The following commit has been merged in the master branch:
commit 4f8ddbd591f27e4690ab63e47f1e664249328b88
Author: Raphael Geissert <[email protected]>
Date: Wed Jan 20 02:26:29 2010 -0600
Fix CVE-2009-4014, format string vulnerabilities
Multiple check scripts and the Lintian::Schedule module were using
user-provided input as part of the sprintf/printf format string.
diff --git a/checks/control-files b/checks/control-files
index 33e0ad6..5a42c77 100644
--- a/checks/control-files
+++ b/checks/control-files
@@ -98,7 +98,7 @@ while (<IN>) {
# correct permissions?
unless ($operm == $ctrl{$file}) {
tag "control-file-has-bad-permissions",
- sprintf("$file %04o != %04o",$operm,$ctrl{$file});
+ sprintf("%s %04o != %04o",$file,$operm,$ctrl{$file});
}
# correct owner?
diff --git a/checks/files b/checks/files
index c9bc7a8..70b2cb8 100644
--- a/checks/files
+++ b/checks/files
@@ -230,12 +230,12 @@ foreach my $file (sort keys %{$info->index}) {
}
# ---------------- /etc/cron.d
elsif ($file =~ m,^etc/cron\.d/\S, and $operm != 0644) {
- tag "bad-permissions-for-etc-cron.d-script", sprintf("$file %04o !=
0644",$operm);
+ tag "bad-permissions-for-etc-cron.d-script", sprintf("%s %04o !=
0644",$file,$operm);
}
# ---------------- /etc/emacs.*
elsif ($file =~ m,^etc/emacs.*/\S, and $index_info->{type} =~ m,^[-h],
and $operm != 0644) {
- tag "bad-permissions-for-etc-emacs-script", sprintf("$file %04o !=
0644",$operm);
+ tag "bad-permissions-for-etc-emacs-script", sprintf("%s %04o !=
0644",$file,$operm);
}
# ---------------- /etc/gconf/schemas
elsif ($file =~ m,^etc/gconf/schemas/\S,) {
@@ -247,7 +247,7 @@ foreach my $file (sort keys %{$info->index}) {
and $operm != 0755
and $index_info->{type} =~ m,^[-h],) {
tag "non-standard-file-permissions-for-etc-init.d-script",
- sprintf("$file %04o != 0755",$operm);
+ sprintf("%s %04o != 0755",$file,$operm);
}
#----------------- /etc/ld.so.conf.d
elsif ($file =~ m,^etc/ld\.so\.conf\.d/(.+)$, and $pkg !~ /^libc/) {
@@ -849,11 +849,11 @@ foreach my $file (sort keys %{$info->index}) {
# Check for setuid and setgid that isn't expected.
if ($setuid and $setgid) {
- tag "setuid-gid-binary", $file, sprintf("%04o $owner",$operm);
+ tag "setuid-gid-binary", $file, sprintf("%04o
%s",$operm,$owner);
} elsif ($setuid) {
- tag "setuid-binary", $file, sprintf("%04o $owner",$operm);
+ tag "setuid-binary", $file, sprintf("%04o %s",$operm,$owner);
} elsif ($setgid) {
- tag "setgid-binary", $file, sprintf("%04o $owner",$operm);
+ tag "setgid-binary", $file, sprintf("%04o %s",$operm,$owner);
}
# Check for permission problems other than the setuid status.
diff --git a/checks/menu-format b/checks/menu-format
index b8b26cb..bbb4bc8 100644
--- a/checks/menu-format
+++ b/checks/menu-format
@@ -406,7 +406,7 @@ foreach my $file (sort keys %{$info->index}) {
$file =~ m,usr/share/applications/.*\.desktop$,) {
if ($operm & 0100 or $operm & 010 or $operm & 01) {
- tag "executable-desktop-file", sprintf("/$file %04o",$operm);
+ tag "executable-desktop-file", sprintf("/%s %04o",$file,$operm);
}
unless ($file =~ m,template,) {
push (@desktop_files, $file);
diff --git a/checks/menus b/checks/menus
index 7fc81f9..02bad35 100644
--- a/checks/menus
+++ b/checks/menus
@@ -100,7 +100,7 @@ for my $file (sort keys %{$info->index}) {
# menu file?
if ($file =~ m,^usr/(lib|share)/menu/\S,o) { # correct permissions?
if ($operm & 01 or $operm & 010 or $operm & 0100) {
- tag "executable-menu-file", sprintf("$file %04o",$operm);
+ tag "executable-menu-file", sprintf("%s %04o",$file,$operm);
}
next if $file =~ m,^usr/(lib|share)/menu/README$,;
diff --git a/lib/Lintian/Schedule.pm b/lib/Lintian/Schedule.pm
index 55244a6..39fa7bd 100644
--- a/lib/Lintian/Schedule.pm
+++ b/lib/Lintian/Schedule.pm
@@ -65,8 +65,9 @@ sub add_file {
if ( $self->{unique}{$s}++ ) {
if ($self->{opts}{verbose}) {
- printf "N: Ignoring duplicate %s package $pkg (version $ver)\n",
- $type eq 'b' ? 'binary' : ($type eq 's' ? 'source': 'udeb');
+ printf "N: Ignoring duplicate %s package %s (version %s)\n",
+ $type eq 'b' ? 'binary' : ($type eq 's' ? 'source': 'udeb'),
+ $pkg, $ver;
}
return 1;
}
--
Debian package checker
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
