[oe-commits] Roman I Khimov : squidguard: fix CVE-2009-3700 and CVE-2009-3826

Sun May 2 16:54:40 UTC 2010

Module: openembedded.git
Branch: org.openembedded.dev
Commit: 267fc260d31b9968036b3309362cb9f0bc2188f6
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=267fc260d31b9968036b3309362cb9f0bc2188f6

Author: Roman I Khimov <khimov at altell.ru>
Date:   Sun May  2 20:53:36 2010 +0400

squidguard: fix CVE-2009-3700 and CVE-2009-3826

Signed-off-by: Roman I Khimov <khimov at altell.ru>

---

 .../squidguard-fix-CVE-2009-3700.patch             |   46 ++++++++++++++++++++
 .../squidguard-fix-CVE-2009-3826.patch             |   26 +++++++++++
 recipes/squidguard/squidguard_1.4.bb               |    4 +-
 3 files changed, 75 insertions(+), 1 deletions(-)

diff --git a/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch
new file mode 100644
index 0000000..6f0d9a8
--- /dev/null
+++ b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch
@@ -0,0 +1,46 @@
+Index: squidGuard-1.4/src/sgLog.c
+===================================================================
+--- squidGuard-1.4.orig/src/sgLog.c
++++ squidGuard-1.4/src/sgLog.c
+@@ -2,7 +2,7 @@
+   By accepting this notice, you agree to be bound by the following
+   agreements:
+   
+-  This software product, squidGuard, is copyrighted (C) 1998-2007
++  This software product, squidGuard, is copyrighted (C) 1998-2009
+   by Christine Kronberg, Shalla Secure Services. All rights reserved.
+  
+   This program is free software; you can redistribute it and/or modify it
+@@ -55,8 +55,8 @@ void sgLog(log, format, va_alist)
+   char msg[MAX_BUF];
+   va_list ap;
+   VA_START(ap, format);
+-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
+-    fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno));
++  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
++    fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno));
+   va_end(ap);
+   date = niso(0);
+   if(globalDebug || log == NULL) {
+@@ -87,8 +87,8 @@ void sgLogError(format, va_alist)
+   char msg[MAX_BUF];
+   va_list ap;
+   VA_START(ap, format);
+-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
+-    sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno));
++  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
++    sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+   va_end(ap);
+   sgLog(globalErrorLog,"%s",msg);
+ }
+@@ -104,8 +104,8 @@ void sgLogFatalError(format, va_alist)
+   char msg[MAX_BUF];
+   va_list ap;
+   VA_START(ap, format);
+-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
+-    return;
++  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
++    sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+   va_end(ap);
+   sgLog(globalErrorLog,"%s",msg);
+   sgEmergency();
diff --git a/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch
new file mode 100644
index 0000000..8d2b623
--- /dev/null
+++ b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch
@@ -0,0 +1,26 @@
+Index: squidGuard-1.4/src/sg.h.in
+===================================================================
+--- squidGuard-1.4.orig/src/sg.h.in
++++ squidGuard-1.4/src/sg.h.in
+@@ -73,7 +73,7 @@ int tolower();
+ #define REQUEST_TYPE_REDIRECT   2
+ #define REQUEST_TYPE_PASS       3
+ 
+-#define MAX_BUF 4096
++#define MAX_BUF 12288
+ 
+ #define DEFAULT_LOGFILE "squidGuard.log"
+ #define WARNING_LOGFILE "squidGuard.log"
+Index: squidGuard-1.4/src/sgDiv.c.in
+===================================================================
+--- squidGuard-1.4.orig/src/sgDiv.c.in
++++ squidGuard-1.4/src/sgDiv.c.in
+@@ -745,7 +745,7 @@ char *sgParseRedirect(redirect, req, acl
+       p++;
+       break;
+     case 'u': /* Requested URL */
+-      strcat(buf, req->orig);
++      strncat(buf, req->orig, 2048);
+       p++;
+       break;
+     default:
diff --git a/recipes/squidguard/squidguard_1.4.bb b/recipes/squidguard/squidguard_1.4.bb
index e77469f..c3408f7 100644
--- a/recipes/squidguard/squidguard_1.4.bb
+++ b/recipes/squidguard/squidguard_1.4.bb
@@ -4,13 +4,15 @@ SECTION = "network"
 DEPENDS = "virtual/db openldap mysql5 zlib"
 RDEPENDS += "squid"
 LICENSE = "GPL"
-PR = "r0"
+PR = "r1"
 
 SRC_URI = " \
 	http://www.squidguard.org/Downloads/squidGuard-${PV}.tar.gz;name=tar \
 	file://squidguard-1.4-no_header_checks.patch;patch=1 \
 	file://squidguard-1.4-fix-parallel-build.patch;patch=1 \
 	file://squidguard-cross-ldap.patch;patch=1 \
+	file://squidguard-fix-CVE-2009-3700.patch;patch=1 \
+	file://squidguard-fix-CVE-2009-3826.patch;patch=1 \
 	file://squidGuard.conf \
 	"
 SRC_URI[tar.md5sum] = "de834150998c1386c30feae196f16b06"



