[med-svn] r16341 - trunk/packages/dcmtk/branches/experimental/debian/patches
Mathieu Malaterre
malat at moszumanska.debian.org
Thu Feb 27 16:32:08 UTC 2014
Author: malat
Date: 2014-02-27 16:32:08 +0000 (Thu, 27 Feb 2014)
New Revision: 16341
Added:
trunk/packages/dcmtk/branches/experimental/debian/patches/setuid2.patch
trunk/packages/dcmtk/branches/experimental/debian/patches/tpool_fix.patch
Modified:
trunk/packages/dcmtk/branches/experimental/debian/patches/02_dcmtk_3.6.0-1.patch
trunk/packages/dcmtk/branches/experimental/debian/patches/series
Log:
Update patch
Modified: trunk/packages/dcmtk/branches/experimental/debian/patches/02_dcmtk_3.6.0-1.patch
===================================================================
--- trunk/packages/dcmtk/branches/experimental/debian/patches/02_dcmtk_3.6.0-1.patch 2014-02-27 15:33:03 UTC (rev 16340)
+++ trunk/packages/dcmtk/branches/experimental/debian/patches/02_dcmtk_3.6.0-1.patch 2014-02-27 16:32:08 UTC (rev 16341)
@@ -44,7 +44,7 @@
#
-"Acme CT Company" = acmeCTcompany
-"United MR Company" = unitedMRcompany
-+# Example:
++# Example:
+#"Acme CT Company" = acmeCTcompany
+#"United MR Company" = unitedMRcompany
#
Modified: trunk/packages/dcmtk/branches/experimental/debian/patches/series
===================================================================
--- trunk/packages/dcmtk/branches/experimental/debian/patches/series 2014-02-27 15:33:03 UTC (rev 16340)
+++ trunk/packages/dcmtk/branches/experimental/debian/patches/series 2014-02-27 16:32:08 UTC (rev 16341)
@@ -11,3 +11,4 @@
setuid.patch
import_git.patch
timeout.patch
+tpool_fix.patch
Added: trunk/packages/dcmtk/branches/experimental/debian/patches/setuid2.patch
===================================================================
--- trunk/packages/dcmtk/branches/experimental/debian/patches/setuid2.patch (rev 0)
+++ trunk/packages/dcmtk/branches/experimental/debian/patches/setuid2.patch 2014-02-27 16:32:08 UTC (rev 16341)
@@ -0,0 +1,186 @@
+From beaf5a5c24101daeeafa48c375120b16197c9e95 Mon Sep 17 00:00:00 2001
+From: Michael Onken <dicom at offis.de>
+Date: Wed, 19 Feb 2014 14:00:12 +0100
+Subject: [PATCH 1/1] Make sure to handle setuid() return code properly.
+
+In some tools the return value of setuid() is not checked. In the worst
+case this could lead to privilege escalation since the process does not
+give up its root privileges and continue as root.
+---
+ CHANGES.361 | 16 ++++++++++++++++
+ dcmnet/apps/movescu.cc | 6 +++++-
+ dcmnet/apps/storescp.cc | 6 +++++-
+ dcmnet/libsrc/scp.cc | 6 +++++-
+ dcmpstat/apps/dcmprscp.cc | 6 +++++-
+ dcmpstat/apps/dcmpsrcv.cc | 6 +++++-
+ dcmpstat/tests/msgserv.cc | 6 +++++-
+ dcmqrdb/apps/dcmqrscp.cc | 6 +++++-
+ dcmwlm/libsrc/wlmactmg.cc | 6 +++++-
+ 9 files changed, 56 insertions(+), 8 deletions(-)
+
+diff --git a/CHANGES.361 b/CHANGES.361
+index 7152b64..c7385a2 100644
+--- a/CHANGES.361
++++ b/CHANGES.361
+@@ -1,6 +1,22 @@
+
+ Changes between releases are documented here.
+
++**** Changes from 2014.02.19 (onken)
++
++- Make sure to handle setuid() return code properly:
++ In some tools the return value of setuid() is not checked. In the worst
++ case this could lead to privilege escalation since the process does not
++ give up its root privileges and continue as root. Thanks to Hector Marco
++ <hecmargi at upv.es> for the report.
++ Affects: dcmnet/apps/movescu.cc
++ dcmnet/apps/storescp.cc
++ dcmnet/libsrc/scp.cc
++ dcmpstat/apps/dcmprscp.cc
++ dcmpstat/apps/dcmpsrcv.cc
++ dcmpstat/tests/msgserv.cc
++ dcmqrdb/apps/dcmqrscp.cc
++ dcmwlm/libsrc/wlmactmg.cc
++
+ **** Changes from 2014.02.12 (riesmeier)
+
+ - Consistently use upper case letters for DICOM tags.
