[CVS] OpenPKG: OPENPKG_2_0_SOLID: openpkg-src/neon/ neon.patch neon.sp...

Fri, 16 Apr 2004 07:08:15 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Michael Schloh
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   16-Apr-2004 16:08:21
  Branch: OPENPKG_2_0_SOLID                Handle: 2004041615082100

  Added files:              (Branch: OPENPKG_2_0_SOLID)
    openpkg-src/neon        neon.patch
  Modified files:           (Branch: OPENPKG_2_0_SOLID)
    openpkg-src/neon        neon.spec

  Log:
    add patchcode to remove vulnerabilities in format string handling as
    described in OpenPKG-SA-2004.016 (CAN-2004-0179)

  Summary:
    Revision    Changes     Path
    1.1.6.1     +142 -0     openpkg-src/neon/neon.patch
    1.40.2.2    +3  -1      openpkg-src/neon/neon.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/neon/neon.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1.6.1 neon.patch
  --- /dev/null 2004-04-16 16:08:21.000000000 +0200
  +++ neon.patch        2004-04-16 16:08:21.000000000 +0200
  @@ -0,0 +1,142 @@
  +diff -Nau src/ne_207.c.orig src/ne_207.c
  +--- src/ne_207.c.orig        2003-07-23 23:48:21.000000000 +0200
  ++++ src/ne_207.c     2004-04-16 14:47:53.000000000 +0200
  +@@ -320,12 +320,12 @@
  +     if (ne_get_status(req)->code == 207) {
  +         if (!ne_xml_valid(p)) { 
  +             /* The parse was invalid */
  +-            ne_set_error(sess, ne_xml_get_error(p));
  ++            ne_set_error(sess, "%s", ne_xml_get_error(p));
  +             ret = NE_ERROR;
  +         } else if (ctx.is_error) {
  +             /* If we've actually got any error information
  +              * from the 207, then set that as the error */
  +-            ne_set_error(sess, ctx.buf->data);
  ++            ne_set_error(sess, "%s", ctx.buf->data);
  +             ret = NE_ERROR;
  +         }
  +     } else if (ne_get_status(req)->klass != 2) {
  +diff -Nau src/ne_auth.c.orig src/ne_auth.c
  +--- src/ne_auth.c.orig       2003-10-21 21:32:55.000000000 +0200
  ++++ src/ne_auth.c    2004-04-16 14:47:53.000000000 +0200
  +@@ -1080,7 +1080,7 @@
  +     if (areq->auth_info_hdr != NULL && 
  +     verify_response(areq, sess, areq->auth_info_hdr)) {
  +     NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n");
  +-    ne_set_error(sess->sess, _(sess->spec->fail_msg));
  ++    ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg));
  +     ret = NE_ERROR;
  +     } else if (status->code == sess->spec->status_code && 
  +            areq->auth_hdr != NULL) {
  +diff -Nau src/ne_locks.c.orig src/ne_locks.c
  +--- src/ne_locks.c.orig      2003-06-19 00:10:58.000000000 +0200
  ++++ src/ne_locks.c   2004-04-16 14:47:53.000000000 +0200
  +@@ -734,7 +734,7 @@
  +     }
  +     else if (parse_failed) {
  +         ret = NE_ERROR;
  +-        ne_set_error(sess, ne_xml_get_error(parser));
  ++        ne_set_error(sess, "%s", ne_xml_get_error(parser));
  +     }
  +     else if (ne_get_status(req)->code == 207) {
  +         ret = NE_ERROR;
  +@@ -802,7 +802,7 @@
  +     if (ret == NE_OK && ne_get_status(req)->klass == 2) {
  +     if (parse_failed) {
  +         ret = NE_ERROR;
  +-        ne_set_error(sess, ne_xml_get_error(parser));
  ++        ne_set_error(sess, "%s", ne_xml_get_error(parser));
  +     }
  +     else if (ne_get_status(req)->code == 207) {
  +         ret = NE_ERROR;
  +diff -Nau src/ne_props.c.orig src/ne_props.c
  +--- src/ne_props.c.orig      2003-06-19 00:10:58.000000000 +0200
  ++++ src/ne_props.c   2004-04-16 14:47:53.000000000 +0200
  +@@ -142,7 +142,7 @@
