On Mon, Jun 07, 2010 at 06:18:00PM +0200, Moritz Muehlenhoff wrote: > Hi Michael, > please see > http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc > for details and a patch. Please fix this for Squeeze. > > I don't think we need a DSA for Lenny. However we could still fix it > through a point update.
The patch you refer to doesn't work for us as GNU doesn't have strlcpy. I created a small and simple patch (with review by Sebastian Pipping, sping at gentoo.org, thanks for that) to avoid writing over the the maximum strlen. It's attached and uploaded with urgency high to DELAYED/2. Hope it's all right. Hauke -- .''`. Jan Hauke Rahm <[email protected]> www.jhr-online.de : :' : Debian Developer www.debian.org `. `'` Member of the Linux Foundation www.linux.com `- Fellow of the Free Software Foundation Europe www.fsfe.org
diff -u opie-2.32.dfsg.1/debian/changelog opie-2.32.dfsg.1/debian/changelog --- opie-2.32.dfsg.1/debian/changelog +++ opie-2.32.dfsg.1/debian/changelog @@ -1,3 +1,12 @@ +opie (2.32.dfsg.1-0.2) unstable; urgency=high + + * Non-maintainer upload. + * Urgency high for security relevant RC bug. + * Set null terminator on strlen()-1 instead of strlen(). + CVE-2010-1938 (Closes: #584932) + + -- Jan Hauke Rahm <[email protected]> Wed, 16 Jun 2010 17:19:07 +0200 + opie (2.32.dfsg.1-0.1) unstable; urgency=high * Non-maintainer upload. only in patch2: unchanged: --- opie-2.32.dfsg.1.orig/libopie/readrec.c +++ opie-2.32.dfsg.1/libopie/readrec.c @@ -126,8 +126,8 @@ if (c = strchr(opie->opie_principal, ':')) *c = 0; - if (strlen(opie->opie_principal) > OPIE_PRINCIPAL_MAX) - (opie->opie_principal)[OPIE_PRINCIPAL_MAX] = 0; + if (strlen(opie->opie_principal) > OPIE_PRINCIPAL_MAX - 1) + (opie->opie_principal)[OPIE_PRINCIPAL_MAX - 1] = 0; strcpy(principal, opie->opie_principal);
signature.asc
Description: Digital signature

