main/znc: fix NULL pointer dereference in webadmin (CVE-2013-2130)

fixes #2037
author: Natanael Copa <ncopa@alpinelinux.org> 2013-06-04 07:10:53 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-06-04 07:12:38 +0000
commit: 5461ef9adb8cfbbca3db9367b6922a3f37552bc5 (patch)
tree: edbbc4c108cb111ce976f395d38a27b75bb05861
parent: d78275a6ccdc3c3bcd5f602d15de1974922836b5 (diff)
download: alpine_aports-5461ef9adb8cfbbca3db9367b6922a3f37552bc5.tar.bz2
alpine_aports-5461ef9adb8cfbbca3db9367b6922a3f37552bc5.tar.xz
alpine_aports-5461ef9adb8cfbbca3db9367b6922a3f37552bc5.zip
2 files changed, 69 insertions, 2 deletions
diff --git a/main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch b/main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch
new file mode 100644
index 0000000000..7867ab1474
--- /dev/null
+++ b/main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch
@@ -0,0 +1,58 @@
+From 847b73e56d9d3fc95b4882c935a81da532dda26e Mon Sep 17 00:00:00 2001
+From: Alexey Sokolov <alexey+znc@asokolov.org>
+Date: Mon, 27 May 2013 23:48:23 +0400
+Subject: [PATCH] Fix NULL pointer dereference in webadmin.
+Triggerable by any non-admin, if webadmin is loaded.
+The only affected version is 1.0
+Thanks to ChauffeR (Simone Esposito) for reporting this.
+(cherry picked from commit 2bd410ee5570cea127233f1133ea22f25174eb28)
+---
+ modules/webadmin.cpp | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp
+index d8a3d82..ea44060 100644
+--- a/modules/webadmin.cpp
+++ b/modules/webadmin.cpp
+@@ -404,7 +404,7 @@ public:
+                        CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
+ 
+                        // Admin||Self Check
+-                       if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+                       if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
+                                return false;
+                        }
+ 
+@@ -433,7 +433,7 @@ public:
+                        CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
+ 
+                        // Admin||Self Check
+-                       if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+                       if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
+                                return false;
+                        }
+ 
+@@ -457,7 +457,7 @@ public:
+                        CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
+ 
+                        // Admin||Self Check
+-                       if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+                       if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
+                                return false;
+                        }
+ 
+@@ -471,7 +471,7 @@ public:
+                        CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
+ 
+                        // Admin||Self Check
+-                       if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+                       if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
+                                return false;
+                        }
+ 
+-- 
+1.8.2.3
diff --git a/main/znc/APKBUILD b/main/znc/APKBUILD
index c2bd98cf63..3fdc7e6369 100644
--- a/main/znc/APKBUILD
+++ b/main/znc/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=znc
 pkgver=1.0
-pkgrel=1
+pkgrel=2
 pkgdesc="An advanced IRC bouncer"
