[pkg-wpa-devel] r1920 - in /wpa/tags/1.0-3+deb7u1/debian: ./ patches/ patches/CVE-2014-3686/

slh-guest at users.alioth.debian.org slh-guest at users.alioth.debian.org
Fri Oct 17 01:03:07 UTC 2014


Author: slh-guest
Date: Fri Oct 17 01:03:05 2014
New Revision: 1920

URL: http://svn.debian.org/wsvn/?sc=1&rev=1920
Log:
* Apply upstream patches for CVE-2014-3686 (Closes: #765352):
  - add os_exec() helper to run external programs
  - wpa_cli: Use os_exec() for action script execution
  - hostapd_cli: Use os_exec() for action script execution

Added:
    wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/
    wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0001-Add-os_exec-helper-to-run-external-programs.patch
    wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch
    wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0003-hostapd_cli-Use-os_exec-for-action-script-execution.patch
Modified:
    wpa/tags/1.0-3+deb7u1/debian/changelog
    wpa/tags/1.0-3+deb7u1/debian/patches/series

Modified: wpa/tags/1.0-3+deb7u1/debian/changelog
URL: http://svn.debian.org/wsvn/wpa/tags/1.0-3%2Bdeb7u1/debian/changelog?rev=1920&op=diff
==============================================================================
--- wpa/tags/1.0-3+deb7u1/debian/changelog	(original)
+++ wpa/tags/1.0-3+deb7u1/debian/changelog	Fri Oct 17 01:03:05 2014
@@ -1,3 +1,12 @@
+wpa (1.0-3+deb7u1) wheezy-security; urgency=high
+
+  * Apply upstream patches for CVE-2014-3686 (Closes: #765352):
+    - add os_exec() helper to run external programs
+    - wpa_cli: Use os_exec() for action script execution
+    - hostapd_cli: Use os_exec() for action script execution
+
+ -- Stefan Lippers-Hollmann <s.l-h at gmx.de>  Wed, 15 Oct 2014 23:32:54 +0200
+
 wpa (1.0-3) unstable; urgency=high
 
   * ship forgotten README-P2P.

Added: wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0001-Add-os_exec-helper-to-run-external-programs.patch
URL: http://svn.debian.org/wsvn/wpa/tags/1.0-3%2Bdeb7u1/debian/patches/CVE-2014-3686/0001-Add-os_exec-helper-to-run-external-programs.patch?rev=1920&op=file
==============================================================================
--- wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0001-Add-os_exec-helper-to-run-external-programs.patch	(added)
+++ wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0001-Add-os_exec-helper-to-run-external-programs.patch	Fri Oct 17 01:03:05 2014
@@ -0,0 +1,110 @@
+From 89de07a9442072f88d49869d8ecd8d42bae050a0 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni at qca.qualcomm.com>
+Date: Mon, 6 Oct 2014 16:27:44 +0300
+Subject: [PATCH 1/3] Add os_exec() helper to run external programs
+
+Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
+---
+ src/utils/os.h       |  9 +++++++++
+ src/utils/os_unix.c  | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ src/utils/os_win32.c |  6 ++++++
+ 3 files changed, 70 insertions(+)
+
+--- a/src/utils/os.h
++++ b/src/utils/os.h
+@@ -485,6 +485,15 @@ char * os_strdup(const char *s);
+  */
+ size_t os_strlcpy(char *dest, const char *src, size_t siz);
+ 
++/**
++ * os_exec - Execute an external program
++ * @program: Path to the program
++ * @arg: Command line argument string
++ * @wait_completion: Whether to wait until the program execution completes
++ * Returns: 0 on success, -1 on error
++ */
++int os_exec(const char *program, const char *arg, int wait_completion);
++
+ 
+ #ifdef OS_REJECT_C_LIB_FUNCTIONS
+ #define malloc OS_DO_NOT_USE_malloc
+--- a/src/utils/os_unix.c
++++ b/src/utils/os_unix.c
+@@ -15,6 +15,7 @@
+ #include "includes.h"
+ 
+ #include <time.h>
++#include <sys/wait.h>
+ 
+ #ifdef ANDROID
+ #include <linux/capability.h>
+@@ -492,3 +493,57 @@ char * os_strdup(const char *s)
+ }
+ 
+ #endif /* WPA_TRACE */
++
++
++int os_exec(const char *program, const char *arg, int wait_completion)
++{
++	pid_t pid;
++	int pid_status;
++
++	pid = fork();
++	if (pid < 0) {
++		perror("fork");
++		return -1;
++	}
++
++	if (pid == 0) {
++		/* run the external command in the child process */
++		const int MAX_ARG = 30;
++		char *_program, *_arg, *pos;
++		char *argv[MAX_ARG + 1];
++		int i;
++
++		_program = os_strdup(program);
++		_arg = os_strdup(arg);
++
++		argv[0] = _program;
++
++		i = 1;
++		pos = _arg;
++		while (i < MAX_ARG && pos && *pos) {
++			while (*pos == ' ')
++				pos++;
++			if (*pos == '\0')
++				break;
++			argv[i++] = pos;
++			pos = os_strchr(pos, ' ');
++			if (pos)
++				*pos++ = '\0';
++		}
++		argv[i] = NULL;
++
++		execv(program, argv);
++		perror("execv");
++		os_free(_program);
++		os_free(_arg);
++		exit(0);
++		return -1;
++	}
++
++	if (wait_completion) {
++		/* wait for the child process to complete in the parent */
++		waitpid(pid, &pid_status, 0);
++	}
++
++	return 0;
++}
+--- a/src/utils/os_win32.c
++++ b/src/utils/os_win32.c
+@@ -239,3 +239,9 @@ size_t os_strlcpy(char *dest, const char
+ 
+ 	return s - src - 1;
+ }
++
++
++int os_exec(const char *program, const char *arg, int wait_completion)
++{
++	return -1;
++}

