[DRE-commits] [ruby-passenger] 05/05: Cherry-pick upstream commit to fix CVE-2014-1832.
Felix Geyer
fgeyer at moszumanska.debian.org
Sat Mar 8 19:26:14 UTC 2014
This is an automated email from the git hooks/post-receive script.
fgeyer pushed a commit to branch master
in repository ruby-passenger.
commit f2265d9941c60ac9333b9917d93959bd6b93d48e
Author: Felix Geyer <fgeyer at debian.org>
Date: Sat Mar 8 20:25:32 2014 +0100
Cherry-pick upstream commit to fix CVE-2014-1832.
* Cherry-pick upstream commit to fix CVE-2014-1832.
The fix for CVE-2014-1831 was incomplete.
- Add CVE-2014-1832.patch
---
debian/changelog | 8 ++
debian/patches/CVE-2014-1832.patch | 154 +++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 163 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 67ac62e..44591d1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby-passenger (4.0.37-2) unstable; urgency=medium
+
+ * Cherry-pick upstream commit to fix CVE-2014-1832.
+ The fix for CVE-2014-1831 was incomplete.
+ - Add CVE-2014-1832.patch
+
+ -- Felix Geyer <fgeyer at debian.org> Sat, 08 Mar 2014 19:27:27 +0100
+
ruby-passenger (4.0.37-1) unstable; urgency=medium
* New upstream release.
diff --git a/debian/patches/CVE-2014-1832.patch b/debian/patches/CVE-2014-1832.patch
new file mode 100644
index 0000000..444a675
--- /dev/null
+++ b/debian/patches/CVE-2014-1832.patch
@@ -0,0 +1,154 @@
+From 94428057c602da3d6d34ef75c78091066ecac5c0 Mon Sep 17 00:00:00 2001
+From: "Hongli Lai (Phusion)" <hongli at phusion.nl>
+Date: Wed, 29 Jan 2014 14:19:25 +0100
+Subject: [PATCH] Fix a symlink-related security vulnerability.
+
+The fix in commit 34b10878 and contained a small attack time window in
+between two filesystem operations. This has been fixed.
+---
+ ext/common/ServerInstanceDir.h | 38 ++++++++++++++++++++++----------------
+ ext/common/Utils.cpp | 29 -----------------------------
+ ext/common/Utils.h | 6 ------
+ 4 files changed, 40 insertions(+), 51 deletions(-)
+
+diff --git a/ext/common/ServerInstanceDir.h b/ext/common/ServerInstanceDir.h
+index 8da3cf3..1315de5 100644
+--- a/ext/common/ServerInstanceDir.h
++++ b/ext/common/ServerInstanceDir.h
+@@ -1,6 +1,6 @@
+ /*
+ * Phusion Passenger - https://www.phusionpassenger.com/
+- * Copyright (c) 2010-2013 Phusion
++ * Copyright (c) 2010-2014 Phusion
+ *
+ * "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
+ *
+@@ -193,6 +193,9 @@ class ServerInstanceDir: public noncopyable {
+
+ void initialize(const string &path, bool owner) {
+ TRACE_POINT();
++ struct stat buf;
++ int ret;
++
+ this->path = path;
+ this->owner = owner;
+
+@@ -212,18 +215,25 @@ class ServerInstanceDir: public noncopyable {
+ * rights though, because we want admin tools to be able to list the available
+ * generations no matter what user they're running as.
