[MediaWiki-commits] [Gerrit] Add patch for CVE-2013-4090 - change (operations...varnish)

Mark Bergsma (Code Review) Tue, 11 Jun 2013 08:05:43 -0700

Mark Bergsma has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/67996



Change subject: Add patch for CVE-2013-4090
......................................................................

Add patch for CVE-2013-4090

Change-Id: I71d317a427b03e43941805a0f171d91816a5fcc1
---
A debian/patches/0010-libvcl-CVE-2013-4090.patch
M debian/patches/series
2 files changed, 27 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/debs/varnish 
refs/changes/96/67996/1

diff --git a/debian/patches/0010-libvcl-CVE-2013-4090.patch 
b/debian/patches/0010-libvcl-CVE-2013-4090.patch
new file mode 100644
index 0000000..68191c0
--- /dev/null
+++ b/debian/patches/0010-libvcl-CVE-2013-4090.patch
@@ -0,0 +1,26 @@
+diff --git a/lib/libvcl/vcc_acl.c b/lib/libvcl/vcc_acl.c
+index 3e5ac6c..fa78dab 100644
+--- a/lib/libvcl/vcc_acl.c
++++ b/lib/libvcl/vcc_acl.c
+@@ -383,7 +383,7 @@ vcc_acl_emit(const struct vcc *tl, const char *acln, int 
anon)
+       VTAILQ_FOREACH(ae, &tl->acl, list) {
+ 
+               /* Find how much common prefix we have */
+-              for (l = 0; l <= depth && l * 8 < ae->mask; l++) {
++              for (l = 0; l <= depth && l * 8 < ae->mask - 7; l++) {
+                       assert(l >= 0);
+                       if (ae->data[l] != at[l])
+                               break;
+@@ -394,11 +394,11 @@ vcc_acl_emit(const struct vcc *tl, const char *acln, int 
anon)
+               while (l <= depth) {
+                       Fh(tl, 0, "\t%*s}\n", -depth, "");
+                       depth--;
+-                      oc = "else ";
+               }
+ 
+               m = ae->mask;
+               m -= l * 8;
++              assert(m >= 0);
+ 
+               /* Do whole byte compares */
+               for (i = l; m >= 8; m -= 8, i++) {
diff --git a/debian/patches/series b/debian/patches/series
index 29bf3cb..f64671d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+0010-libvcl-CVE-2013-4090.patch
 0010-varnishd-cache_dir_chash.patch
 0010-varnishncsa-udplog.patch
 0010-varnishd-streaming-range.patch

-- 
To view, visit https://gerrit.wikimedia.org/r/67996
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I71d317a427b03e43941805a0f171d91816a5fcc1
Gerrit-PatchSet: 1
Gerrit-Project: operations/debs/varnish
Gerrit-Branch: testing/3.0.3plus-rc1
Gerrit-Owner: Mark Bergsma <m...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Add patch for CVE-2013-4090 - change (operations...varnish)

Reply via email to