[Pkg-ofed-commits] [libsdp] 04/04: Imported Debian patch 1.1.99-2.1
Ana Beatriz Guerrero López
ana at moszumanska.debian.org
Wed Jul 2 14:32:05 UTC 2014
This is an automated email from the git hooks/post-receive script.
ana pushed a commit to branch master
in repository libsdp.
commit 4affe13d0ff80524268d98f758b05e814946855b
Author: Alexander Reichle-Schmehl <tolimar at debian.org>
Date: Thu Nov 25 12:40:59 2010 +0100
Imported Debian patch 1.1.99-2.1
---
debian/changelog | 9 +++++++++
src/log.c | 32 +++++++++++++++++++++++++++++---
2 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index a36ad09..a42f76c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libsdp (1.1.99-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Apply upstream patch to src/log.c for version 1.1.105 to fix
+ CVE-2010-4173
+ (Closes: #603841)
+
+ -- Alexander Reichle-Schmehl <tolimar at debian.org> Thu, 25 Nov 2010 12:40:59 +0100
+
libsdp (1.1.99-2) unstable; urgency=low
* FTBFS on kfreebsd-i386 (Closes: #554715)
diff --git a/src/log.c b/src/log.c
index bd4b99e..8535aa6 100644
--- a/src/log.c
+++ b/src/log.c
@@ -174,15 +174,41 @@ __sdp_log_set_log_file(
filename = p + 1;
snprintf( tfilename, sizeof( tfilename ), "/var/log/%s", filename );
} else {
+ char tdir[PATH_MAX + 1];
/*
for regular user, allow log file to be placed in a user
requested path. If no path is requested the log file is
placed in /tmp/
*/
if ( p )
- snprintf( tfilename, sizeof( tfilename ), "%s.%d", filename, uid );
+ snprintf(tdir, sizeof(tdir), "%s.%d", filename, uid );
else
- snprintf( tfilename, sizeof( tfilename ), "/tmp/%s.%d", filename, uid );
+ snprintf(tdir, sizeof(tdir ), "/tmp/%s.%d", filename, uid );
+
+ if (mkdir(tdir, 0700)) {
+ struct stat stat;
+
+ if (errno != EEXIST) {
+ __sdp_log( 9, "Couldn't create directory '%s' for logging (%m)\n", tdir );
+ return 0;
+ }
+
+ if (lstat(tdir, &stat)) {
+ __sdp_log(9, "Couldn't lstat directory %s\n", tdir);
+ return 0;
+ }
+
+ if (!S_ISDIR(stat.st_mode) || stat.st_uid != uid ||
+ (stat.st_mode & ~(S_IFMT | S_IRWXU))) {
+ __sdp_log( 9, "Cowardly refusing to log into directory:'%s'. "
+ "Make sure it is not: (1) link, (2) other uid, (3) bad permissions."
+ "thus is a security issue.\n", tdir );
+ return 0;
+ }
+ }
+
+ snprintf(tfilename, sizeof(tfilename), "%s/log", tdir);
+ printf("dir: %s file: %s\n", tdir, tfilename);
}
/* double check the file is not a link */
@@ -195,7 +221,7 @@ __sdp_log_set_log_file(
f = fopen( tfilename, "a" );
if ( !f ) {
- __sdp_log( 9, "Couldn't open filename '%s' for logging\n", tfilename );
+ __sdp_log( 9, "Couldn't open '%s' for logging (%m)\n", tfilename );
return 0;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ofed/libsdp.git
More information about the Pkg-ofed-commits
mailing list