[SCM] BOINC packaging branch, wheezy, updated. debian/7.0.27+dfsg-5-21-g8ddb22e
Guo Yixuan
culu.gyx at gmail.com
Thu Jun 27 02:20:11 UTC 2013
The following commit has been merged in the wheezy branch:
commit 173bfe585a829ff51ddb6543c24b2be920cfffe5
Author: Guo Yixuan <culu.gyx at gmail.com>
Date: Thu Jun 27 10:04:31 2013 +0800
CVE-2013-2018 2nd patch
boinc-v2: e8d6c33fe158129a5616e18eb84a7a9d44aca15f
diff --git a/debian/patches/CVE-2013-2018-2-SQL-injections.patch b/debian/patches/CVE-2013-2018-2-SQL-injections.patch
new file mode 100644
index 0000000..7b38f77
--- /dev/null
+++ b/debian/patches/CVE-2013-2018-2-SQL-injections.patch
@@ -0,0 +1,107 @@
+From e8d6c33fe158129a5616e18eb84a7a9d44aca15f Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Mon, 7 Jan 2013 19:40:20 -0800
+Subject: [PATCH] - user web: fix security vulnerabilities
+
+---
+ html/inc/bossa.inc | 1 +
+ html/user/submit.php | 1 +
+ html/user/submit_rpc_handler.php | 2 ++
+ html/user/team_admins.php | 1 +
+ html/user/team_search.php | 8 +++++---
+ 6 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/html/inc/bossa.inc b/html/inc/bossa.inc
+index 2dfef55..625ca52 100644
+--- a/html/inc/bossa.inc
++++ b/html/inc/bossa.inc
+@@ -45,6 +45,7 @@ function bossa_batch_create($appid, $name, $calibration) {
+ }
+
+ function bossa_app_lookup($name) {
++ $name = BoincDb::escape_string($name);
+ $app = BossaApp::lookup("short_name='$name'");
+ if (!$app) return 0;
+ return $app->id;
+diff --git a/html/user/submit.php b/html/user/submit.php
+index ebaf385..4d8d7c5 100644
+--- a/html/user/submit.php
++++ b/html/user/submit.php
+@@ -196,6 +196,7 @@ function handle_main($user) {
+ ";
+ $x = "";
+ foreach ($submit_urls as $appname=>$submit_url) {
++ $appname = BoincDb::escape_string($appname);
+ $app = BoincApp::lookup("name='$appname'");
+ if (!$app) error_page("bad submit_url name: $appname");
+ $usa = BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
+diff --git a/html/user/submit_rpc_handler.php b/html/user/submit_rpc_handler.php
+index 9a2686a..e3b6d15 100644
+--- a/html/user/submit_rpc_handler.php
++++ b/html/user/submit_rpc_handler.php
+@@ -38,6 +38,7 @@ function error($s) {
+ function authenticate_user($r, $app) {
+ $auth = (string)$r->authenticator;
+ if (!$auth) error("no authenticator");
++ $auth = BoincDb::escape_string($auth);
+ $user = BoincUser::lookup("authenticator='$auth'");
+ if (!$user) error("bad authenticator");
+ $user_submit = BoincUserSubmit::lookup_userid($user->id);
+@@ -53,6 +54,7 @@ function authenticate_user($r, $app) {
+
+ function get_app($r) {
+ $name = (string)($r->batch->app_name);
++ $name = BoincDb::escape_string($name);
+ $app = BoincApp::lookup("name='$name'");
+ if (!$app) error("no app");
+ return $app;
+diff --git a/html/user/team_admins.php b/html/user/team_admins.php
+index 2c0876b..96f2c25 100644
+--- a/html/user/team_admins.php
++++ b/html/user/team_admins.php
+@@ -93,6 +93,7 @@ function remove_admin($team) {
+
+ function add_admin($team) {
+ $email_addr = get_str('email_addr');
++ $email_addr = BoincDb::escape_string($email_addr);
+ $user = BoincUser::lookup("email_addr='$email_addr'");
+ if (!$user) error_page(tra("no such user"));
+ if ($user->teamid != $team->id) error_page(tra("User is not member of team"));
+diff --git a/html/user/team_search.php b/html/user/team_search.php
+index 683fba4..d70c20a 100644
+--- a/html/user/team_search.php
++++ b/html/user/team_search.php
+@@ -126,11 +126,11 @@ function search($params) {
+ if (strlen($params->keywords)) {
+ $kw = BoincDb::escape_string($params->keywords);
+ $name_lc = strtolower($kw);
+- $name_lc = escape_pattern($name_lc);
+
+ $list2 = get_teams("name='$name_lc'", $params->active);
+ merge_lists($list2, $list, 20);
+
++ $name_lc = escape_pattern($name_lc);
+ $list2 = get_teams("name like '".$name_lc."%'", $params->active);
+ merge_lists($list2, $list, 5);
+
+@@ -142,13 +142,15 @@ function search($params) {
+ $tried = true;
+ }
+ if (strlen($params->country) && $params->country!='None') {
+- $list2 = get_teams("country = '$params->country'", $params->active);
++ $country = BoincDb::escape_string($params->country);
++ $list2 = get_teams("country = '$country'", $params->active);
+ //echo "<br>country matches: ",sizeof($list2);
+ merge_lists($list2, $list, 1);
+ $tried = true;
+ }
+ if ($params->type and $params->type>1) {
+- $list2 = get_teams("type=$params->type", $params->active);
++ $type = BoincDb::escape_string($params->type);
++ $list2 = get_teams("type=$type", $params->active);
+ //echo "<br>type matches: ",sizeof($list2);
+ merge_lists($list2, $list, 2);
+ $tried = true;
+--
+1.8.3.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 9da85d5..d3edb18 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -62,3 +62,4 @@ CVE-2013-2298-Scheduler-fix-security-vulnerabilities.patch
link_with_gold.patch
wrapper.patch
CVE-2013-2018-1-SQL-injections.patch
+CVE-2013-2018-2-SQL-injections.patch
--
BOINC packaging
More information about the pkg-boinc-commits
mailing list