Hello community, here is the log from the commit of package znc for openSUSE:Factory checked in at 2019-03-26 22:33:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/znc (Old) and /work/SRC/openSUSE:Factory/.znc.new.25356 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "znc" Tue Mar 26 22:33:09 2019 rev:17 rq:688197 version:1.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/znc/znc.changes 2019-02-24 17:10:43.956500441 +0100 +++ /work/SRC/openSUSE:Factory/.znc.new.25356/znc.changes 2019-03-26 22:33:33.697689288 +0100 @@ -1,0 +2,6 @@ +Mon Mar 25 11:06:56 UTC 2019 - Martin Pluskal <[email protected]> + +- Fix boo#1130360 CVE-2019-9917 + * znc-CVE-2019-9917.patch + +------------------------------------------------------------------- New: ---- znc-CVE-2019-9917.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ znc.spec ++++++ --- /var/tmp/diff_new_pack.2bSoxW/_old 2019-03-26 22:33:34.381689123 +0100 +++ /var/tmp/diff_new_pack.2bSoxW/_new 2019-03-26 22:33:34.385689122 +0100 @@ -1,7 +1,7 @@ # # spec file for package znc # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -26,6 +26,8 @@ Source0: https://znc.in/releases/%{name}-%{version}.tar.gz Source1: https://znc.in/releases/%{name}-%{version}.tar.gz.sig Source2: %{name}.keyring +# PATCH-FIX-UPSTREAM znc-CVE-2019-9917.patch boo#1130360 +Patch0: znc-CVE-2019-9917.patch BuildRequires: cmake >= 3.1 BuildRequires: fdupes BuildRequires: gcc-c++ @@ -110,6 +112,7 @@ %prep %setup -q +%patch0 -p1 %build %cmake \ ++++++ znc-CVE-2019-9917.patch ++++++ >From 64613bc8b6b4adf1e32231f9844d99cd512b8973 Mon Sep 17 00:00:00 2001 From: Alexey Sokolov <[email protected]> Date: Fri, 15 Mar 2019 20:34:10 +0000 Subject: [PATCH] Don't crash if user specified invalid encoding. This is CVE-2019-9917 --- modules/controlpanel.cpp | 2 +- src/IRCNetwork.cpp | 4 ++-- src/User.cpp | 4 ++-- src/znc.cpp | 26 ++++++++++++++++++++++---- test/integration/tests/scripting.cpp | 7 +++++++ 5 files changed, 34 insertions(+), 9 deletions(-) diff --git a/modules/controlpanel.cpp b/modules/controlpanel.cpp index 139c2aefa..109f8c6b0 100644 --- a/modules/controlpanel.cpp +++ b/modules/controlpanel.cpp @@ -495,7 +495,7 @@ class CAdminMod : public CModule { #ifdef HAVE_ICU else if (sVar == "clientencoding") { pUser->SetClientEncoding(sValue); - PutModule("ClientEncoding = " + sValue); + PutModule("ClientEncoding = " + pUser->GetClientEncoding()); } #endif else diff --git a/src/IRCNetwork.cpp b/src/IRCNetwork.cpp index 0284dc53e..0e1d6e2a3 100644 --- a/src/IRCNetwork.cpp +++ b/src/IRCNetwork.cpp @@ -1482,9 +1482,9 @@ void CIRCNetwork::SetBindHost(const CString& s) { } void CIRCNetwork::SetEncoding(const CString& s) { - m_sEncoding = s; + m_sEncoding = CZNC::Get().FixupEncoding(s); if (GetIRCSock()) { - GetIRCSock()->SetEncoding(s); + GetIRCSock()->SetEncoding(m_sEncoding); } } diff --git a/src/User.cpp b/src/User.cpp index 3fd532a7c..c44cf6070 100644 --- a/src/User.cpp +++ b/src/User.cpp @@ -1253,9 +1253,9 @@ void CUser::SetAdmin(bool b) { m_bAdmin = b; } void CUser::SetDenySetBindHost(bool b) { m_bDenySetBindHost = b; } void CUser::SetDefaultChanModes(const CString& s) { m_sDefaultChanModes = s; } void CUser::SetClientEncoding(const CString& s) { - m_sClientEncoding = s; + m_sClientEncoding = CZNC::Get().FixupEncoding(s); for (CClient* pClient : GetAllClients()) { - pClient->SetEncoding(s); + pClient->SetEncoding(m_sClientEncoding); } } void CUser::SetQuitMsg(const CString& s) { m_sQuitMsg = s; } diff --git a/src/znc.cpp b/src/znc.cpp index 4e7216ee1..3f4dd2e07 100644 --- a/src/znc.cpp +++ b/src/znc.cpp @@ -2092,18 +2092,36 @@ void CZNC::ForceEncoding() { m_uiForceEncoding++; #ifdef HAVE_ICU for (Csock* pSock : GetManager()) { - if (pSock->GetEncoding().empty()) { - pSock->SetEncoding("UTF-8"); - } + pSock->SetEncoding(FixupEncoding(pSock->GetEncoding())); } #endif } void CZNC::UnforceEncoding() { m_uiForceEncoding--; } bool CZNC::IsForcingEncoding() const { return m_uiForceEncoding; } CString CZNC::FixupEncoding(const CString& sEncoding) const { - if (sEncoding.empty() && m_uiForceEncoding) { + if (!m_uiForceEncoding) { + return sEncoding; + } + if (sEncoding.empty()) { + return "UTF-8"; + } + const char* sRealEncoding = sEncoding.c_str(); + if (sEncoding[0] == '*' || sEncoding[0] == '^') { + sRealEncoding++; + } + if (!*sRealEncoding) { return "UTF-8"; } +#ifdef HAVE_ICU + UErrorCode e = U_ZERO_ERROR; + UConverter* cnv = ucnv_open(sRealEncoding, &e); + if (cnv) { + ucnv_close(cnv); + } + if (U_FAILURE(e)) { + return "UTF-8"; + } +#endif return sEncoding; } diff --git a/test/integration/tests/scripting.cpp b/test/integration/tests/scripting.cpp index 9dd68d8fa..8f809f50c 100644 --- a/test/integration/tests/scripting.cpp +++ b/test/integration/tests/scripting.cpp @@ -55,6 +55,13 @@ TEST_F(ZNCTest, Modpython) { ircd.Write(":n!u@h PRIVMSG nick :Hi\xF0, github issue #1229"); // "replacement character" client.ReadUntil("Hi\xEF\xBF\xBD, github issue"); + + // Non-existing encoding + client.Write("PRIVMSG *controlpanel :Set ClientEncoding $me Western"); + client.Write("JOIN #a\342"); + client.ReadUntil( + ":*[email protected] PRIVMSG nick :ClientEncoding = UTF-8"); + ircd.ReadUntil("JOIN #a\xEF\xBF\xBD"); } TEST_F(ZNCTest, ModpythonSocket) {