 url="http://znc.in"
 arch="all"
@@ -15,7 +15,9 @@ install=""
 subpackages="$pkgname-dev $pkgname-doc $pkgname-extra $pkgname-modtcl
        $pkgname-modperl"
 source="http://znc.in/releases/znc-$pkgver.tar.gz
-        libiconv.patch"
+        0001-Fix-NULL-pointer-dereference-in-webadmin.patch
+        libiconv.patch
+        "
 _builddir="$srcdir"/znc-$pkgver
 prepare() {
@@ -101,4 +103,11 @@ modperl() {
 }
 md5sums="23807ca830c27392cccb6774f542df6e  znc-1.0.tar.gz
+e28e0044072419c231e31c2867392e22  0001-Fix-NULL-pointer-dereference-in-webadmin.patch
 54cf06c396fd7769ecf6cbc762472492  libiconv.patch"
+sha256sums="a85539da42697b26e4d46205def36bb799f83d6aeef401d53c49ee674142062a  znc-1.0.tar.gz
+03ffef0719b1a294b337ae59aec3a16c3f7211b2fcc178d86e8a096ed68fbda7  0001-Fix-NULL-pointer-dereference-in-webadmin.patch
+922990db9f1274801ab3d733e9d3bb38415581bc448b14572f38b013c5ef7640  libiconv.patch"
+sha512sums="4219cdd32296e5851f6cd99a8ac6e14d2579df10e8e111bb09d6c3789e400e2fcdc173968afd54808d286f0fb4945aa57d2d0f3b62a20e761de64500c8938e35  znc-1.0.tar.gz
+bb5c8f5ee30872027e6cd4e6251d6521cc99104f1e8832ac7cac9244c66b85eee961e657888631835b8b5f1ae307a413716e799952fc1787a71bd71ef211f9e7  0001-Fix-NULL-pointer-dereference-in-webadmin.patch
+7eadbc45890af41148c0e7d1c9bd963e473eaf47836ea656a3c204b0aa7a754c532142b71ff59fbbcef6683e412e31324c730d17fb5aac19a0e0dad63cd007c4  libiconv.patch"
author	Natanael Copa <ncopa@alpinelinux.org>	2013-06-04 07:10:53 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-06-04 07:12:38 +0000
commit	5461ef9adb8cfbbca3db9367b6922a3f37552bc5 (patch)
tree	edbbc4c108cb111ce976f395d38a27b75bb05861
parent	d78275a6ccdc3c3bcd5f602d15de1974922836b5 (diff)
download	alpine_aports-5461ef9adb8cfbbca3db9367b6922a3f37552bc5.tar.bz2 alpine_aports-5461ef9adb8cfbbca3db9367b6922a3f37552bc5.tar.xz alpine_aports-5461ef9adb8cfbbca3db9367b6922a3f37552bc5.zip

diff --git a/main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch b/main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch new file mode 100644 index 0000000000..7867ab1474 --- /dev/null +++ b/main/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch
@@ -0,0 +1,58 @@
		1	From 847b73e56d9d3fc95b4882c935a81da532dda26e Mon Sep 17 00:00:00 2001
		2	From: Alexey Sokolov <alexey+znc@asokolov.org>
		3	Date: Mon, 27 May 2013 23:48:23 +0400
		4	Subject: [PATCH] Fix NULL pointer dereference in webadmin.
		5
		6	Triggerable by any non-admin, if webadmin is loaded.
		7
		8	The only affected version is 1.0
		9
		10	Thanks to ChauffeR (Simone Esposito) for reporting this.
		11	(cherry picked from commit 2bd410ee5570cea127233f1133ea22f25174eb28)
		12	---
		13	modules/webadmin.cpp \| 8 ++++----
		14	1 file changed, 4 insertions(+), 4 deletions(-)
		15
		16	diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp
		17	index d8a3d82..ea44060 100644
		18	--- a/modules/webadmin.cpp
		19	+++ b/modules/webadmin.cpp
		20	@@ -404,7 +404,7 @@ public:
		21	CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
		22
		23	// Admin\|\|Self Check
		24	- if (!spSession->IsAdmin() && (!spSession->GetUser() \|\| spSession->GetUser() != pNetwork->GetUser())) {
		25	+ if (!spSession->IsAdmin() && (!spSession->GetUser() \|\| !pNetwork \|\| spSession->GetUser() != pNetwork->GetUser())) {
		26	return false;
		27	}
		28
		29	@@ -433,7 +433,7 @@ public:
