Your message dated Mon, 15 Dec 2014 20:22:09 +0000
with message-id <[email protected]>
and subject line Re: Bug#773227: unblock: firebird2.5/2.5.3.26778.ds4-5
has caused the Debian Bug report #773227,
regarding unblock: firebird2.5/2.5.3.26778.ds4-5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773227: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773227
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package firebird2.5
Version 2.5.3.26778.ds4-5 fixes an unauthenticated remote server crash
(#772880). The fix is taken from upstream subversion commits.
firebird2.5 (2.5.3.26778.ds4-5) unstable; urgency=high
.
* Apply patch from upstream revision 60322 fixing server crash (NULL-pointer
dereference) with specially crafter service packet. Closes: #772880
Attached is the patch itself and debdiff since 2.5.3.26778.ds4-4 in jessie.
unblock firebird2.5/2.5.3.26778.ds4-5
Thanks,
dam
Description: Fix unauthenticated remote crash
Taken from upstream revision 60322
Origin: upstream; http://sourceforge.net/p/firebird/code/60322/
--- a/src/remote/protocol.cpp
+++ b/src/remote/protocol.cpp
@@ -398,6 +398,8 @@ bool_t xdr_protocol(XDR* xdrs, PACKET* p
MAP(xdr_short, reinterpret_cast<SSHORT&>(response->p_resp_object));
MAP(xdr_quad, response->p_resp_blob_id);
MAP(xdr_cstring, response->p_resp_data);
+ if (!response->p_resp_status_vector) // incorrectly called - packet not prepared
+ return P_FALSE(xdrs, p);
return xdr_status_vector(xdrs, response->p_resp_status_vector) ?
P_TRUE(xdrs, p) : P_FALSE(xdrs, p);
@@ -1652,9 +1654,12 @@ static bool_t xdr_status_vector(XDR* xdr
SLONG vec;
SCHAR* sp = NULL;
+ ISC_STATUS* const end = &vector[ISC_STATUS_LENGTH];
while (true)
{
+ if (vector >= end)
+ return FALSE;
if (xdrs->x_op == XDR_ENCODE)
vec = (SLONG) * vector++;
if (!xdr_long(xdrs, &vec))
@@ -1670,6 +1675,8 @@ static bool_t xdr_status_vector(XDR* xdr
case isc_arg_interpreted:
case isc_arg_string:
case isc_arg_sql_state:
+ if (vector >= end)
+ return FALSE;
if (xdrs->x_op == XDR_ENCODE)
{
if (!xdr_wrapstring(xdrs, reinterpret_cast<SCHAR**>(vector++)))
@@ -1700,6 +1707,8 @@ static bool_t xdr_status_vector(XDR* xdr
case isc_arg_number:
default:
+ if (vector >= end)
+ return FALSE;
if (xdrs->x_op == XDR_ENCODE)
vec = (SLONG) * vector++;
if (!xdr_long(xdrs, &vec))
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/changelog firebird2.5-2.5.3.26778.ds4/debian/changelog
--- firebird2.5-2.5.3.26778.ds4/debian/changelog 2014-11-14 23:09:51.000000000 +0200
+++ firebird2.5-2.5.3.26778.ds4/debian/changelog 2014-12-12 21:44:57.000000000 +0200
@@ -1,3 +1,10 @@
+firebird2.5 (2.5.3.26778.ds4-5) unstable; urgency=high
+
+ * Apply patch from upstream revision 60322 fixing server crash (NULL-pointer
+ dereference) with specially crafter service packet. Closes: #772880
+
+ -- Damyan Ivanov <[email protected]> Fri, 12 Dec 2014 19:38:13 +0000
+
firebird2.5 (2.5.3.26778.ds4-4) unstable; urgency=medium
* add patch from upstream adding proper support for ppc64el
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/patches/series firebird2.5-2.5.3.26778.ds4/debian/patches/series
--- firebird2.5-2.5.3.26778.ds4/debian/patches/series 2014-11-13 23:09:33.000000000 +0200
+++ firebird2.5-2.5.3.26778.ds4/debian/patches/series 2014-12-09 23:41:32.000000000 +0200
@@ -14,3 +14,4 @@
out/spelling.patch
out/fb_guard-lock-permissions.patch
upstream/r60194-60204-ppcel.patch
+upstream/r60322-remote-crash.patch
diff -Nru firebird2.5-2.5.3.26778.ds4/debian/patches/upstream/r60322-remote-crash.patch firebird2.5-2.5.3.26778.ds4/debian/patches/upstream/r60322-remote-crash.patch
--- firebird2.5-2.5.3.26778.ds4/debian/patches/upstream/r60322-remote-crash.patch 1970-01-01 02:00:00.000000000 +0200
+++ firebird2.5-2.5.3.26778.ds4/debian/patches/upstream/r60322-remote-crash.patch 2014-12-09 23:41:32.000000000 +0200
@@ -0,0 +1,46 @@
+Description: Fix unauthenticated remote crash
+ Taken from upstream revision 60322
+Origin: upstream; http://sourceforge.net/p/firebird/code/60322/
+
+--- a/src/remote/protocol.cpp
++++ b/src/remote/protocol.cpp
+@@ -398,6 +398,8 @@ bool_t xdr_protocol(XDR* xdrs, PACKET* p
+ MAP(xdr_short, reinterpret_cast<SSHORT&>(response->p_resp_object));
+ MAP(xdr_quad, response->p_resp_blob_id);
+ MAP(xdr_cstring, response->p_resp_data);
++ if (!response->p_resp_status_vector) // incorrectly called - packet not prepared
++ return P_FALSE(xdrs, p);
+ return xdr_status_vector(xdrs, response->p_resp_status_vector) ?
+ P_TRUE(xdrs, p) : P_FALSE(xdrs, p);
+
+@@ -1652,9 +1654,12 @@ static bool_t xdr_status_vector(XDR* xdr
+
+ SLONG vec;
+ SCHAR* sp = NULL;
++ ISC_STATUS* const end = &vector[ISC_STATUS_LENGTH];
+
+ while (true)
+ {
++ if (vector >= end)
++ return FALSE;
+ if (xdrs->x_op == XDR_ENCODE)
+ vec = (SLONG) * vector++;
+ if (!xdr_long(xdrs, &vec))
+@@ -1670,6 +1675,8 @@ static bool_t xdr_status_vector(XDR* xdr
+ case isc_arg_interpreted:
+ case isc_arg_string:
+ case isc_arg_sql_state:
++ if (vector >= end)
++ return FALSE;
+ if (xdrs->x_op == XDR_ENCODE)
+ {
+ if (!xdr_wrapstring(xdrs, reinterpret_cast<SCHAR**>(vector++)))
+@@ -1700,6 +1707,8 @@ static bool_t xdr_status_vector(XDR* xdr
+
+ case isc_arg_number:
+ default:
++ if (vector >= end)
++ return FALSE;
+ if (xdrs->x_op == XDR_ENCODE)
+ vec = (SLONG) * vector++;
+ if (!xdr_long(xdrs, &vec))
--- End Message ---
--- Begin Message ---
On Mon, 2014-12-15 at 20:07 +0000, Damyan Ivanov wrote:
> Please unblock package firebird2.5
-5 already migrated to testing last night. :-)
Regards,
Adam
--- End Message ---