+ */
++
++ do {
++ ret = lstat(path.c_str(), &buf);
++ } while (ret == -1 && errno == EAGAIN);
+ if (owner) {
+- switch (getFileTypeNoFollowSymlinks(path)) {
+- case FT_NONEXISTANT:
++ if (ret == 0) {
++ if (S_ISDIR(buf.st_mode)) {
++ verifyDirectoryPermissions(path, buf);
++ } else {
++ throw RuntimeException("'" + path + "' already exists, and is not a directory");
++ }
++ } else if (errno == ENOENT) {
+ createDirectory(path);
+- break;
+- case FT_DIRECTORY:
+- verifyDirectoryPermissions(path);
+- break;
+- default:
+- throw RuntimeException("'" + path + "' already exists, and is not a directory");
++ } else {
++ int e = errno;
++ throw FileSystemException("Cannot lstat '" + path + "'",
++ e, path);
+ }
+- } else if (getFileType(path) != FT_DIRECTORY) {
++ } else if (!S_ISDIR(buf.st_mode)) {
+ throw RuntimeException("Server instance directory '" + path +
+ "' does not exist");
+ }
+@@ -259,14 +269,10 @@ class ServerInstanceDir: public noncopyable {
+ * so that an attacker cannot pre-create a directory with too liberal
+ * permissions.
+ */
+- void verifyDirectoryPermissions(const string &path) {
++ void verifyDirectoryPermissions(const string &path, struct stat &buf) {
+ TRACE_POINT();
+- struct stat buf;
+
+- if (stat(path.c_str(), &buf) == -1) {
+- int e = errno;
+- throw FileSystemException("Cannot stat() " + path, e, path);
+- } else if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) {
++ if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) {
+ throw RuntimeException("Tried to reuse existing server instance directory " +
+ path + ", but it has wrong permissions");
+ } else if (buf.st_uid != geteuid() || buf.st_gid != getegid()) {
+diff --git a/ext/common/Utils.cpp b/ext/common/Utils.cpp
+index d1db8d6..1f3dec5 100644
+--- a/ext/common/Utils.cpp
++++ b/ext/common/Utils.cpp
+@@ -143,35 +143,6 @@
+ }
+ }
+
+-FileType
+-getFileTypeNoFollowSymlinks(const StaticString &filename) {
+- struct stat buf;
+- int ret;
+-
+- ret = lstat(filename.c_str(), &buf);
+- if (ret == 0) {
+- if (S_ISREG(buf.st_mode)) {
+- return FT_REGULAR;
+- } else if (S_ISDIR(buf.st_mode)) {
+- return FT_DIRECTORY;
+- } else if (S_ISLNK(buf.st_mode)) {
+- return FT_SYMLINK;
+- } else {
+- return FT_OTHER;
+- }
+- } else {
+- if (errno == ENOENT) {
+- return FT_NONEXISTANT;
+- } else {
+- int e = errno;
+- string message("Cannot lstat '");
+- message.append(filename);
+- message.append("'");
+- throw FileSystemException(message, e, filename);
+- }
+- }
+-}
+-
+ void
+ createFile(const string &filename, const StaticString &contents, mode_t permissions, uid_t owner,
+ gid_t group, bool overwrite)
+diff --git a/ext/common/Utils.h b/ext/common/Utils.h
+index 5cfaf92..a04e507 100644
+--- a/ext/common/Utils.h
++++ b/ext/common/Utils.h
+@@ -65,8 +65,6 @@
+ FT_REGULAR,
+ /** A directory. */
+ FT_DIRECTORY,
+- /** A symlink. Only returned by getFileTypeNoFollowSymlinks(), not by getFileType(). */
+- FT_SYMLINK,
+ /** Something else, e.g. a pipe or a socket. */
+ FT_OTHER
+ } FileType;
+@@ -123,10 +121,6 @@ bool fileExists(const StaticString &filename, CachedFileStat *cstat = 0,
+ */
+ FileType getFileType(const StaticString &filename, CachedFileStat *cstat = 0,
+ unsigned int throttleRate = 0);
+-/**
+- * Like getFileType(), but does not follow symlinks.
+- */
+-FileType getFileTypeNoFollowSymlinks(const StaticString &filename);
+
+ /**
+ * Create the given file with the given contents, permissions and ownership.
+--
+1.8.5.5
+
diff --git a/debian/patches/series b/debian/patches/series
index d4cadda..bd20fef 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
fix_install_path.patch
no_jsoncpp.patch
bin_load_path.patch
+CVE-2014-1832.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-passenger.git
More information about the Pkg-ruby-extras-commits
mailing list