reopen 598286
tags 598286 + patch
thanks

>The full code of ./cowbell.in reads:
>
>     1  #!/bin/sh
>     2
>     3  libdir="@prefix@/lib/cowbell"
>     4  export LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}

Uhm, there are more problems that met the eye at first glance:

    (
        libdir="/usr/lib/cowbell"
        LD_LIBRARY_PATH="::"
        LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
        echo $LD_LIBRARY_PATH
    )

    # => /usr/lib/cowbell:::

Proposed NMU follows.

Jari

diffstat for cowbell_0.2.7.1-5 cowbell_0.2.7.1-5.1

 cowbell-0.2.7.1/debian/changelog                 |   12 +++++
 debian/patches/10_CVE_2010_3353__bug598286.patch |   47 +++++++++++++++++++++++
 2 files changed, 59 insertions(+)

diff -u cowbell-0.2.7.1/debian/changelog cowbell-0.2.7.1/debian/changelog
--- cowbell-0.2.7.1/debian/changelog
+++ cowbell-0.2.7.1/debian/changelog
@@ -1,3 +1,15 @@
+cowbell (0.2.7.1-5.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+    - Move to packaging format "3.0 (quilt)" due to patch.
+  * debian/patches
+    - (Number 10): New patch. Fix CVE-2010-3353 insecure library loading.
+      (important, security; Closes: #598286).
+  * debian/source/format
+   - New file.
+
+ -- Jari Aalto <[email protected]>  Mon, 18 Oct 2010 11:59:30 +0300
+
 cowbell (0.2.7.1-5) unstable; urgency=low
 
   * debian/control:
only in patch2:
unchanged:
--- cowbell-0.2.7.1.orig/debian/patches/10_CVE_2010_3353__bug598286.patch
+++ cowbell-0.2.7.1/debian/patches/10_CVE_2010_3353__bug598286.patch
@@ -0,0 +1,47 @@
+From b0e48de8c9a9ca853eab1a5bf5b90651eb28a10e Mon Sep 17 00:00:00 2001
+From: Jari Aalto <[email protected]>
+Date: Mon, 18 Oct 2010 11:54:16 +0300
+Subject: [PATCH] CVE-2010-3353 insecure library loading Bug#598286
+Organization: Private
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Jari Aalto <[email protected]>
+---
+ cowbell.in |   17 ++++++++++++++++-
+ 1 files changed, 16 insertions(+), 1 deletions(-)
+ mode change 100644 => 100755 cowbell.in
+
+diff --git a/cowbell.in b/cowbell.in
+old mode 100644
+new mode 100755
+index 0e68ebc..0274cc8
+--- a/cowbell.in
++++ b/cowbell.in
+@@ -1,7 +1,22 @@
+ #!/bin/sh
+ 
++
++Pathclean ()
++{
++   # Vulnerability fix for insecure library loading
++   # Make sure "::", "^:" or ":$" is not left in path arg $1
++
++   local tmp123xyz
++   tmp123xyz=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
++
++   [ "$tmp123xyz" ] && echo "$tmp"
++}
++
+ libdir="@prefix@/lib/cowbell"
+-export LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
++
++LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++LD_LIBRARY_PATH=$(Pathclean "$LD_LIBRARY_PATH")
++export LD_LIBRARY_PATH
+ 
+ if [ -e ./@dll@ ] && [ -e ./Makefile.am ]; then
+ 	echo "*** Running uninstalled @dll@ ***"
+-- 
+1.7.1
+

Reply via email to