Added: wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch
URL: http://svn.debian.org/wsvn/wpa/tags/1.0-3%2Bdeb7u1/debian/patches/CVE-2014-3686/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch?rev=1920&op=file
==============================================================================
--- wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch	(added)
+++ wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch	Fri Oct 17 01:03:05 2014
@@ -0,0 +1,54 @@
+From c5f258de76dbb67fb64beab39a99e5c5711f41fe Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni at qca.qualcomm.com>
+Date: Mon, 6 Oct 2014 17:25:52 +0300
+Subject: [PATCH 2/3] wpa_cli: Use os_exec() for action script execution
+
+Use os_exec() to run the action script operations to avoid undesired
+command line processing for control interface event strings. Previously,
+it could have been possible for some of the event strings to include
+unsanitized data which is not suitable for system() use. (CVE-2014-3686)
+
+Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
+---
+ wpa_supplicant/wpa_cli.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+--- a/wpa_supplicant/wpa_cli.c
++++ b/wpa_supplicant/wpa_cli.c
+@@ -3188,28 +3188,19 @@ static int str_match(const char *a, cons
+ static int wpa_cli_exec(const char *program, const char *arg1,
+ 			const char *arg2)
+ {
+-	char *cmd;
++	char *arg;
+ 	size_t len;
+ 	int res;
+-	int ret = 0;
+ 
+-	len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
+-	cmd = os_malloc(len);
+-	if (cmd == NULL)
++	len = os_strlen(arg1) + os_strlen(arg2) + 2;
++	arg = os_malloc(len);
++	if (arg == NULL)
+ 		return -1;
+-	res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
+-	if (res < 0 || (size_t) res >= len) {
+-		os_free(cmd);
+-		return -1;
+-	}
+-	cmd[len - 1] = '\0';
+-#ifndef _WIN32_WCE
+-	if (system(cmd) < 0)
+-		ret = -1;
+-#endif /* _WIN32_WCE */
+-	os_free(cmd);
++	os_snprintf(arg, len, "%s %s", arg1, arg2);
++	res = os_exec(program, arg, 1);
++	os_free(arg);
+ 
+-	return ret;
++	return res;
+ }
+ 
+ 

Added: wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0003-hostapd_cli-Use-os_exec-for-action-script-execution.patch
URL: http://svn.debian.org/wsvn/wpa/tags/1.0-3%2Bdeb7u1/debian/patches/CVE-2014-3686/0003-hostapd_cli-Use-os_exec-for-action-script-execution.patch?rev=1920&op=file
==============================================================================
--- wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0003-hostapd_cli-Use-os_exec-for-action-script-execution.patch	(added)
+++ wpa/tags/1.0-3+deb7u1/debian/patches/CVE-2014-3686/0003-hostapd_cli-Use-os_exec-for-action-script-execution.patch	Fri Oct 17 01:03:05 2014
@@ -0,0 +1,54 @@
+From 5d4fa2a29bef013e61185beb21a3ec110885eb9a Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni at qca.qualcomm.com>
+Date: Mon, 6 Oct 2014 18:49:01 +0300
+Subject: [PATCH 3/3] hostapd_cli: Use os_exec() for action script execution
+
+Use os_exec() to run the action script operations to avoid undesired
+command line processing for control interface event strings. Previously,
+it could have been possible for some of the event strings to include
+unsanitized data which is not suitable for system() use. (CVE-2014-3686)
+
+Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
+---
+ hostapd/hostapd_cli.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+--- a/hostapd/hostapd_cli.c
++++ b/hostapd/hostapd_cli.c
+@@ -239,28 +239,19 @@ static int hostapd_cli_cmd_mib(struct wp
+ static int hostapd_cli_exec(const char *program, const char *arg1,
+ 			    const char *arg2)
+ {
+-	char *cmd;
++	char *arg;
+ 	size_t len;
+ 	int res;
+-	int ret = 0;
+ 
+-	len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
+-	cmd = os_malloc(len);
+-	if (cmd == NULL)
++	len = os_strlen(arg1) + os_strlen(arg2) + 2;
++	arg = os_malloc(len);
++	if (arg == NULL)
+ 		return -1;
+-	res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
+-	if (res < 0 || (size_t) res >= len) {
+-		os_free(cmd);
+-		return -1;
+-	}
+-	cmd[len - 1] = '\0';
+-#ifndef _WIN32_WCE
+-	if (system(cmd) < 0)
+-		ret = -1;
+-#endif /* _WIN32_WCE */
+-	os_free(cmd);
++	os_snprintf(arg, len, "%s %s", arg1, arg2);
++	res = os_exec(program, arg, 1);
++	os_free(arg);
+ 
+-	return ret;
++	return res;
+ }
+ 
+ 

Modified: wpa/tags/1.0-3+deb7u1/debian/patches/series
URL: http://svn.debian.org/wsvn/wpa/tags/1.0-3%2Bdeb7u1/debian/patches/series?rev=1920&op=diff
==============================================================================
--- wpa/tags/1.0-3+deb7u1/debian/patches/series	(original)
+++ wpa/tags/1.0-3+deb7u1/debian/patches/series	Fri Oct 17 01:03:05 2014
@@ -7,3 +7,6 @@
 13_human_readable_signal.patch
 libnl3-includes.patch
 EAP-TLS-server_fix-TLS-Message-length-validation.patch
+CVE-2014-3686/0001-Add-os_exec-helper-to-run-external-programs.patch
+CVE-2014-3686/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch
+CVE-2014-3686/0003-hostapd_cli-Use-os_exec-for-action-script-execution.patch




More information about the Pkg-wpa-devel mailing list