From c1094b8af73fd363a97488c52890fb050da1db69 Mon Sep 17 00:00:00 2001 From: Xufeng Zhang Date: Mon, 28 Jul 2014 04:14:16 -0400 Subject: znc: Fix for CVE-2013-2130 ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp. Per: http://cwe.mitre.org/data/definitions/476.html CWE-476: NULL Pointer Dereference Signed-off-by: Xufeng Zhang Signed-off-by: Jackie Huang Signed-off-by: Martin Jansa --- ...-Fix-NULL-pointer-dereference-in-webadmin.patch | 58 ++++++++++++++++++++++ meta-networking/recipes-irc/znc/znc_git.bb | 4 +- 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-irc/znc/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch (limited to 'meta-networking/recipes-irc') diff --git a/meta-networking/recipes-irc/znc/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch b/meta-networking/recipes-irc/znc/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch new file mode 100644 index 0000000000..68e4414704 --- /dev/null +++ b/meta-networking/recipes-irc/znc/znc/0001-Fix-NULL-pointer-dereference-in-webadmin.patch @@ -0,0 +1,58 @@ +Subject: [PATCH] Fix NULL pointer dereference in webadmin. + +Upstream-Status: Backport + +commit 2bd410ee5570cea127233f1133ea22f25174eb28 upstream + +Triggerable by any non-admin, if webadmin is loaded. + +The only affected version is 1.0 + +Thanks to ChauffeR (Simone Esposito) for reporting this. +--- + modules/webadmin.cpp | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp +index b793c02..816f217 100644 +--- a/modules/webadmin.cpp ++++ b/modules/webadmin.cpp +@@ -419,7 +419,7 @@ public: + CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock); + + // Admin||Self Check +- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) { ++ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) { + return false; + } + +@@ -448,7 +448,7 @@ public: + CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock); + + // Admin||Self Check +- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) { ++ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) { + return false; + } + +@@ -472,7 +472,7 @@ public: + CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock); + + // Admin||Self Check +- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) { ++ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) { + return false; + } + +@@ -486,7 +486,7 @@ public: + CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock); + + // Admin||Self Check +- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) { ++ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) { + return false; + } + +-- +1.8.5.2.233.g932f7e4 + diff --git a/meta-networking/recipes-irc/znc/znc_git.bb b/meta-networking/recipes-irc/znc/znc_git.bb index c8a19dc569..77db25b330 100644 --- a/meta-networking/recipes-irc/znc/znc_git.bb +++ b/meta-networking/recipes-irc/znc/znc_git.bb @@ -7,7 +7,9 @@ DEPENDS = "openssl" PV = "1.0+git" SRCREV = "ef59c23068547c132cb678092fba9a21317fd5f2" -SRC_URI = "git://github.com/znc/znc.git" +SRC_URI = "git://github.com/znc/znc.git \ + file://0001-Fix-NULL-pointer-dereference-in-webadmin.patch \ + " S = "${WORKDIR}/git" -- cgit 1.2.3-korg