Package: openslp-dfsg
Version: 1.2.1-7.8
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu natty ubuntu-patch
*** /tmp/tmpokF8Uc
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service via circular reference
- debian/patches/CVE-2010-3609.patch: detect circular reference in
common/slp_message.c. Patch thanks to SUSE.
- CVE-2010-3609
* debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in
debian/patches actually get applied.
* debian/patches/series: disable 01_have_net_if_arp.diff and
99_autoreconf.diff since they had never been applied.
Thanks for considering the patch.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-7-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u openslp-dfsg-1.2.1/debian/changelog openslp-dfsg-1.2.1/debian/changelog
diff -u openslp-dfsg-1.2.1/debian/rules openslp-dfsg-1.2.1/debian/rules
--- openslp-dfsg-1.2.1/debian/rules
+++ openslp-dfsg-1.2.1/debian/rules
@@ -26,6 +26,7 @@
dh_testdir
cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub .
+ dh_quilt_patch
touch Makefile.in # work around patch timestamp problems
./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \
--prefix=/usr --mandir=\$${prefix}/share/man \
@@ -42,6 +43,7 @@
# Clean up after the build process.
[ ! -f Makefile ] || $(MAKE) clean
+ dh_quilt_unpatch
rm -f build-stamp config.status debian/substvars debian/conffiles
rm -f config.guess config.sub
diff -u openslp-dfsg-1.2.1/debian/patches/series openslp-dfsg-1.2.1/debian/patches/series
--- openslp-dfsg-1.2.1/debian/patches/series
+++ openslp-dfsg-1.2.1/debian/patches/series
@@ -1,2 +1,3 @@
-01_have_net_if_arp.diff
-99_autoreconf.diff
+#01_have_net_if_arp.diff
+#99_autoreconf.diff
+CVE-2010-3609.patch
only in patch2:
unchanged:
--- openslp-dfsg-1.2.1.orig/debian/patches/CVE-2010-3609.patch
+++ openslp-dfsg-1.2.1/debian/patches/CVE-2010-3609.patch
@@ -0,0 +1,27 @@
+Description: fix denial of service via circular reference
+Origin: vendor, https://build.opensuse.org/package/view_file?file=openslp.parseext.diff&package=openslp&project=openSUSE%3A11.4&srcmd5=38039c725b8a6c1e0cdd4efdffa8bcc8
+
+Index: openslp-dfsg-1.2.1/common/slp_message.c
+===================================================================
+--- openslp-dfsg-1.2.1.orig/common/slp_message.c 2011-04-05 14:29:12.063825536 -0400
++++ openslp-dfsg-1.2.1/common/slp_message.c 2011-04-05 14:29:25.203825532 -0400
+@@ -872,10 +872,19 @@
+ int extid;
+ int nextoffset;
+ int result = SLP_ERROR_OK;
++ int bufsz = (int)(buffer->end - buffer->start);
+
+ nextoffset = message->header.extoffset;
+ while(nextoffset)
+ {
++ /* check for circular reference in list
++ * if the size gets below zero, we know we're
++ * reprocessing extensions in a loop.
++ */
++ bufsz -= 5;
++ if (bufsz <= 0)
++ return SLP_ERROR_PARSE_ERROR;
++
+ buffer->curpos = buffer->start + nextoffset;
+ if(buffer->curpos + 5 >= buffer->end)
+ {