+diff --git a/dcmnet/apps/movescu.cc b/dcmnet/apps/movescu.cc
+index 0e98b7b..811c980 100644
+--- a/dcmnet/apps/movescu.cc
++++ b/dcmnet/apps/movescu.cc
+@@ -758,7 +758,11 @@ main(int argc, char *argv[])
+ * root, and run by another user. Running as root user may be
+ * potentially disasterous if this program screws up badly.
+ */
+- setuid(getuid());
++ if ((setuid(getuid()) == -1) && (errno == EAGAIN))
++ {
++ OFLOG_FATAL(movescuLogger, "setuid() failed, maximum number of processes/threads for uid already running.");
++ return 1;
++ }
+ #endif
+
+ /* set up main association */
+diff --git a/dcmnet/apps/storescp.cc b/dcmnet/apps/storescp.cc
+index 2dfc512..b91f158 100644
+--- a/dcmnet/apps/storescp.cc
++++ b/dcmnet/apps/storescp.cc
+@@ -1071,7 +1071,11 @@ int main(int argc, char *argv[])
+ * root, and run by another user. Running as root user may be
+ * potentially disastrous if this program screws up badly.
+ */
+- setuid(getuid());
++ if ((setuid(getuid()) == -1) && (errno == EAGAIN))
++ {
++ OFLOG_FATAL(storescpLogger, "setuid() failed, maximum number of processes/threads for uid already running.");
++ return 1;
++ }
+ #endif
+
+ #ifdef WITH_OPENSSL
+diff --git a/dcmnet/libsrc/scp.cc b/dcmnet/libsrc/scp.cc
+index 3d974b6..cf3d06f 100644
+--- a/dcmnet/libsrc/scp.cc
++++ b/dcmnet/libsrc/scp.cc
+@@ -117,7 +117,11 @@ OFCondition DcmSCP::listen()
+ // things go very wrong. Only works if the program is setuid root,
+ // and run by another user. Running as root user may be
+ // potentially disastrous if this program screws up badly.
+- setuid( getuid() );
++ if ((setuid(getuid()) == -1) && (errno == EAGAIN))
++ {
++ DCMNET_ERROR("setuid() failed, maximum number of processes/threads for uid already running.");
++ return NET_EC_InsufficientPortPrivileges;
++ }
+ #endif
+
+ // If we get to this point, the entire initialization process has been completed
+diff --git a/dcmpstat/apps/dcmprscp.cc b/dcmpstat/apps/dcmprscp.cc
+index 5e82165..a6743c8 100644
+--- a/dcmpstat/apps/dcmprscp.cc
++++ b/dcmpstat/apps/dcmprscp.cc
+@@ -469,7 +469,11 @@ int main(int argc, char *argv[])
+ * and run by another user. Running as root user may be
+ * potentially disasterous if this program screws up badly.
+ */
+- setuid(getuid());
++ if ((setuid(getuid()) == -1) && (errno == EAGAIN))
++ {
++ OFLOG_FATAL(dcmprscpLogger, "setuid() failed, maximum number of processes/threads for uid already running.");
++ return 1;
++ }
+ #endif
+
+ #ifdef HAVE_FORK
+diff --git a/dcmpstat/apps/dcmpsrcv.cc b/dcmpstat/apps/dcmpsrcv.cc
+index 7d116bb..20dbf9a 100644
+--- a/dcmpstat/apps/dcmpsrcv.cc
++++ b/dcmpstat/apps/dcmpsrcv.cc
+@@ -1275,7 +1275,11 @@ int main(int argc, char *argv[])
+ * and run by another user. Running as root user may be
+ * potentially disasterous if this program screws up badly.
+ */
+- setuid(getuid());
++ if ((setuid(getuid()) == -1) && (errno == EAGAIN))
++ {
++ OFLOG_FATAL(dcmpsrcvLogger, "setuid() failed, maximum number of processes/threads for uid already running.");
++ return 1;
++ }
+ #endif
+
+ #ifdef HAVE_FORK
+diff --git a/dcmpstat/tests/msgserv.cc b/dcmpstat/tests/msgserv.cc
+index 81181ec..8a0aa12 100644
+--- a/dcmpstat/tests/msgserv.cc
++++ b/dcmpstat/tests/msgserv.cc
+@@ -190,7 +190,11 @@ int main(int argc, char *argv[])
+ * and run by another user. Running as root user may be
+ * potentially disasterous if this program screws up badly.
+ */
+- setuid(getuid());
++ if ((setuid(getuid()) == -1) && (errno == EAGAIN))
++ {
++ OFLOG_FATAL(msgservLogger, "setuid() failed, maximum number of processes/threads for uid already running.");
++ return 10;
++ }
+ #endif
+
+ fd_set fdset;
+diff --git a/dcmqrdb/apps/dcmqrscp.cc b/dcmqrdb/apps/dcmqrscp.cc
+index 3a0fc0d..74dfbb4 100644
+--- a/dcmqrdb/apps/dcmqrscp.cc
++++ b/dcmqrdb/apps/dcmqrscp.cc
+@@ -685,7 +685,11 @@ main(int argc, char *argv[])
+ * and run by another user. Running as root user may be
+ * potentially disasterous if this program screws up badly.
