[Pkg-utopia-commits] r3146 - in /packages/lenny/dbus/debian: changelog patches/52-CVE-2009-1189.patch
biebl at users.alioth.debian.org
biebl at users.alioth.debian.org
Thu Jun 25 21:35:40 UTC 2009
Author: biebl
Date: Thu Jun 25 21:35:38 2009
New Revision: 3146
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=3146
Log:
* debian/patches/52-CVE-2009-1189.patch
- Security: The _dbus_validate_signature_with_reason function
(dbus-marshal-validate.c) uses incorrect logic to validate a basic type,
which allows remote attackers to spoof a signature via a crafted key.
NOTE: this is due to an incorrect fix for CVE-2008-3834
Closes: #532720
Fixes: CVE-2009-1189
* Urgency high for the security fix.
Added:
packages/lenny/dbus/debian/patches/52-CVE-2009-1189.patch
Modified:
packages/lenny/dbus/debian/changelog
Modified: packages/lenny/dbus/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/lenny/dbus/debian/changelog?rev=3146&op=diff
==============================================================================
--- packages/lenny/dbus/debian/changelog (original)
+++ packages/lenny/dbus/debian/changelog Thu Jun 25 21:35:38 2009
@@ -1,3 +1,16 @@
+dbus (1.2.1-5+lenny1) stable-security; urgency=high
+
+ * debian/patches/52-CVE-2009-1189.patch
+ - Security: The _dbus_validate_signature_with_reason function
+ (dbus-marshal-validate.c) uses incorrect logic to validate a basic type,
+ which allows remote attackers to spoof a signature via a crafted key.
+ NOTE: this is due to an incorrect fix for CVE-2008-3834
+ Closes: #532720
+ Fixes: CVE-2009-1189
+ * Urgency high for the security fix.
+
+ -- Michael Biebl <biebl at debian.org> Thu, 18 Jun 2009 06:12:34 +0200
+
dbus (1.2.1-5) unstable; urgency=high
[ Sjoerd Simons ]
Added: packages/lenny/dbus/debian/patches/52-CVE-2009-1189.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/lenny/dbus/debian/patches/52-CVE-2009-1189.patch?rev=3146&op=file
==============================================================================
--- packages/lenny/dbus/debian/patches/52-CVE-2009-1189.patch (added)
+++ packages/lenny/dbus/debian/patches/52-CVE-2009-1189.patch Thu Jun 25 21:35:38 2009
@@ -1,0 +1,55 @@
+From 82c8109a0ab4e4711c902135c2218bc522afcc3d Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters at verbum.org>
+Date: Wed, 01 Apr 2009 16:02:00 +0000
+Subject: Bug 17803 - Fix both test case and validation logic
+
+The previous commit had errors in both the test case and
+the validation logic. The test case was missing a trailing
+comma before the previous one, so we weren't testing the
+signature we thought we were.
+
+The validation logic was wrong because if the type was not valid,
+we'd drop through the entire if clause, and thus skip returning
+an error code, and accept the signature.
+---
+diff --git a/dbus/dbus-marshal-validate-util.c b/dbus/dbus-marshal-validate-util.c
+index 5365d6d..ac901c3 100644
+--- a/dbus/dbus-marshal-validate-util.c
++++ b/dbus/dbus-marshal-validate-util.c
+@@ -227,7 +227,7 @@ _dbus_marshal_validate_test (void)
+ "not a valid signature",
+ "123",
+ ".",
+- "("
++ "(",
+ "a{(ii)i}" /* https://bugs.freedesktop.org/show_bug.cgi?id=17803 */
+ };
+
+diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
+index 35998cb..ee95548 100644
+--- a/dbus/dbus-marshal-validate.c
++++ b/dbus/dbus-marshal-validate.c
+@@ -246,14 +246,15 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
+ }
+ }
+
+- if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&
+- _dbus_type_is_valid (*p) &&
+- !dbus_type_is_basic (*p))
++ if (last == DBUS_DICT_ENTRY_BEGIN_CHAR)
+ {
+- result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
+- goto out;
++ if (!(_dbus_type_is_valid (*p) && dbus_type_is_basic (*p)))
++ {
++ result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
++ goto out;
++ }
+ }
+-
++
+ last = *p;
+ ++p;
+ }
+--
+cgit v0.8.2
More information about the Pkg-utopia-commits
mailing list