Hello community, here is the log from the commit of package rrdtool for openSUSE:Factory checked in at 2014-12-06 13:45:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rrdtool (Old) and /work/SRC/openSUSE:Factory/.rrdtool.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rrdtool" Changes: -------- --- /work/SRC/openSUSE:Factory/rrdtool/rrdtool.changes 2014-11-24 11:16:00.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.rrdtool.new/rrdtool.changes 2014-12-06 13:45:18.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Dec 4 16:40:33 UTC 2014 - kstreit...@suse.com + +- add rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch that + adds check to the imginfo format to prevent crash or exploit + bnc#828003, CVE-2013-2131. + +------------------------------------------------------------------- New: ---- rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rrdtool.spec ++++++ --- /var/tmp/diff_new_pack.PU26sF/_old 2014-12-06 13:45:19.000000000 +0100 +++ /var/tmp/diff_new_pack.PU26sF/_new 2014-12-06 13:45:19.000000000 +0100 @@ -46,6 +46,8 @@ Patch1: rrdtool-lua-ruby_lib64.patch Patch2: rrdtool-tclversion.patch Patch3: rrdtool-tclsegfault.patch +# PATCH-FIX-UPSTREAM bnc#828003 kstreit...@suse.com -- adds check to the imginfo format to prevent crash or exploit +Patch4: rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch Source1: http://www.infodrom.org/projects/cgilib/download/cgilib-%{cgilib_version}.tar.gz Patch11: cgilib-fix_automake.patch #PATCH FIX UPSTREAM BNC#793636 @@ -154,6 +156,7 @@ %endif %patch2 %patch3 +%patch4 -p1 pushd "cgilib-%{cgilib_version}" %patch11 popd #cgilib ++++++ rrdtool-1.4.7-CVE-2013-2131-imginfo_format_check.patch ++++++ Index: rrdtool-1.4.7/src/rrd_graph.c =================================================================== --- rrdtool-1.4.7.orig/src/rrd_graph.c +++ rrdtool-1.4.7/src/rrd_graph.c @@ -4016,6 +4016,12 @@ rrd_info_t *rrd_graph_v( char *path; char *filename; + if (bad_format_imginfo(im.imginfo)) { + rrd_info_free(im.grinfo); + im_free(&im); + rrd_set_error("bad format for imginfo"); + return NULL; + } path = strdup(im.graphfile); filename = basename(path); info.u_str = @@ -4820,6 +4826,51 @@ int bad_format( } +int bad_format_imginfo( + char *fmt) +{ + char *ptr; + int n = 0; + + ptr = fmt; + while (*ptr != '\0') + if (*ptr++ == '%') { + + /* line cannot end with percent char */ + if (*ptr == '\0') + return 1; + /* '%%' is allowed */ + if (*ptr == '%') + ptr++; + /* '%s', '%S' are allowed */ + else if (*ptr == 's' || *ptr == 'S') { + n = 1; + ptr++; + } + + /* or else '% 4lu' and such are allowed */ + else { + /* optional padding character */ + if (*ptr == ' ') + ptr++; + /* This should take care of 'm' */ + while (*ptr >= '0' && *ptr <= '9') + ptr++; + /* 'lu' must follow here */ + if (*ptr++ != 'l') + return 1; + if (*ptr == 'u') + ptr++; + else + return 1; + n++; + } + } + + return (n != 3); +} + + int vdef_parse( struct graph_desc_t *gdes, -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org