[Pkg-mongodb-maintainers] [pkg-mongodb] 313/394: Use upstream backported fix for CVE-2015-1609

[Apollon Oikonomopoulos]

This is an automated email from the git hooks/post-receive script.

apoikos pushed a commit to branch master
in repository pkg-mongodb.

commit da586ba8dc20d3e6913262420e0278bc89936cbb
Author: Laszlo Boszormenyi (GCS) <gcs at debian.org>
Date:   Tue Jun 30 16:10:06 2015 +0000

    Use upstream backported fix for CVE-2015-1609
---
 debian/changelog                                   |  6 +++
 .../3a7e85ea1f672f702660e5472566234b1d19038e.patch | 53 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 60 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 591f215..d339b47 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+mongodb (1:2.4.10-5) unstable; urgency=high
+
+  * Use upstream backported fix for CVE-2015-1609 (closes: #780129).
+
+ -- Laszlo Boszormenyi (GCS) <gcs at debian.org>  Mon, 09 Mar 2015 21:21:24 +0000
+
 mongodb (1:2.4.10-4) unstable; urgency=high
 
   * Backport potential information leak security fix from 2.4.11 .
diff --git a/debian/patches/3a7e85ea1f672f702660e5472566234b1d19038e.patch b/debian/patches/3a7e85ea1f672f702660e5472566234b1d19038e.patch
new file mode 100644
index 0000000..42288d9
--- /dev/null
+++ b/debian/patches/3a7e85ea1f672f702660e5472566234b1d19038e.patch
@@ -0,0 +1,53 @@
+From 3a7e85ea1f672f702660e5472566234b1d19038e Mon Sep 17 00:00:00 2001
+From: Eliot Horowitz <eliot at 10gen.com>
+Date: Wed, 11 Feb 2015 22:12:37 -0500
+Subject: [PATCH] SERVER-17264: improve bson validation for utf-8 strings
+
+(cherry picked from commit 394a8569ff14a215c0691aa34440227b2e62a4de)
+
+Conflicts:
+	src/mongo/bson/bson_validate_test.cpp
+---
+ src/mongo/bson/bson_validate.cpp      |  5 +++++
+ src/mongo/bson/bson_validate_test.cpp | 14 ++++++++++++++
+ 2 files changed, 19 insertions(+)
+
+diff --git a/src/mongo/bson/bson_validate.cpp b/src/mongo/bson/bson_validate.cpp
+index 9ac0bcb..a7c95ad 100644
+--- a/src/mongo/bson/bson_validate.cpp
++++ b/src/mongo/bson/bson_validate.cpp
+@@ -62,6 +62,11 @@ namespace mongo {
+                 if ( !readNumber<int>( &sz ) )
+                     return Status( ErrorCodes::InvalidBSON, "invalid bson" );
+ 
++                if ( sz <= 0 ) {
++                    // must have NULL at the very least
++                    return Status( ErrorCodes::InvalidBSON, "invalid bson");
++                }
++
+                 if ( out ) {
+                     *out = StringData( _buffer + _position, sz );
+                 }
+diff --git a/src/mongo/bson/bson_validate_test.cpp b/src/mongo/bson/bson_validate_test.cpp
+index 61e67f3..a36dbc5 100644
+--- a/src/mongo/bson/bson_validate_test.cpp
++++ b/src/mongo/bson/bson_validate_test.cpp
+@@ -213,4 +213,18 @@ namespace {
+         ASSERT_NOT_OK(validateBSON(x.objdata(), x.objsize() / 2));
+     }
+ 
++    TEST(BSONValidateFast, StringHasSomething) {
++        BufBuilder bb;
++        BSONObjBuilder ob(bb);
++        bb.appendChar(String);
++        bb.appendStr("x", /*withNUL*/true);
++        bb.appendNum(0);
++        const BSONObj x = ob.done();
++        ASSERT_EQUALS(5 // overhead
++                      + 1 // type
++                      + 2 // name
++                      + 4 // size
++                      , x.objsize());
++        ASSERT_NOT_OK(validateBSON(x.objdata(), x.objsize()));
++    }
+ }
diff --git a/debian/patches/series b/debian/patches/series
index b207b0a..cf48e35 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,3 +17,4 @@ no-unused-function.patch
 cefb0ef38f050b73b2bf8211add55f3749753e0a.patch
 8b9242837510e6410ddcf4f19969da4c7b01b2f7.patch
 656f78711632a5dc37221422c99e3c4619bcc58f.patch
+3a7e85ea1f672f702660e5472566234b1d19038e.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mongodb/pkg-mongodb.git