Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading (NMU 1.6.0-19.1)

[Jari Aalto]

> [julien] This patch is broken.  There's a superfluous `:' after 
> /usr/lib/debug.
> [jari] There is bigger problem with "::"

New is new proposed NMU to address the security issue better.

Jari


diffstat for vdr_1.6.0-19 vdr_1.6.0-19.1

 changelog   |   11 ++++++++++-
 vdrleaktest |   15 ++++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff -u vdr-1.6.0/debian/changelog vdr-1.6.0/debian/changelog
--- vdr-1.6.0/debian/changelog
+++ vdr-1.6.0/debian/changelog
@@ -1,3 +1,12 @@
+vdr (1.6.0-19.1) unstable; urgency=low
+
+  * debian/vdrleaktest
+   - Remove extra colon from LD_LIBRARY_PATH and improve security
+     by cleaning LD_LIBRARY_PATH with new function Pathclean().
+     (normal, security, reopened; Closes: #598308).
+
+ -- Jari Aalto <jari.aa...@cante.net>  Mon, 18 Oct 2010 13:37:36 +0300
+
 vdr (1.6.0-19) unstable; urgency=low
 
   * Fixed DEB_BUILD_OPTIONS export in in vdrdbg-buildpackage
@@ -8,7 +17,7 @@
 vdr (1.6.0-18.1) unstable; urgency=low
 
   * debian/vdrleaktest
-    - Asjust LD_LIBRARY_PATH use according to CVE-2010-3387.
+    - Adjust LD_LIBRARY_PATH use according to CVE-2010-3387.
       (normal, security; Closes: #598308).
 
  -- Jari Aalto <jari.aa...@cante.net>  Sat, 16 Oct 2010 20:59:56 +0300
diff -u vdr-1.6.0/debian/vdrleaktest vdr-1.6.0/debian/vdrleaktest
--- vdr-1.6.0/debian/vdrleaktest
+++ vdr-1.6.0/debian/vdrleaktest
@@ -33,6 +33,16 @@
     cat "$0" | grep "$HELPCOMMENTPATTERN" | sed "s/$HELPCOMMENTPATTERN//"
 }
 
+Pathclean()
+{
+   # Vulnerability fix for insecure library loading
+   # Make sure "::", "^:" or ":$" is not left in path arg $1
+
+   local tmp123xyz
+   tmp123xyz=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
+
+   [ "$tmp123xyz" ] && echo "$tmp"
+}
 
 while getopts h opt
 do
@@ -65,7 +75,10 @@
 
 /etc/init.d/vdr stop
 
-LANG=C LD_LIBRARY_PATH="/usr/lib/debug:${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" \
+LD_LIBRARY_PATH="/usr/lib/debug${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+LD_LIBRARY_PATH=$(Pathclean "$LD_LIBRARY_PATH")
+
+LANG=C LD_LIBRARY_PATH="$LD_LIBRARY_PATH" \
    valgrind --tool=memcheck --leak-check=yes --num-callers=20 \
    --suppressions=/usr/share/vdr/valgrind.supp \
    /usr/bin/vdr-dbg -v $VIDEO_DIR -c $CFG_DIR -L $PLUGIN_DIR  -r $REC_CMD \