[oe-commits] Holger Hans Peter Freyther : gftp: Address multiple flaws by taking the gentoo patch
git version control
git at git.openembedded.org
Tue Mar 16 06:14:38 UTC 2010
Module: openembedded.git
Branch: org.openembedded.dev
Commit: dbe7a1085f23c0737bc7d690e929e9ed63d3a4fa
URL: http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=dbe7a1085f23c0737bc7d690e929e9ed63d3a4fa
Author: Holger Hans Peter Freyther <zecke at selfish.org>
Date: Tue Mar 16 13:48:44 2010 +0800
gftp: Address multiple flaws by taking the gentoo patch
Addresses CVE-2007-3961, CVE-2007-3962
---
recipes/gftp/gftp/gftp-2.0.18-188252.patch | 77 ++++++++++++++++++++++++++++
recipes/gftp/gftp_2.0.18.bb | 5 +-
2 files changed, 80 insertions(+), 2 deletions(-)
diff --git a/recipes/gftp/gftp/gftp-2.0.18-188252.patch b/recipes/gftp/gftp/gftp-2.0.18-188252.patch
new file mode 100644
index 0000000..27b3d48
--- /dev/null
+++ b/recipes/gftp/gftp/gftp-2.0.18-188252.patch
@@ -0,0 +1,77 @@
+Gentoo patch from http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/net-ftp/gftp/files/gftp-2.0.18-188252.patch?rev=1.1
+
+addresses: CVE-2007-3961, CVE-2007-3962
+
+diff --exclude-from=/home/dang/.scripts/diffrc -up -bruN gftp-2.0.18.orig/lib/fsplib/fsplib.c gftp-2.0.18/lib/fsplib/fsplib.c
+--- gftp-2.0.18.orig/lib/fsplib/fsplib.c 2005-01-18 21:03:45.000000000 -0500
++++ gftp-2.0.18/lib/fsplib/fsplib.c 2007-09-21 16:03:01.000000000 -0400
+@@ -612,7 +612,7 @@ int fsp_readdir_r(FSP_DIR *dir,struct di
+ entry->d_reclen = fentry.reclen;
+ strncpy(entry->d_name,fentry.name,MAXNAMLEN);
+
+- if (fentry.namlen > MAXNAMLEN)
++ if (fentry.namlen >= MAXNAMLEN)
+ {
+ entry->d_name[MAXNAMLEN + 1 ] = '\0';
+ #ifdef HAVE_NAMLEN
+@@ -680,9 +680,19 @@ int fsp_readdir_native(FSP_DIR *dir,FSP_
+ /* skip file date and file size */
+ dir->dirpos += 9;
+ /* read file name */
+- entry->name[255 + 1] = '\0';
++ entry->name[255] = '\0';
+ strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN);
++ /* check for ASCIIZ encoded filename */
++ if (memchr(dir->data + dir->dirpos,0,dir->datasize - dir->dirpos) != NULL)
++ {
+ namelen = strlen( (char *) dir->data+dir->dirpos);
++ }
++ else
++ {
++ /* \0 terminator not found at end of filename */
++ *result = NULL;
++ return 0;
++ }
+ /* skip over file name */
+ dir->dirpos += namelen +1;
+
+@@ -709,12 +719,12 @@ int fsp_readdir_native(FSP_DIR *dir,FSP_
+
+ struct dirent * fsp_readdir(FSP_DIR *dirp)
+ {
+- static struct dirent entry;
++ static dirent_workaround entry;
+ struct dirent *result;
+
+
+ if (dirp == NULL) return NULL;
+- if ( fsp_readdir_r(dirp,&entry,&result) )
++ if ( fsp_readdir_r(dirp,&entry.dirent,&result) )
+ return NULL;
+ else
+ return result;
+diff --exclude-from=/home/dang/.scripts/diffrc -up -bruN gftp-2.0.18.orig/lib/fsplib/fsplib.h gftp-2.0.18/lib/fsplib/fsplib.h
+--- gftp-2.0.18.orig/lib/fsplib/fsplib.h 2005-01-18 21:04:02.000000000 -0500
++++ gftp-2.0.18/lib/fsplib/fsplib.h 2007-09-21 15:56:37.000000000 -0400
+@@ -1,6 +1,8 @@
+ #ifndef _FSPLIB_H
+ #define _FSPLIB_H 1
+ #include <time.h>
++#include <stddef.h>
++
+ /* The FSP v2 protocol support library - public interface */
+
+ /*
+@@ -138,6 +140,12 @@ typedef struct FSP_FILE {
+ unsigned int pos; /* position of next packet */
+ } FSP_FILE;
+
++
++typedef union dirent_workaround {
++ struct dirent dirent;
++ char fill[offsetof (struct dirent, d_name) + MAXNAMLEN + 1];
++} dirent_workaround;
++
+ /* function prototypes */
+
+ /* session management */
diff --git a/recipes/gftp/gftp_2.0.18.bb b/recipes/gftp/gftp_2.0.18.bb
index f5705b1..f5a5047 100644
--- a/recipes/gftp/gftp_2.0.18.bb
+++ b/recipes/gftp/gftp_2.0.18.bb
@@ -6,10 +6,11 @@ DESCRIPTION = "Free multithreaded file transfer client (FTP/HTTP/SSH)."
HOMEPAGE="http://www.gftp.org/"
SECTION = "x11/network"
LICENSE="GPL"
-PR = "r1"
+PR = "r2"
SRC_URI="http://www.gftp.org/gftp-${PV}.tar.bz2 \
- file://configure.patch;patch=1"
+ file://configure.patch;patch=1 \
+ file://gftp-2.0.18-188252.patch;patch=1 "
DEPENDS="gtk+ openssl"
More information about the Openembedded-commits
mailing list