  +     if (ret == NE_OK && ne_get_status(req)->klass != 2) {
  +     ret = NE_ERROR;
  +     } else if (!ne_xml_valid(handler->parser)) {
  +-    ne_set_error(handler->sess, ne_xml_get_error(handler->parser));
  ++    ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser));
  +     ret = NE_ERROR;
  +     }
  + 
  +diff -Nau src/ne_xml.c.orig src/ne_xml.c
  +--- src/ne_xml.c.orig        2003-09-25 21:05:58.000000000 +0200
  ++++ src/ne_xml.c     2004-04-16 14:47:53.000000000 +0200
  +@@ -539,7 +539,7 @@
  + 
  + void ne_xml_set_error(ne_xml_parser *p, const char *msg)
  + {
  +-    ne_snprintf(p->error, ERR_SIZE, msg);
  ++    ne_snprintf(p->error, ERR_SIZE, "%s", msg);
  + }
  + 
  + #ifdef HAVE_LIBXML
  +diff -Nau test/props.c.orig test/props.c
  +--- test/props.c.orig        2003-04-22 16:13:56.000000000 +0200
  ++++ test/props.c     2004-04-16 14:47:53.000000000 +0200
  +@@ -81,6 +81,14 @@
  +     "<D:propstat/>"
  +     "<D:status>HTTP/1.1 404 Not Found</D:status>"
  +     "</D:multistatus>",
  ++
  ++    /* format string handling with neon <= 0.24.4 */
  ++    RESP207 "<?xml version=\"1.0\"?><D:multistatus xmlns:D=\"DAV:\">"
  ++    "<D:response><D:href>/foo/</D:href>"
  ++    "<D:propstat/>"
  ++    "<D:status>%s%s%s%s</D:status>"
  ++    "</D:response></D:multistatus>",
  ++
  +     NULL,
  +     };
  +     ne_session *sess;
  +@@ -96,6 +104,40 @@
  +     return OK;
  + }
  + 
  ++static int patch_regress(void)
  ++{
  ++    static const char *bodies[] = { 
  ++    /* format string handling bugs with neon <= 0.24.4 */
  ++    RESP207 "<?xml version=\"1.0\"?><D:multistatus xmlns:D=\"DAV:\">"
  ++    "<D:response><D:href>/foo/</D:href>"
  ++    "<D:status>HTTP/1.1 500 Bad Voodoo</D:status>"
  ++    "<D:responsedescription>%s%s%s%s</D:responsedescription>"
  ++        "</D:response></D:multistatus>",
  ++
  ++    RESP207 "<?xml version=\"1.0\"?><D:multistatus xmlns:D=\"DAV:\">"
  ++    "<D:response><D:href>/foo/</D:href>"
  ++    "<D:status>HTTP/1.1 %s%s%s%s</D:status>",
  ++
  ++        NULL
  ++    };
  ++    ne_session *sess;
  ++    int n;
  ++    static const ne_propname pn = { "DAV:", "foobar" };
  ++    ne_proppatch_operation pops[] = { 
  ++        { &pn, ne_propset, "fish" },
  ++        { NULL, ne_propset, NULL }
  ++    };
  ++
  ++    for (n = 0; bodies[n] != NULL; n++) {
  ++    CALL(make_session(&sess, single_serve_string, (void *)bodies[n]));
  ++    ne_proppatch(sess, "/", pops);
  ++    ne_session_destroy(sess);
  ++    CALL(await_server());
  ++    }
  ++
  ++    return OK;
  ++}
  ++
  + static int pstat_count;
  + 
  + /* tos_*: set of 207 callbacks which serialize the data back into a
  +@@ -503,6 +545,7 @@
  +     T(patch_simple),
  +     T(pfind_simple),
  +     T(regress),
  ++    T(patch_regress),
  +     T(NULL) 
  + };
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/neon/neon.spec
  ============================================================================
  $ cvs diff -u -r1.40.2.1 -r1.40.2.2 neon.spec
  --- openpkg-src/neon/neon.spec        18 Feb 2004 14:50:25 -0000      1.40.2.1
  +++ openpkg-src/neon/neon.spec        16 Apr 2004 14:08:21 -0000      1.40.2.2
  @@ -34,10 +34,11 @@
   Group:        Web
   License:      LGPL
   Version:      0.24.4
  -Release:      2.0.0
  +Release:      2.0.1
   
   #   list of sources
   Source0:      http://www.webdav.org/neon/neon-%{version}.tar.gz
  +Patch0:       neon.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -62,6 +63,7 @@
   
   %prep
       %setup -q
  +    %patch -p0
   
   %build
       CC="%{l_cc}" \
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to