[SCM] Debian packaging for the Shibboleth Apache SP branch, lenny, updated. debian/1.3.1.dfsg1-3-3-g561f181
Russ Allbery
rra at debian.org
Fri Sep 25 05:18:23 UTC 2009
The following commit has been merged in the lenny branch:
commit e6133d32c0c8c68b17dd1b3e3331be5f6f1f0437
Author: Russ Allbery <rra at debian.org>
Date: Thu Sep 24 15:13:49 2009 -0700
Backport upstream security patch for URL parsing
* SECURITY: Correctly handle decoding of malformed URLs, closing a
possibly exploitable buffer overflow.
See <http://shibboleth.internet2.edu/secadv/secadv_20090826.txt>
Patch taken from:
http://svn.middleware.georgetown.edu/view/cpp-sp?view=rev&revision=3110
diff --git a/adfs/adfs.cpp b/adfs/adfs.cpp
index d0b776c..3c6747e 100644
--- a/adfs/adfs.cpp
+++ b/adfs/adfs.cpp
@@ -241,7 +241,7 @@ CgiParse::url_decode(char *url)
for(x=0,y=0;url[y];++x,++y)
{
- if((url[x] = url[y]) == '%')
+ if((url[x] = url[y]) == '%' && isxdigit(url[y+1]) && isxdigit(url[y+2]))
{
url[x] = x2c(&url[y+1]);
y+=2;
diff --git a/debian/changelog b/debian/changelog
index 74c595b..8df8da7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
shibboleth-sp (1.3.1.dfsg1-3+lenny1) UNRELEASED; urgency=high
+ * SECURITY: Correctly handle decoding of malformed URLs, closing a
+ possibly exploitable buffer overflow.
+ See <http://shibboleth.internet2.edu/secadv/secadv_20090826.txt>
* SECURITY: Certificate subject names were incorrectly matched against
trusted "key names" when they contained nul characters. This affects
only Shibboleth deployments relying on the "PKIX" style of trust
diff --git a/shib-target/shib-handlers.cpp b/shib-target/shib-handlers.cpp
index 84c742d..abdf707 100644
--- a/shib-target/shib-handlers.cpp
+++ b/shib-target/shib-handlers.cpp
@@ -522,7 +522,7 @@ CgiParse::url_decode(char *url)
for(x=0,y=0;url[y];++x,++y)
{
- if((url[x] = url[y]) == '%')
+ if((url[x] = url[y]) == '%' && isxdigit(url[y+1]) && isxdigit(url[y+2]))
{
url[x] = x2c(&url[y+1]);
y+=2;
--
Debian packaging for the Shibboleth Apache SP
More information about the Pkg-shibboleth-devel
mailing list