diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-06-04 07:10:53 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-06-04 07:12:38 +0000 |
commit | 5461ef9adb8cfbbca3db9367b6922a3f37552bc5 (patch) | |
tree | edbbc4c108cb111ce976f395d38a27b75bb05861 | |
parent | d78275a6ccdc3c3bcd5f602d15de1974922836b5 (diff) | |
download | alpine_aports-5461ef9adb8cfbbca3db9367b6922a3f37552bc5.tar.bz2 alpine_aports-5461ef9adb8cfbbca3db9367b6922a3f37552bc5.tar.xz alpine_aports-5461ef9adb8cfbbca3db9367b6922a3f37552bc5.zip |
main/znc: fix NULL pointer dereference in webadmin (CVE-2013-2130)
fixes #2037
-rw-r--r-- | main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch | 58 | ||||
-rw-r--r-- | main/znc/APKBUILD | 13 |
2 files changed, 69 insertions, 2 deletions
diff --git a/main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch b/main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch new file mode 100644 index 0000000000..7867ab1474 --- /dev/null +++ b/main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From 847b73e56d9d3fc95b4882c935a81da532dda26e Mon Sep 17 00:00:00 2001 | ||
2 | From: Alexey Sokolov <alexey+znc@asokolov.org> | ||
3 | Date: Mon, 27 May 2013 23:48:23 +0400 | ||
4 | Subject: [PATCH] Fix NULL pointer dereference in webadmin. | ||
5 | |||
6 | Triggerable by any non-admin, if webadmin is loaded. | ||
7 | |||
8 | The only affected version is 1.0 | ||
9 | |||
10 | Thanks to ChauffeR (Simone Esposito) for reporting this. | ||
11 | (cherry picked from commit 2bd410ee5570cea127233f1133ea22f25174eb28) | ||
12 | --- | ||
13 | modules/webadmin.cpp | 8 ++++---- | ||
14 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
15 | |||
16 | diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp | ||
17 | index d8a3d82..ea44060 100644 | ||
18 | --- a/modules/webadmin.cpp | ||
19 | +++ b/modules/webadmin.cpp | ||
20 | @@ -404,7 +404,7 @@ public: | ||
21 | CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock); | ||
22 | |||
23 | // Admin||Self Check | ||
24 | - if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) { | ||
25 | + if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) { | ||
26 | return false; | ||
27 | } | ||
28 | |||
29 | @@ -433,7 +433,7 @@ public: | ||
30 | CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock); | ||
31 | |||
32 | // Admin||Self Check | ||
33 | - if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) { | ||
34 | + if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) { | ||
35 | return false; | ||
36 | } | ||
37 | |||
38 | @@ -457,7 +457,7 @@ public: | ||
39 | CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock); | ||
40 | |||
41 | // Admin||Self Check | ||
42 | - if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) { | ||
43 | + if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) { | ||
44 | return false; | ||
45 | } | ||
46 | |||
47 | @@ -471,7 +471,7 @@ public: | ||
48 | CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock); | ||
49 | |||
50 | // Admin||Self Check | ||
51 | - if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) { | ||
52 | + if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) { | ||
53 | return false; | ||
54 | } | ||
55 | |||
56 | -- | ||
57 | 1.8.2.3 | ||
58 | |||
diff --git a/main/znc/APKBUILD b/main/znc/APKBUILD index c2bd98cf63..3fdc7e6369 100644 --- a/main/znc/APKBUILD +++ b/main/znc/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
3 | pkgname=znc | 3 | pkgname=znc |
4 | pkgver=1.0 | 4 | pkgver=1.0 |
5 | pkgrel=1 | 5 | pkgrel=2 |
6 | pkgdesc="An advanced IRC bouncer" | 6 | pkgdesc="An advanced IRC bouncer" |
7 | url="http://znc.in" | 7 | url="http://znc.in" |
8 | arch="all" | 8 | arch="all" |
@@ -15,7 +15,9 @@ install="" | |||
15 | subpackages="$pkgname-dev $pkgname-doc $pkgname-extra $pkgname-modtcl | 15 | subpackages="$pkgname-dev $pkgname-doc $pkgname-extra $pkgname-modtcl |
16 | $pkgname-modperl" | 16 | $pkgname-modperl" |
17 | source="http://znc.in/releases/znc-$pkgver.tar.gz | 17 | source="http://znc.in/releases/znc-$pkgver.tar.gz |
18 | libiconv.patch" | 18 | 0001-Fix-NULL-pointer-dereference-in-webadmin.patch |
19 | libiconv.patch | ||
20 | " | ||
19 | 21 | ||
20 | _builddir="$srcdir"/znc-$pkgver | 22 | _builddir="$srcdir"/znc-$pkgver |
21 | prepare() { | 23 | prepare() { |
@@ -101,4 +103,11 @@ modperl() { | |||
101 | } | 103 | } |
102 | 104 | ||
103 | md5sums="23807ca830c27392cccb6774f542df6e znc-1.0.tar.gz | 105 | md5sums="23807ca830c27392cccb6774f542df6e znc-1.0.tar.gz |
106 | e28e0044072419c231e31c2867392e22 0001-Fix-NULL-pointer-dereference-in-webadmin.patch | ||
104 | 54cf06c396fd7769ecf6cbc762472492 libiconv.patch" | 107 | 54cf06c396fd7769ecf6cbc762472492 libiconv.patch" |
108 | sha256sums="a85539da42697b26e4d46205def36bb799f83d6aeef401d53c49ee674142062a znc-1.0.tar.gz | ||
109 | 03ffef0719b1a294b337ae59aec3a16c3f7211b2fcc178d86e8a096ed68fbda7 0001-Fix-NULL-pointer-dereference-in-webadmin.patch | ||
110 | 922990db9f1274801ab3d733e9d3bb38415581bc448b14572f38b013c5ef7640 libiconv.patch" | ||
111 | sha512sums="4219cdd32296e5851f6cd99a8ac6e14d2579df10e8e111bb09d6c3789e400e2fcdc173968afd54808d286f0fb4945aa57d2d0f3b62a20e761de64500c8938e35 znc-1.0.tar.gz | ||
112 | bb5c8f5ee30872027e6cd4e6251d6521cc99104f1e8832ac7cac9244c66b85eee961e657888631835b8b5f1ae307a413716e799952fc1787a71bd71ef211f9e7 0001-Fix-NULL-pointer-dereference-in-webadmin.patch | ||
113 | 7eadbc45890af41148c0e7d1c9bd963e473eaf47836ea656a3c204b0aa7a754c532142b71ff59fbbcef6683e412e31324c730d17fb5aac19a0e0dad63cd007c4 libiconv.patch" | ||