		30	CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
		31
		32	// Admin\|\|Self Check
		33	- if (!spSession->IsAdmin() && (!spSession->GetUser() \|\| spSession->GetUser() != pNetwork->GetUser())) {
		34	+ if (!spSession->IsAdmin() && (!spSession->GetUser() \|\| !pNetwork \|\| spSession->GetUser() != pNetwork->GetUser())) {
		35	return false;
		36	}
		37
		38	@@ -457,7 +457,7 @@ public:
		39	CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
		40
		41	// Admin\|\|Self Check
		42	- if (!spSession->IsAdmin() && (!spSession->GetUser() \|\| spSession->GetUser() != pNetwork->GetUser())) {
		43	+ if (!spSession->IsAdmin() && (!spSession->GetUser() \|\| !pNetwork \|\| spSession->GetUser() != pNetwork->GetUser())) {
		44	return false;
		45	}
		46
		47	@@ -471,7 +471,7 @@ public:
		48	CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
		49
		50	// Admin\|\|Self Check
		51	- if (!spSession->IsAdmin() && (!spSession->GetUser() \|\| spSession->GetUser() != pNetwork->GetUser())) {
		52	+ if (!spSession->IsAdmin() && (!spSession->GetUser() \|\| !pNetwork \|\| spSession->GetUser() != pNetwork->GetUser())) {
		53	return false;
		54	}
		55
		56	--
		57	1.8.2.3
		58


diff --git a/main/znc/APKBUILD b/main/znc/APKBUILD index c2bd98cf63..3fdc7e6369 100644 --- a/main/znc/APKBUILD +++ b/main/znc/APKBUILD
@@ -2,7 +2,7 @@
2	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	2	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
3	pkgname=znc	3	pkgname=znc
4	pkgver=1.0	4	pkgver=1.0
5	pkgrel=1	5	pkgrel=2
6	pkgdesc="An advanced IRC bouncer"	6	pkgdesc="An advanced IRC bouncer"
7	url="http://znc.in"	7	url="http://znc.in"
8	arch="all"	8	arch="all"
@@ -15,7 +15,9 @@ install=""
15	subpackages="$pkgname-dev $pkgname-doc $pkgname-extra $pkgname-modtcl	15	subpackages="$pkgname-dev $pkgname-doc $pkgname-extra $pkgname-modtcl
16	$pkgname-modperl"	16	$pkgname-modperl"
17	source="http://znc.in/releases/znc-$pkgver.tar.gz	17	source="http://znc.in/releases/znc-$pkgver.tar.gz
18	libiconv.patch"	18	0001-Fix-NULL-pointer-dereference-in-webadmin.patch
		19	libiconv.patch
		20	"
19		21
20	_builddir="$srcdir"/znc-$pkgver	22	_builddir="$srcdir"/znc-$pkgver
21	prepare() {	23	prepare() {
@@ -101,4 +103,11 @@ modperl() {
101	}	103	}
102		104
103	md5sums="23807ca830c27392cccb6774f542df6e znc-1.0.tar.gz	105	md5sums="23807ca830c27392cccb6774f542df6e znc-1.0.tar.gz
		106	e28e0044072419c231e31c2867392e22 0001-Fix-NULL-pointer-dereference-in-webadmin.patch
104	54cf06c396fd7769ecf6cbc762472492 libiconv.patch"	107	54cf06c396fd7769ecf6cbc762472492 libiconv.patch"
		108	sha256sums="a85539da42697b26e4d46205def36bb799f83d6aeef401d53c49ee674142062a znc-1.0.tar.gz
		109	03ffef0719b1a294b337ae59aec3a16c3f7211b2fcc178d86e8a096ed68fbda7 0001-Fix-NULL-pointer-dereference-in-webadmin.patch
		110	922990db9f1274801ab3d733e9d3bb38415581bc448b14572f38b013c5ef7640 libiconv.patch"
		111	sha512sums="4219cdd32296e5851f6cd99a8ac6e14d2579df10e8e111bb09d6c3789e400e2fcdc173968afd54808d286f0fb4945aa57d2d0f3b62a20e761de64500c8938e35 znc-1.0.tar.gz
		112	bb5c8f5ee30872027e6cd4e6251d6521cc99104f1e8832ac7cac9244c66b85eee961e657888631835b8b5f1ae307a413716e799952fc1787a71bd71ef211f9e7 0001-Fix-NULL-pointer-dereference-in-webadmin.patch
		113	7eadbc45890af41148c0e7d1c9bd963e473eaf47836ea656a3c204b0aa7a754c532142b71ff59fbbcef6683e412e31324c730d17fb5aac19a0e0dad63cd007c4 libiconv.patch"