Package: release.debian.org Severity: normal Tags: buster User: [email protected] Usertags: pu
Hi release team, The ros-ros-comm version in buster is affected affected by CVE-2019-13566 which was flagged no-dsa by the security team. I propose the attached patch to fix the issue. Would you be fine with me uploading it? The same patch (modulo the version number) applies to stretch as well. Can I upload it as well or do you want an extra ticket? Cheers Jochen -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.3.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog index 3f3bc57..02ec0a5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ros-ros-comm (1.14.3+ds1-5+deb10u1) stable; urgency=high + + * Add https://github.com/ros/ros_comm/pull/1771 (Fix CVE-2019-13566) + + -- Jochen Sprickerhof <[email protected]> Sun, 24 Nov 2019 17:06:34 +0100 + ros-ros-comm (1.14.3+ds1-5) unstable; urgency=medium * install ros/transport headers (LP: #1815896) diff --git a/debian/patches/0008-fixing-string-check.patch b/debian/patches/0008-fixing-string-check.patch new file mode 100644 index 0000000..513acfe --- /dev/null +++ b/debian/patches/0008-fixing-string-check.patch @@ -0,0 +1,65 @@ +From: Daniel Wang <[email protected]> +Date: Mon, 22 Jul 2019 15:47:21 -0700 +Subject: fixing string check + +Signed-off-by: Daniel Wang <[email protected]> +--- + clients/roscpp/src/libros/transport/transport_tcp.cpp | 8 ++++---- + clients/roscpp/src/libros/transport/transport_udp.cpp | 4 ++-- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/clients/roscpp/src/libros/transport/transport_tcp.cpp b/clients/roscpp/src/libros/transport/transport_tcp.cpp +index f33a355..ddc47f5 100644 +--- a/clients/roscpp/src/libros/transport/transport_tcp.cpp ++++ b/clients/roscpp/src/libros/transport/transport_tcp.cpp +@@ -276,7 +276,7 @@ bool TransportTCP::connect(const std::string& host, int port) + + bool found = false; + struct addrinfo* it = addr; +- char namebuf[128]; ++ char namebuf[128] = {}; + for (; it; it = it->ai_next) + { + if (!s_use_ipv6_ && it->ai_family == AF_INET) +@@ -288,7 +288,7 @@ bool TransportTCP::connect(const std::string& host, int port) + address->sin_family = it->ai_family; + address->sin_port = htons(port); + +- strcpy(namebuf, inet_ntoa(address->sin_addr)); ++ strncpy(namebuf, inet_ntoa(address->sin_addr), sizeof(namebuf)-1); + found = true; + break; + } +@@ -734,14 +734,14 @@ std::string TransportTCP::getClientURI() + sockaddr_in *sin = (sockaddr_in *)&sas; + sockaddr_in6 *sin6 = (sockaddr_in6 *)&sas; + +- char namebuf[128]; ++ char namebuf[128] = {}; + int port; + + switch (sas.ss_family) + { + case AF_INET: + port = ntohs(sin->sin_port); +- strcpy(namebuf, inet_ntoa(sin->sin_addr)); ++ strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1); + break; + case AF_INET6: + port = ntohs(sin6->sin6_port); +diff --git a/clients/roscpp/src/libros/transport/transport_udp.cpp b/clients/roscpp/src/libros/transport/transport_udp.cpp +index 47d969e..45f817e 100644 +--- a/clients/roscpp/src/libros/transport/transport_udp.cpp ++++ b/clients/roscpp/src/libros/transport/transport_udp.cpp +@@ -710,9 +710,9 @@ std::string TransportUDP::getClientURI() + + sockaddr_in *sin = (sockaddr_in *)&sas; + +- char namebuf[128]; ++ char namebuf[128] = {}; + int port = ntohs(sin->sin_port); +- strcpy(namebuf, inet_ntoa(sin->sin_addr)); ++ strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1); + + std::string ip = namebuf; + std::stringstream uri; diff --git a/debian/patches/series b/debian/patches/series index 6e4e210..19f293d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,3 +5,4 @@ 0005-Add-defaults-to-roswtf.patch 0006-Use-system-libb64.patch 0007-Build-Python-3-version-of-roslz4.patch +0008-fixing-string-check.patch
