQUALS(5 // overhead
++ + 1 // type
++ + 2 // name
++ + 4 // size
++ , x.objsize());
++ ASSERT_NOT_OK(validateBSON(x.objdata(), x.objsize()));
++ }
+ }
diff --git a/debian/patches/series b/debian/patches/series
index b207b0a..cf48e35 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,3 +17,4 @@ no-unused-function.patch
cefb0ef38f050b73b2bf8211add55f3749753e0a.patch
8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
656f78711632a5dc37221422c99e3c4619bcc58f.patch
+3a7e85ea1f672f702660e5472566234b1d19038e.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mongodb/pkg-mongodb.git
More information about the Pkg-mongodb-maintainers
mailing list