From 267fc260d31b9968036b3309362cb9f0bc2188f6 Mon Sep 17 00:00:00 2001 From: Roman I Khimov Date: Sun, 2 May 2010 20:53:36 +0400 Subject: squidguard: fix CVE-2009-3700 and CVE-2009-3826 Signed-off-by: Roman I Khimov --- .../squidguard-fix-CVE-2009-3700.patch | 46 ++++++++++++++++++++++ .../squidguard-fix-CVE-2009-3826.patch | 26 ++++++++++++ recipes/squidguard/squidguard_1.4.bb | 4 +- 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch create mode 100644 recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch diff --git a/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch new file mode 100644 index 0000000000..6f0d9a817d --- /dev/null +++ b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch @@ -0,0 +1,46 @@ +Index: squidGuard-1.4/src/sgLog.c +=================================================================== +--- squidGuard-1.4.orig/src/sgLog.c ++++ squidGuard-1.4/src/sgLog.c +@@ -2,7 +2,7 @@ + By accepting this notice, you agree to be bound by the following + agreements: + +- This software product, squidGuard, is copyrighted (C) 1998-2007 ++ This software product, squidGuard, is copyrighted (C) 1998-2009 + by Christine Kronberg, Shalla Secure Services. All rights reserved. + + This program is free software; you can redistribute it and/or modify it +@@ -55,8 +55,8 @@ void sgLog(log, format, va_alist) + char msg[MAX_BUF]; + va_list ap; + VA_START(ap, format); +- if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) +- fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno)); ++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) ++ fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno)); + va_end(ap); + date = niso(0); + if(globalDebug || log == NULL) { +@@ -87,8 +87,8 @@ void sgLogError(format, va_alist) + char msg[MAX_BUF]; + va_list ap; + VA_START(ap, format); +- if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) +- sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno)); ++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) ++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno)); + va_end(ap); + sgLog(globalErrorLog,"%s",msg); + } +@@ -104,8 +104,8 @@ void sgLogFatalError(format, va_alist) + char msg[MAX_BUF]; + va_list ap; + VA_START(ap, format); +- if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) +- return; ++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) ++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno)); + va_end(ap); + sgLog(globalErrorLog,"%s",msg); + sgEmergency(); diff --git a/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch new file mode 100644 index 0000000000..8d2b6230cc --- /dev/null +++ b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch @@ -0,0 +1,26 @@ +Index: squidGuard-1.4/src/sg.h.in +=================================================================== +--- squidGuard-1.4.orig/src/sg.h.in ++++ squidGuard-1.4/src/sg.h.in +@@ -73,7 +73,7 @@ int tolower(); + #define REQUEST_TYPE_REDIRECT 2 + #define REQUEST_TYPE_PASS 3 + +-#define MAX_BUF 4096 ++#define MAX_BUF 12288 + + #define DEFAULT_LOGFILE "squidGuard.log" + #define WARNING_LOGFILE "squidGuard.log" +Index: squidGuard-1.4/src/sgDiv.c.in +=================================================================== +--- squidGuard-1.4.orig/src/sgDiv.c.in ++++ squidGuard-1.4/src/sgDiv.c.in +@@ -745,7 +745,7 @@ char *sgParseRedirect(redirect, req, acl + p++; + break; + case 'u': /* Requested URL */ +- strcat(buf, req->orig); ++ strncat(buf, req->orig, 2048); + p++; + break; + default: diff --git a/recipes/squidguard/squidguard_1.4.bb b/recipes/squidguard/squidguard_1.4.bb index e77469fbed..c3408f7a8b 100644 --- a/recipes/squidguard/squidguard_1.4.bb +++ b/recipes/squidguard/squidguard_1.4.bb @@ -4,13 +4,15 @@ SECTION = "network" DEPENDS = "virtual/db openldap mysql5 zlib" RDEPENDS += "squid" LICENSE = "GPL" -PR = "r0" +PR = "r1" SRC_URI = " \ http://www.squidguard.org/Downloads/squidGuard-${PV}.tar.gz;name=tar \ file://squidguard-1.4-no_header_checks.patch;patch=1 \ file://squidguard-1.4-fix-parallel-build.patch;patch=1 \ file://squidguard-cross-ldap.patch;patch=1 \ + file://squidguard-fix-CVE-2009-3700.patch;patch=1 \ + file://squidguard-fix-CVE-2009-3826.patch;patch=1 \ file://squidGuard.conf \ " SRC_URI[tar.md5sum] = "de834150998c1386c30feae196f16b06" -- cgit 1.2.3-korg