[oe-commits] Holger Hans Peter Freyther : pulseaudio-0.9.15: Fix a flaw in the tmp directory handling
git version control
git at git.openembedded.org
Wed Mar 17 07:08:01 UTC 2010
Module: openembedded.git
Branch: org.openembedded.dev
Commit: d3a29410109b3d8c7e7884d459334a744fbf97bf
URL: http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=d3a29410109b3d8c7e7884d459334a744fbf97bf
Author: Holger Hans Peter Freyther <zecke at selfish.org>
Date: Wed Mar 17 15:01:42 2010 +0800
pulseaudio-0.9.15: Fix a flaw in the tmp directory handling
* Address CVE-2009-1299, compare with http://www.debian.org/security/2010/dsa-2017
---
recipes/pulseaudio/files/CVE-2009-1299.patch | 86 ++++++++++++++++++++++++++
recipes/pulseaudio/pulseaudio_0.9.15.bb | 3 +-
2 files changed, 88 insertions(+), 1 deletions(-)
diff --git a/recipes/pulseaudio/files/CVE-2009-1299.patch b/recipes/pulseaudio/files/CVE-2009-1299.patch
new file mode 100644
index 0000000..63314b8
--- /dev/null
+++ b/recipes/pulseaudio/files/CVE-2009-1299.patch
@@ -0,0 +1,86 @@
+From d3efa43d85ac132c6a5a416a2b6f2115f5d577ee Mon Sep 17 00:00:00 2001
+From: Kees Cook <kees at ubuntu.com>
+Date: Tue, 2 Mar 2010 21:33:34 -0800
+Subject: [PATCH] core-util: ensure that we chmod only the dir we ourselves created
+
+---
+ configure.ac | 2 +-
+ src/pulsecore/core-util.c | 39 ++++++++++++++++++++++++++++++++++-----
+ 2 files changed, 35 insertions(+), 6 deletions(-)
+
+Index: pulseaudio-0.9.15/configure.ac
+===================================================================
+--- pulseaudio-0.9.15.orig/configure.ac 2010-03-17 14:50:02.000000000 +0800
++++ pulseaudio-0.9.15/configure.ac 2010-03-17 14:52:27.250075828 +0800
+@@ -403,7 +403,7 @@
+ AC_FUNC_FORK
+ AC_FUNC_GETGROUPS
+ AC_FUNC_SELECT_ARGTYPES
+-AC_CHECK_FUNCS([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \
++AC_CHECK_FUNCS([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \
+ getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \
+ pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \
+ sigaction sleep sysconf pthread_setaffinity_np])
+Index: pulseaudio-0.9.15/src/pulsecore/core-util.c
+===================================================================
+--- pulseaudio-0.9.15.orig/src/pulsecore/core-util.c 2010-03-17 14:49:59.000000000 +0800
++++ pulseaudio-0.9.15/src/pulsecore/core-util.c 2010-03-17 14:51:37.680079062 +0800
+@@ -178,7 +178,7 @@
+ /** Creates a directory securely */
+ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
+ struct stat st;
+- int r, saved_errno;
++ int r, saved_errno, fd;
+
+ pa_assert(dir);
+
+@@ -196,16 +196,45 @@
+ if (r < 0 && errno != EEXIST)
+ return -1;
+
+-#ifdef HAVE_CHOWN
++#ifdef HAVE_FSTAT
++ if ((fd = open(dir,
++#ifdef O_CLOEXEC
++ O_CLOEXEC|
++#endif
++#ifdef O_NOCTTY
++ O_NOCTTY|
++#endif
++#ifdef O_NOFOLLOW
++ O_NOFOLLOW|
++#endif
++ O_RDONLY)) < 0)
++ goto fail;
++
++ if (fstat(fd, &st) < 0) {
++ pa_assert_se(pa_close(fd) >= 0);
++ goto fail;
++ }
++
++ if (!S_ISDIR(st.st_mode)) {
++ pa_assert_se(pa_close(fd) >= 0);
++ errno = EEXIST;
++ goto fail;
++ }
++
++#ifdef HAVE_FCHOWN
+ if (uid == (uid_t)-1)
+ uid = getuid();
+ if (gid == (gid_t)-1)
+ gid = getgid();
+- (void) chown(dir, uid, gid);
++ (void) fchown(fd, uid, gid);
++#endif
++
++#ifdef HAVE_FCHMOD
++ (void) fchmod(fd, m);
+ #endif
+
+-#ifdef HAVE_CHMOD
+- chmod(dir, m);
++ pa_assert_se(pa_close(fd) >= 0);
++
+ #endif
+
+ #ifdef HAVE_LSTAT
diff --git a/recipes/pulseaudio/pulseaudio_0.9.15.bb b/recipes/pulseaudio/pulseaudio_0.9.15.bb
index 64ca916..760e408 100644
--- a/recipes/pulseaudio/pulseaudio_0.9.15.bb
+++ b/recipes/pulseaudio/pulseaudio_0.9.15.bb
@@ -1,7 +1,7 @@
require pulseaudio.inc
DEPENDS += "gdbm speex"
-PR = "${INC_PR}.4"
+PR = "${INC_PR}.5"
inherit gettext
@@ -15,6 +15,7 @@ SRC_URI += "\
file://fixbluezbuild.patch;patch=1 \
file://tls_m4.patch;patch=1 \
file://sbc-thumb.patch;patch=1 \
+ file://CVE-2009-1299.patch;patch=1 \
"
do_compile_prepend() {
More information about the Openembedded-commits
mailing list