[Pkg-nagios-changes] [pkg-nagios] r896 - in nagios2/trunk/debian: . patches

Sean Finney seanius at costa.debian.org
Fri May 12 11:22:49 UTC 2006 

Author: seanius
Date: 2006-05-12 11:22:49 +0000 (Fri, 12 May 2006)
New Revision: 896

Added:
   nagios2/trunk/debian/patches/
   nagios2/trunk/debian/patches/00list
   nagios2/trunk/debian/patches/10_CVE-2006-2162_content-length.dpatch
Modified:
   nagios2/trunk/debian/changelog
Log:
should be the "real fix" for CVE-2006-2162


Modified: nagios2/trunk/debian/changelog
===================================================================
--- nagios2/trunk/debian/changelog	2006-05-12 10:54:24 UTC (rev 895)
+++ nagios2/trunk/debian/changelog	2006-05-12 11:22:49 UTC (rev 896)
@@ -1,6 +1,5 @@
 nagios2 (2.3-0.0) UNRELEASED; urgency=low
 
-  * NOT RELEASED YET
   * new upstream version
   * Fix nagios2 restart in init script.
     Thanks to Jim Jensen. (mh) Closes: #360778
@@ -11,8 +10,16 @@
   * Honor locally set file/dir permissions in postinst, fixing policy
     10.9.1 compliance. Thanks to Heiko Schlittermann. (mh) Closes: #361956
 
- -- Marc Haber <mh+debian-packages at zugschlus.de>  Tue,  9 May 2006 12:59:50 +0000
+  [sean finney]
+  * This upstream version addresses a security issue raised in CVE-2006-2162,
+    wrt malcious use of Content-Length headers on cgi scripts.  This debian
+    release includes further refinement of this fix 
+    (10_CVE-2006-2162_content-length.dpatch)
+    as we believe it's still theoretically possible to exploit the issue
+    via integer overflow. Closes: #366683.
 
+ -- sean finney <seanius at debian.org>  Fri, 12 May 2006 13:21:28 +0200
+
 nagios2 (2.2-1) unstable; urgency=low
 
   * new upstream version

Added: nagios2/trunk/debian/patches/00list
===================================================================
--- nagios2/trunk/debian/patches/00list	2006-05-12 10:54:24 UTC (rev 895)
+++ nagios2/trunk/debian/patches/00list	2006-05-12 11:22:49 UTC (rev 896)
@@ -0,0 +1 @@
+10_CVE-2006-2162_content-length.dpatch

Added: nagios2/trunk/debian/patches/10_CVE-2006-2162_content-length.dpatch
===================================================================
--- nagios2/trunk/debian/patches/10_CVE-2006-2162_content-length.dpatch	2006-05-12 10:54:24 UTC (rev 895)
+++ nagios2/trunk/debian/patches/10_CVE-2006-2162_content-length.dpatch	2006-05-12 11:22:49 UTC (rev 896)
@@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_CVE-2006-2162_content-length.dpatch by  <seanius at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad nagios2-2.3~/cgi/getcgi.c nagios2-2.3/cgi/getcgi.c
+--- nagios2-2.3~/cgi/getcgi.c	2006-04-12 21:17:23.000000000 +0200
++++ nagios2-2.3/cgi/getcgi.c	2006-05-12 13:18:04.000000000 +0200
+@@ -10,6 +10,7 @@
+ #include "../include/getcgi.h"
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <limits.h>
+ 
+ 
+ #undef PARANOID_CGI_INPUT
+@@ -169,8 +170,10 @@
+ 			printf("getcgivars(): No Content-Length was sent with the POST request.\n") ;
+ 			exit(1);
+ 		        }
+-		if(content_length<0)
+-			content_length=0;
++		if((content_length<0) || (content_length >= INT_MAX-1)){
++			printf("getcgivars(): Suspicious Content-Length was sent with the POST request.\n");
++			exit(1);
++			}
+ 		if(!(cgiinput=(char *)malloc(content_length+1))){
+ 			printf("getcgivars(): Could not allocate memory for CGI input.\n");
+ 			exit(1);


Property changes on: nagios2/trunk/debian/patches/10_CVE-2006-2162_content-length.dpatch
___________________________________________________________________
Name: svn:executable
   + *

More information about the Pkg-nagios-changes mailing list