Bug#698231: memcached: CVE-2013-0179

Sat, 19 Jan 2013 11:48:15 -0800 

Hi

Attached is a proposed debdiff for #698231.

Any comments?

Regards,
Salvatore

diff -Nru memcached-1.4.13/debian/changelog memcached-1.4.13/debian/changelog
--- memcached-1.4.13/debian/changelog   2012-05-08 19:25:25.000000000 +0200
+++ memcached-1.4.13/debian/changelog   2013-01-19 20:37:32.000000000 +0100
@@ -1,3 +1,12 @@
+memcached (1.4.13-0.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Add 0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
+    [SECURITY] CVE-2013-0179: DoS due to buffer overrun when printing out keys
+    to be deleted in verbose mode. (Closes: #698231).
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sat, 19 Jan 2013 20:36:36 +0100
+
 memcached (1.4.13-0.1) unstable; urgency=low
 
    * Non-maintainer upload.
diff -Nru 
memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
 
memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
--- 
memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
     1970-01-01 01:00:00.000000000 +0100
+++ 
memcached-1.4.13/debian/patches/0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
     2013-01-19 20:36:09.000000000 +0100
@@ -0,0 +1,46 @@
+Description: [CVE-2013-0179] Fix buffer-overrun when logging keys
+Origin: vendor
+Bug: https://code.google.com/p/memcached/issues/detail?id=306
+Bug-Debian: http://bugs.debian.org/698231
+Forwarded: not-needed
+Author: Jeremy Sowden <jeremy.sow...@gmail.com>
+Author: Salvatore Bonaccorso <car...@debian.org>
+Last-Update: 2013-01-19
+--- a/memcached.c
++++ b/memcached.c
+@@ -2149,7 +2149,12 @@
+     assert(c != NULL);
+ 
+     if (settings.verbose > 1) {
+-        fprintf(stderr, "Deleting %s\n", key);
++        int ii;
++        fprintf(stderr, "Deleting ");
++        for (ii = 0; ii < nkey; ++ii) {
++            fprintf(stderr, "%c", key[ii]);
++        }
++        fprintf(stderr, "\n");
+     }
+ 
+     if (settings.detail_enabled) {
+--- a/items.c
++++ b/items.c
+@@ -500,9 +500,17 @@
+ 
+     if (settings.verbose > 2) {
+         if (it == NULL) {
+-            fprintf(stderr, "> NOT FOUND %s", key);
++            int ii;
++            fprintf(stderr, "> NOT FOUND ");
++            for (ii = 0; ii < nkey; ++ii) {
++                fprintf(stderr, "%c", key[ii]);
++            }
+         } else {
+-            fprintf(stderr, "> FOUND KEY %s", ITEM_key(it));
++            int ii;
++            fprintf(stderr, "> FOUND KEY ");
++            for (ii = 0; ii < it->nkey; ++ii) {
++                fprintf(stderr, "%c", ITEM_key(it)[ii]);
++            }
+             was_found++;
+         }
+     }
diff -Nru memcached-1.4.13/debian/patches/series 
memcached-1.4.13/debian/patches/series
--- memcached-1.4.13/debian/patches/series      2012-05-08 17:58:58.000000000 
+0200
+++ memcached-1.4.13/debian/patches/series      2013-01-19 15:51:55.000000000 
+0100
@@ -2,3 +2,4 @@
 02_manpage_additions.patch
 03_fix_ftbfs4hurd.patch
 04_add_init_retry.patch
+0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch

Reply via email to