tags 359745 patch thanks Hello,
Attached is a patch fixing this attack. This patch should be reviewed, of course. I tested it quickly and it seems to work fine. Cheers, -- Julien Danjou .''`. Debian Developer : :' : http://julien.danjou.info `. `' http://people.debian.org/~acid `- 9A0D 5FD9 EB42 22F6 8974 C95C A462 B51E C2FE E5CD
diff -ur webalizer-2.01.10/graphs.c webalizer-2.01.10.jd/graphs.c
--- webalizer-2.01.10/graphs.c 2006-04-20 18:08:18.000000000 +0200
+++ webalizer-2.01.10.jd/graphs.c 2006-04-20 18:03:35.000000000 +0200
@@ -30,6 +30,8 @@
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
+#include <unistd.h>
+#include <sys/stat.h>
#include <gd.h>
#include <gdfontt.h>
#include <gdfonts.h>
@@ -69,6 +71,7 @@
gdImagePtr im; /* image buffer */
FILE *out; /* output file for PNG */
+struct stat out_stat; /* stat struct for PNG */
char maxvaltxt[32]; /* graph values */
float percent; /* percent storage */
u_long julday; /* julday value */
@@ -275,6 +278,18 @@
gdImageRectangle(im, x1, y1, x2, 232, black);
}
+ /* stat the file */
+ if ( !(lstat(fname, &out_stat)) )
+ {
+ /* check if the file a symlink */
+ if ( S_ISLNK(out_stat.st_mode) )
+ {
+ if (verbose)
+ fprintf(stderr,"%s %s!\n",_("Error: File is a symlink"),fname);
+ return;
+ }
+ }
+
/* save png image */
if ((out = fopen(fname, "wb")) != NULL)
{
@@ -589,6 +604,18 @@
gdImageRectangle(im, x1, y1, x2, 232, black);
}
+ /* stat the file */
+ if ( !(lstat(fname, &out_stat)) )
+ {
+ /* check if the file a symlink */
+ if ( S_ISLNK(out_stat.st_mode) )
+ {
+ if (verbose)
+ fprintf(stderr,"%s %s!\n",_("Error: File is a symlink"),fname);
+ return(1);
+ }
+ }
+
/* save as png file */
if ( (out = fopen(fname, "wb")) != NULL)
{
@@ -674,6 +701,18 @@
gdImageString(im,gdFontMediumBold, x, y, buffer, white);
}
+ /* stat the file */
+ if ( !(lstat(fname, &out_stat)) )
+ {
+ /* check if the file a symlink */
+ if ( S_ISLNK(out_stat.st_mode) )
+ {
+ if (verbose)
+ fprintf(stderr,"%s %s!\n",_("Error: File is a symlink"),fname);
+ return;
+ }
+ }
+
/* save png image */
if ((out = fopen(fname, "wb")) != NULL)
{
diff -ur webalizer-2.01.10/output.c webalizer-2.01.10.jd/output.c
--- webalizer-2.01.10/output.c 2006-04-20 18:08:18.000000000 +0200
+++ webalizer-2.01.10.jd/output.c 2006-04-20 18:00:12.000000000 +0200
@@ -38,6 +38,8 @@
#include <ctype.h>
#include <sys/utsname.h>
#include <sys/times.h>
+#include <sys/types.h>
+#include <sys/stat.h>
/* ensure getopt */
#ifdef HAVE_GETOPT_H
@@ -2359,7 +2361,7 @@
/* now do html stuff... */
snprintf(index_fname,sizeof(index_fname),"index.%s",html_ext);
- if ( (out_fp=fopen(index_fname,"w")) == NULL)
+ if ( (out_fp=open_out_file(index_fname)) == NULL)
{
if (verbose)
fprintf(stderr,"%s %s!\n",_("Error: Unable to open file"),index_fname);
@@ -2755,8 +2757,21 @@
FILE *open_out_file(char *filename)
{
+ struct stat out_stat;
FILE *out_fp;
+ /* stat the file */
+ if ( !(lstat(filename, &out_stat)) )
+ {
+ /* check if the file a symlink */
+ if ( S_ISLNK(out_stat.st_mode) )
+ {
+ if (verbose)
+ fprintf(stderr,"%s %s!\n",_("Error: File is a symlink"),filename);
+ return NULL;
+ }
+ }
+
/* open the file... */
if ( (out_fp=fopen(filename,"w")) == NULL)
{
diff -ur webalizer-2.01.10/preserve.c webalizer-2.01.10.jd/preserve.c
--- webalizer-2.01.10/preserve.c 2006-04-20 18:08:18.000000000 +0200
+++ webalizer-2.01.10.jd/preserve.c 2006-04-20 18:03:00.000000000 +0200
@@ -38,6 +38,8 @@
#include <ctype.h>
#include <sys/utsname.h>
#include <sys/times.h>
+#include <sys/types.h>
+#include <sys/stat.h>
/* ensure getopt */
#ifdef HAVE_GETOPT_H
@@ -141,6 +143,19 @@
{
int i;
FILE *hist_fp;
+ struct stat hist_stat;
+
+ /* stat the file */
+ if ( !(lstat(hist_fname, &hist_stat)) )
+ {
+ /* check if the file a symlink */
+ if ( S_ISLNK(hist_stat.st_mode) )
+ {
+ if (verbose)
+ fprintf(stderr,"%s %s!\n",_("Error: File is a symlink"),hist_fname);
+ return;
+ }
+ }
hist_fp = fopen(hist_fname,"w");
@@ -186,9 +201,22 @@
FILE *fp;
int i;
+ struct stat state_stat;
char buffer[BUFSIZE];
+ /* stat the file */
+ if ( !(lstat(state_fname, &state_stat)) )
+ {
+ /* check if the file a symlink */
+ if ( S_ISLNK(state_stat.st_mode) )
+ {
+ if (verbose)
+ fprintf(stderr,"%s %s!\n",_("Error: File is a symlink"),state_fname);
+ return NULL;
+ }
+ }
+
/* Open data file for write */
fp=fopen(state_fname,"w");
if (fp==NULL) return 1;
diff -ur webalizer-2.01.10/webalizer.c webalizer-2.01.10.jd/webalizer.c
--- webalizer-2.01.10/webalizer.c 2006-04-20 18:08:18.000000000 +0200
+++ webalizer-2.01.10.jd/webalizer.c 2006-04-20 18:02:34.000000000 +0200
@@ -38,6 +38,8 @@
#include <ctype.h>
#include <sys/utsname.h>
#include <sys/times.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#include <zlib.h>
/* ensure getopt */
@@ -260,6 +262,7 @@
"apr", "may", "jun",
"jul", "aug", "sep",
"oct", "nov", "dec"};
+ struct stat log_stat;
current_locale = setlocale (LC_ALL, "");
bindtextdomain ("webalizer", DATADIR"/locale");
@@ -417,9 +420,22 @@
}
#endif /* USE_DNS */
+
/* open log file */
if (gz_log)
{
+ /* stat the file */
+ if ( !(lstat(log_fname, &log_stat)) )
+ {
+ /* check if the file a symlink */
+ if ( S_ISLNK(log_stat.st_mode) )
+ {
+ if (verbose)
+ fprintf(stderr,"%s %s!\n",_("Error: File is a symlink"),log_fname);
+ return;
+ }
+ }
+
gzlog_fp = gzopen(log_fname,"rb");
if (gzlog_fp==Z_NULL)
{
Only in webalizer-2.01.10: webalizer_lang.h
signature.asc
Description: Digital signature
