[libnet-ping-external-perl] 07/09: Add patch for CVE-2008-7319 (Closes: #881097)

Tony Mancill tmancill at moszumanska.debian.org
Fri Nov 24 20:57:59 UTC 2017 

This is an automated email from the git hooks/post-receive script.

tmancill pushed a commit to branch master
in repository libnet-ping-external-perl.

commit 701578a27f699b5b3b1540ee0e4a4f65333869b9
Author: tony mancill <tmancill at debian.org>
Date:   Fri Nov 24 11:42:15 2017 -0800

    Add patch for CVE-2008-7319 (Closes: #881097)
---
 .../patches/CVE-2008-7319_debian_bts_881097.patch  | 139 +++++++++++++++++++++
 debian/patches/series                              |   1 +
 2 files changed, 140 insertions(+)

diff --git a/debian/patches/CVE-2008-7319_debian_bts_881097.patch b/debian/patches/CVE-2008-7319_debian_bts_881097.patch
new file mode 100644
index 0000000..6b4142a
--- /dev/null
+++ b/debian/patches/CVE-2008-7319_debian_bts_881097.patch
@@ -0,0 +1,139 @@
+From: Matthias Weckbecker <matthias at weckbecker.name>
+Date: Fri, 27 Oct 2017 15:01:10 +0200
+Subject: [PATCH 1/1] Fix 10 year old command injection vulnerability
+
+--- a/External.pm
++++ b/External.pm
+@@ -19,6 +19,21 @@
+ @EXPORT = qw();
+ @EXPORT_OK = qw(ping);
+ 
++sub _clean_args {
++  my %args = @_;
++  for my $arg (qw(size count timeout)) {
++      if ($args{$arg} !~ /([0-9]+)/) {
++        croak("$arg must be numeric");
++      }
++      $args{$arg} = $1;
++  }
++  if ($args{host} !~ /([A-Z0-9\.\-]+)/i) {
++    croak("invalid host");
++  }
++  $args{host} = $1;
++  return %args;
++}
++
+ sub ping {
+   # Set up defaults & override defaults with parameters sent.
+   my %args = (count => 1, size => 56, @_);
+@@ -33,7 +48,7 @@
+   croak("You must provide a hostname") unless defined $args{host};
+   $args{timeout} = 5 unless defined $args{timeout} && $args{timeout} > 0;
+ 
+-  my %dispatch = 
++  my %dispatch =
+     (linux    => \&_ping_linux,
+      mswin32  => \&_ping_win32,
+      cygwin   => \&_ping_cygwin,
+@@ -59,6 +74,7 @@
+ 
+   croak("External ping not supported on your system") unless $subref;
+ 
++  %args = _clean_args(%args);
+   return $subref->(%args);
+ }
+ 
+@@ -81,7 +97,7 @@
+ }
+ 
+ # Mac OS X 10.2 ping does not handle -w timeout now does it return a
+-# status code if it fails to ping (unless it cannot resolve the domain 
++# status code if it fails to ping (unless it cannot resolve the domain
+ # name)
+ # Thanks to Peter N. Lewis for this one.
+ sub _ping_darwin {
+@@ -192,7 +208,7 @@
+ # -s size option supported -- superuser only... fixme
+ sub _ping_bsd {
+   my %args = @_;
+-  my $command = "ping -c $args{count} -q $args{hostname}";
++  my $command = "ping -c $args{count} -q $args{host}";
+   return _ping_system($command, 0);
+ }
+ 
+--- a/test.pl
++++ b/test.pl
+@@ -6,7 +6,7 @@
+ # Change 1..1 below to 1..last_test_to_print .
+ # (It may become useful if the test is moved to ./t subdirectory.)
+ 
+-BEGIN { $| = 1; $num_tests = 6; print "1..$num_tests\n"; }
++BEGIN { $| = 1; $num_tests = 8; print "1..$num_tests\n"; }
+ END {print "not ok 1\n" unless $loaded;}
+ use Net::Ping::External qw(ping);
+ $loaded = 1;
+@@ -24,7 +24,12 @@
+ 	       3 => "ping(host => '127.0.0.1', timeout => 5)",
+ 	       4 => "ping(host => 'some.non.existent.host.')",
+ 	       5 => "ping(host => '127.0.0.1', count => 10)",
+-	       6 => "ping(host => '127.0.0.1', size => 32)"
++	       6 => "ping(host => '127.0.0.1', size => 32)",
++	       7 => "ping(host => '127.0.0.1\$(evil stuff)')",
++	       8 => "ping(host => '127.0.0.1', "
++                      . "count => '1\$(evil stuff)', "
++                      . "size => '1\$(evil stuff)', "
++                      . "timeout => '1\$(evil stuff)')"
+ 	      );
+ 
+ @passed = ();
+@@ -102,6 +107,50 @@
+   push @failed, 6;
+ }
+ 
++if ($^O !~ /win/i || $^O eq 'cygwin') {
++  use File::Temp;
++
++  {
++    my $temp = File::Temp->new()->filename();
++    my $evil = sprintf '127.0.0.1$(touch %s)', $temp;
++    eval { ping(host => $evil) };
++    unless (-e $temp) {
++      print "ok 7\n";
++      push @passed, 7;
++    }
++    else {
++      unlink $temp;
++      print "not ok 7\n";
++      push @failed, 7;
++    }
++  }
++  {
++    my $temp = File::Temp->new()->filename();
++    my $evil = sprintf '1$(touch %s)', $temp;
++    my $fail = 0;
++    for (qw(size count timeout)) {
++      eval { ping(host => '127.0.0.1', $_ => $evil) };
++      $fail = 1 if -e $temp;
++    }
++    unless ($fail) {
++      print "ok 8\n";
++      push @passed, 8;
++    }
++    else {
++      unlink $temp;
++      print "not ok 8\n";
++      push @failed, 8;
++    }
++  }
++}
++else {
++  # TODO: win32 tests
++  for (qw(7 8)) {
++    print "ok $_\n";
++    push @passed, $_;
++  }
++}
++
+ print "\nRunning a more verbose test suite.";
+ print "\n-------------------------------------------------\n";
+ print "Net::Ping::External version: ", $Net::Ping::External::VERSION, "\n";
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..639899a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2008-7319_debian_bts_881097.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libnet-ping-external-perl.git

More information about the Pkg-perl-cvs-commits mailing list