Bug#476241: intent to NMU

2008-04-17 Thread Nico Golde 
Hi Joshua,
* Joshua Kwan <[EMAIL PROTECTED]> [2008-04-17 21:40]:
> On Thu, Apr 17, 2008 at 09:16:02PM +0200, Nico Golde wrote:
> > Hi,
> > attached is a patch fixing this issue.
> > 
> > It will be also archived on:
> > http://people.debian.org/~nion/nmu-diff/mt-daapd-0.9~r1696-1.2_0.9~r1696-1.3.patch
> 
> Go for it. I'm too busy with school...
> I'm on Low Threshold NMU anyway.

Ok fine, uploading now.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgplMqHdCWQ4z.pgp
Description: PGP signature

Bug#476241: intent to NMU

2008-04-17 Thread Joshua Kwan 
On Thu, Apr 17, 2008 at 09:16:02PM +0200, Nico Golde wrote:
> Hi,
> attached is a patch fixing this issue.
> 
> It will be also archived on:
> http://people.debian.org/~nion/nmu-diff/mt-daapd-0.9~r1696-1.2_0.9~r1696-1.3.patch
> 
> Kind regards
> Nico

Go for it. I'm too busy with school...
I'm on Low Threshold NMU anyway.

-- 
Joshua Kwan



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#476241: intent to NMU

2008-04-17 Thread Nico Golde 
Hi,
attached is a patch fixing this issue.

It will be also archived on:
http://people.debian.org/~nion/nmu-diff/mt-daapd-0.9~r1696-1.2_0.9~r1696-1.3.patch

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u mt-daapd-0.9~r1696/debian/patches/00list mt-daapd-0.9~r1696/debian/patches/00list
--- mt-daapd-0.9~r1696/debian/patches/00list
+++ mt-daapd-0.9~r1696/debian/patches/00list
@@ -1,0 +2 @@
+02_CVE-2008-1771
diff -u mt-daapd-0.9~r1696/debian/changelog mt-daapd-0.9~r1696/debian/changelog
--- mt-daapd-0.9~r1696/debian/changelog
+++ mt-daapd-0.9~r1696/debian/changelog
@@ -1,3 +1,12 @@
+mt-daapd (0.9~r1696-1.3) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix integer overflow leading to heap-based buffer overflow causing a
+remote Denial of Service and possibly allows to execute arbitrary code
+(CVE-2008-1771; Closes: #476241).
+
+ -- Nico Golde <[EMAIL PROTECTED]>  Thu, 17 Apr 2008 19:03:48 +0200
+
 mt-daapd (0.9~r1696-1.2) unstable; urgency=low
 
   * Non-maintainer upload.
--- mt-daapd-0.9~r1696.orig/debian/patches/02_CVE-2008-1771.dpatch
+++ mt-daapd-0.9~r1696/debian/patches/02_CVE-2008-1771.dpatch
@@ -0,0 +1,24 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 02_CVE-2008-1771.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad mt-daapd-0.9~r1696~/src/webserver.c mt-daapd-0.9~r1696/src/webserver.c
+--- mt-daapd-0.9~r1696~/src/webserver.c	2007-10-22 05:40:29.0 +0200
 mt-daapd-0.9~r1696/src/webserver.c	2008-04-17 19:01:56.0 +0200
+@@ -719,7 +719,12 @@
+ return FALSE;
+ }
+ 
+-length=atoi(content_length);
++length=strtol(content_length, NULL, 10);
++if(EINVAL == errno || UINT_MAX - 1 <= length){
++ws_dprintf(L_WS_WARN, "Thread %d: Suspicious Content-Length value, ignoring request\n", pwsc->threadno);
++return FALSE;
++}
++
+ ws_dprintf(L_WS_DBG,"Thread %d: Post var length: %d\n",
+ pwsc->threadno,length);
+ 


pgp1G3b235lo7.pgp
Description: PGP signature