summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoman I Khimov <khimov@altell.ru>2010-05-02 20:53:36 +0400
committerRoman I Khimov <khimov@altell.ru>2010-05-02 20:54:02 +0400
commit267fc260d31b9968036b3309362cb9f0bc2188f6 (patch)
tree6f9ef398974ebfa6d0b616baac5bed1010f46a88
parent14d2edfcfdb5990e348f95b4b2064f5befb1c043 (diff)
squidguard: fix CVE-2009-3700 and CVE-2009-3826
Signed-off-by: Roman I Khimov <khimov@altell.ru>
-rw-r--r--recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch46
-rw-r--r--recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch26
-rw-r--r--recipes/squidguard/squidguard_1.4.bb4
3 files changed, 75 insertions, 1 deletions
diff --git a/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch
new file mode 100644
index 0000000000..6f0d9a817d
--- /dev/null
+++ b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch
@@ -0,0 +1,46 @@
+Index: squidGuard-1.4/src/sgLog.c
+===================================================================
+--- squidGuard-1.4.orig/src/sgLog.c
++++ squidGuard-1.4/src/sgLog.c
+@@ -2,7 +2,7 @@
+ By accepting this notice, you agree to be bound by the following
+ agreements:
+
+- This software product, squidGuard, is copyrighted (C) 1998-2007
++ This software product, squidGuard, is copyrighted (C) 1998-2009
+ by Christine Kronberg, Shalla Secure Services. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify it
+@@ -55,8 +55,8 @@ void sgLog(log, format, va_alist)
+ char msg[MAX_BUF];
+ va_list ap;
+ VA_START(ap, format);
+- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
+- fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno));
++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
++ fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno));
+ va_end(ap);
+ date = niso(0);
+ if(globalDebug || log == NULL) {
+@@ -87,8 +87,8 @@ void sgLogError(format, va_alist)
+ char msg[MAX_BUF];
+ va_list ap;
+ VA_START(ap, format);
+- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
+- sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno));
++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+ va_end(ap);
+ sgLog(globalErrorLog,"%s",msg);
+ }
+@@ -104,8 +104,8 @@ void sgLogFatalError(format, va_alist)
+ char msg[MAX_BUF];
+ va_list ap;
+ VA_START(ap, format);
+- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
+- return;
++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
++ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+ va_end(ap);
+ sgLog(globalErrorLog,"%s",msg);
+ sgEmergency();
diff --git a/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch
new file mode 100644
index 0000000000..8d2b6230cc
--- /dev/null
+++ b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch
@@ -0,0 +1,26 @@
+Index: squidGuard-1.4/src/sg.h.in
+===================================================================
+--- squidGuard-1.4.orig/src/sg.h.in
++++ squidGuard-1.4/src/sg.h.in
+@@ -73,7 +73,7 @@ int tolower();
+ #define REQUEST_TYPE_REDIRECT 2
+ #define REQUEST_TYPE_PASS 3
+
+-#define MAX_BUF 4096
++#define MAX_BUF 12288
+
+ #define DEFAULT_LOGFILE "squidGuard.log"
+ #define WARNING_LOGFILE "squidGuard.log"
+Index: squidGuard-1.4/src/sgDiv.c.in
+===================================================================
+--- squidGuard-1.4.orig/src/sgDiv.c.in
++++ squidGuard-1.4/src/sgDiv.c.in
+@@ -745,7 +745,7 @@ char *sgParseRedirect(redirect, req, acl
+ p++;
+ break;
+ case 'u': /* Requested URL */
+- strcat(buf, req->orig);
++ strncat(buf, req->orig, 2048);
+ p++;
+ break;
+ default:
diff --git a/recipes/squidguard/squidguard_1.4.bb b/recipes/squidguard/squidguard_1.4.bb
index e77469fbed..c3408f7a8b 100644
--- a/recipes/squidguard/squidguard_1.4.bb
+++ b/recipes/squidguard/squidguard_1.4.bb
@@ -4,13 +4,15 @@ SECTION = "network"
DEPENDS = "virtual/db openldap mysql5 zlib"
RDEPENDS += "squid"
LICENSE = "GPL"
-PR = "r0"
+PR = "r1"
SRC_URI = " \
http://www.squidguard.org/Downloads/squidGuard-${PV}.tar.gz;name=tar \
file://squidguard-1.4-no_header_checks.patch;patch=1 \
file://squidguard-1.4-fix-parallel-build.patch;patch=1 \
file://squidguard-cross-ldap.patch;patch=1 \
+ file://squidguard-fix-CVE-2009-3700.patch;patch=1 \
+ file://squidguard-fix-CVE-2009-3826.patch;patch=1 \
file://squidGuard.conf \
"
SRC_URI[tar.md5sum] = "de834150998c1386c30feae196f16b06"