Bug#603841: libsdp: diff for NMU version 1.1.99-2.1

Thu, 25 Nov 2010 04:00:18 -0800 

tags 603841 + patch
tags 603841 + pending
thanks

Dear maintainer,

I've prepared an NMU for libsdp (versioned as 1.1.99-2.1) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.

Regards.

diff -u libsdp-1.1.99/debian/changelog libsdp-1.1.99/debian/changelog
--- libsdp-1.1.99/debian/changelog
+++ libsdp-1.1.99/debian/changelog
@@ -1,3 +1,12 @@
+libsdp (1.1.99-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Apply upstream patch to src/log.c for version 1.1.105 to fix
+    CVE-2010-4173
+    (Closes: #603841)
+
+ -- Alexander Reichle-Schmehl <toli...@debian.org>  Thu, 25 Nov 2010 12:40:59 +0100
+
 libsdp (1.1.99-2) unstable; urgency=low
 
   * FTBFS on kfreebsd-i386 (Closes: #554715)
only in patch2:
unchanged:
--- libsdp-1.1.99.orig/src/log.c
+++ libsdp-1.1.99/src/log.c
@@ -174,15 +174,41 @@
 			filename = p + 1;
 		snprintf( tfilename, sizeof( tfilename ), "/var/log/%s", filename );
 	} else {
+		char tdir[PATH_MAX + 1];
 		/* 
 			for regular user, allow log file to be placed in a user
 			requested path. If no path is requested the log file is
 			placed in /tmp/
 		*/ 
 		if ( p ) 
-			snprintf( tfilename, sizeof( tfilename ), "%s.%d", filename, uid );
+			snprintf(tdir, sizeof(tdir), "%s.%d", filename, uid );
 		else
-			snprintf( tfilename, sizeof( tfilename ), "/tmp/%s.%d", filename, uid );
+			snprintf(tdir, sizeof(tdir ), "/tmp/%s.%d", filename, uid );
+
+		if (mkdir(tdir, 0700)) {
+			struct stat stat;
+
+			if (errno != EEXIST) {
+				__sdp_log( 9, "Couldn't create directory '%s' for logging (%m)\n", tdir );
+				return 0;
+			}
+
+			if (lstat(tdir, &stat)) {
+				__sdp_log(9, "Couldn't lstat directory %s\n", tdir);
+				return 0;
+			}
+
+			if (!S_ISDIR(stat.st_mode) || stat.st_uid != uid ||
+					(stat.st_mode & ~(S_IFMT | S_IRWXU))) {
+				__sdp_log( 9, "Cowardly refusing to log into directory:'%s'. " 
+					  "Make sure it is not: (1) link, (2) other uid, (3) bad permissions."
+					  "thus is a security issue.\n", tdir );
+				return 0;
+			}
+		}
+
+		snprintf(tfilename, sizeof(tfilename), "%s/log", tdir);
+		printf("dir: %s file: %s\n", tdir, tfilename);
 	}
 
 	/* double check the file is not a link */
@@ -195,7 +221,7 @@
 		
 	f = fopen( tfilename, "a" );
 	if ( !f ) {
-		__sdp_log( 9, "Couldn't open filename '%s' for logging\n", tfilename );
+		__sdp_log( 9, "Couldn't open '%s' for logging (%m)\n", tfilename );
 		return 0;
 	}

Reply via email to