+ */
+- setuid(getuid());
++ if ((setuid(getuid()) == -1) && (errno == EAGAIN))
++ {
++ OFLOG_FATAL(dcmqrscpLogger, "setuid() failed, maximum number of processes/threads for uid already running.");
++ return 10;
++ }
+ #endif
+
+ #if defined(HAVE_SETUID) && defined(HAVE_GRP_H) && defined(HAVE_PWD_H)
+diff --git a/dcmwlm/libsrc/wlmactmg.cc b/dcmwlm/libsrc/wlmactmg.cc
+index d84f0c0..de14739 100644
+--- a/dcmwlm/libsrc/wlmactmg.cc
++++ b/dcmwlm/libsrc/wlmactmg.cc
+@@ -246,7 +246,11 @@ OFCondition WlmActivityManager::StartProvidingService()
+ // things go very wrong. Only works if the program is setuid root,
+ // and run by another user. Running as root user may be
+ // potentially disasterous if this program screws up badly.
+- setuid( getuid() );
++ if ((setuid(getuid()) == -1) && (errno == EAGAIN))
++ {
++ DCMWLM_ERROR("setuid() failed, maximum number of processes/threads for uid already running.");
++ return WLM_EC_InitializationOfNetworkConnectionFailed;
++ }
+ #endif
+
+ // If we get to this point, the entire initialization process has been completed
+--
+1.7.2.5
+
Added: trunk/packages/dcmtk/branches/experimental/debian/patches/tpool_fix.patch
===================================================================
--- trunk/packages/dcmtk/branches/experimental/debian/patches/tpool_fix.patch (rev 0)
+++ trunk/packages/dcmtk/branches/experimental/debian/patches/tpool_fix.patch 2014-02-27 16:32:08 UTC (rev 16341)
@@ -0,0 +1,60 @@
+--- dcmtk-3.6.1~20131114.orig/dcmnet/tests/tpool.cc
++++ dcmtk-3.6.1~20131114/dcmnet/tests/tpool.cc
+@@ -25,6 +25,7 @@
+ #ifdef WITH_THREADS
+
+ #include "dcmtk/ofstd/oftest.h"
++#include "dcmtk/dcmnet/diutil.h"
+ #include "dcmtk/dcmnet/scppool.h"
+ #include "dcmtk/dcmnet/scu.h"
+
+@@ -34,9 +35,10 @@ struct TestSCU : DcmSCU, OFThread
+ protected:
+ void run()
+ {
+- negotiateAssociation();
++ result = negotiateAssociation();
++ DCMNET_FATAL("negotiate association: " << result.text());
+ result = sendECHORequest(0);
+- releaseAssociation();
++ releaseAssociation();
+ }
+ };
+
+@@ -51,13 +53,12 @@ protected:
+ };
+
+
+-/* Test starts pool with a maximum of 5 SCP workers (default value).
+- * All workers are configured to respond to C-ECHO (Verification SOP
+- * Class). 20 SCU threads are created and connect simultaneously to
+- * the pool, send C-ECHO messages are release the association.
+- * Currently the pool ends itself after 3 seconds without connection
+- * request. This can be changed to a "shutDown()" call on the pool
+- * once it is implemented.
++/* Test starts pool with a maximum of 20 SCP workers. All workers are
++ * configured to respond to C-ECHO (Verification SOP Class). 20 SCU
++ * threads are created and connect simultaneously to the pool, send
++ * C-ECHO messages and release the association. Currently the pool
++ * ends itself after 3 seconds without connection request. This can
++ * be changed to a shutDown() call on the pool once it is implemented.
+ */
+ OFTEST(dcmnet_scp_pool)
+ {
+@@ -74,7 +75,7 @@ OFTEST(dcmnet_scp_pool)
+ * (currently under test), this should be done instead of exiting
+ * via connection timeout.
+ */
+- config.setConnectionTimeout(5);
++ config.setConnectionTimeout(3);
+
+ pool.setMaxThreads(20);
+ OFList<OFString> xfers;
+@@ -102,6 +103,7 @@ OFTEST(dcmnet_scp_pool)
+ for (OFVector<TestSCU*>::iterator it3 = scus.begin(); it3 != scus.end(); ++it3)
+ {
+ (*it3)->join();
++ DCMNET_FATAL("send echo request: " << (*it3)->result.text());
+ OFCHECK((*it3)->result.good());
+ delete *it3;
+ }
More information about the debian-med-commit
mailing list