[libnet-ping-external-perl] 07/09: Add patch for CVE-2008-7319 (Closes: #881097)
Tony Mancill
tmancill at moszumanska.debian.org
Fri Nov 24 20:57:59 UTC 2017
This is an automated email from the git hooks/post-receive script.
tmancill pushed a commit to branch master
in repository libnet-ping-external-perl.
commit 701578a27f699b5b3b1540ee0e4a4f65333869b9
Author: tony mancill <tmancill at debian.org>
Date: Fri Nov 24 11:42:15 2017 -0800
Add patch for CVE-2008-7319 (Closes: #881097)
---
.../patches/CVE-2008-7319_debian_bts_881097.patch | 139 +++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 140 insertions(+)
diff --git a/debian/patches/CVE-2008-7319_debian_bts_881097.patch b/debian/patches/CVE-2008-7319_debian_bts_881097.patch
new file mode 100644
index 0000000..6b4142a
--- /dev/null
+++ b/debian/patches/CVE-2008-7319_debian_bts_881097.patch
@@ -0,0 +1,139 @@
+From: Matthias Weckbecker <matthias at weckbecker.name>
+Date: Fri, 27 Oct 2017 15:01:10 +0200
+Subject: [PATCH 1/1] Fix 10 year old command injection vulnerability
+
+--- a/External.pm
++++ b/External.pm
+@@ -19,6 +19,21 @@
+ @EXPORT = qw();
+ @EXPORT_OK = qw(ping);
+
++sub _clean_args {
++ my %args = @_;
++ for my $arg (qw(size count timeout)) {
++ if ($args{$arg} !~ /([0-9]+)/) {
++ croak("$arg must be numeric");
++ }
++ $args{$arg} = $1;
++ }
++ if ($args{host} !~ /([A-Z0-9\.\-]+)/i) {
++ croak("invalid host");
++ }
++ $args{host} = $1;
++ return %args;
++}
++
+ sub ping {
+ # Set up defaults & override defaults with parameters sent.
+ my %args = (count => 1, size => 56, @_);
+@@ -33,7 +48,7 @@
+ croak("You must provide a hostname") unless defined $args{host};
+ $args{timeout} = 5 unless defined $args{timeout} && $args{timeout} > 0;
+
+- my %dispatch =
++ my %dispatch =
+ (linux => \&_ping_linux,
+ mswin32 => \&_ping_win32,
+ cygwin => \&_ping_cygwin,
+@@ -59,6 +74,7 @@
+
+ croak("External ping not supported on your system") unless $subref;
+
++ %args = _clean_args(%args);
+ return $subref->(%args);
+ }
+
+@@ -81,7 +97,7 @@
+ }
+
+ # Mac OS X 10.2 ping does not handle -w timeout now does it return a
+-# status code if it fails to ping (unless it cannot resolve the domain
++# status code if it fails to ping (unless it cannot resolve the domain
+ # name)
+ # Thanks to Peter N. Lewis for this one.
+ sub _ping_darwin {
+@@ -192,7 +208,7 @@
+ # -s size option supported -- superuser only... fixme
+ sub _ping_bsd {
+ my %args = @_;
+- my $command = "ping -c $args{count} -q $args{hostname}";
++ my $command = "ping -c $args{count} -q $args{host}";
+ return _ping_system($command, 0);
+ }
+
+--- a/test.pl
++++ b/test.pl
+@@ -6,7 +6,7 @@
+ # Change 1..1 below to 1..last_test_to_print .
+ # (It may become useful if the test is moved to ./t subdirectory.)
+
+-BEGIN { $| = 1; $num_tests = 6; print "1..$num_tests\n"; }
++BEGIN { $| = 1; $num_tests = 8; print "1..$num_tests\n"; }
+ END {print "not ok 1\n" unless $loaded;}
+ use Net::Ping::External qw(ping);
+ $loaded = 1;
+@@ -24,7 +24,12 @@
+ 3 => "ping(host => '127.0.0.1', timeout => 5)",
+ 4 => "ping(host => 'some.non.existent.host.')",
+ 5 => "ping(host => '127.0.0.1', count => 10)",
+- 6 => "ping(host => '127.0.0.1', size => 32)"
++ 6 => "ping(host => '127.0.0.1', size => 32)",
++ 7 => "ping(host => '127.0.0.1\$(evil stuff)')",
++ 8 => "ping(host => '127.0.0.1', "
++ . "count => '1\$(evil stuff)', "
++ . "size => '1\$(evil stuff)', "
++ . "timeout => '1\$(evil stuff)')"
+ );
+
+ @passed = ();
+@@ -102,6 +107,50 @@
+ push @failed, 6;
+ }
+
++if ($^O !~ /win/i || $^O eq 'cygwin') {
++ use File::Temp;
++
++ {
++ my $temp = File::Temp->new()->filename();
++ my $evil = sprintf '127.0.0.1$(touch %s)', $temp;
++ eval { ping(host => $evil) };
++ unless (-e $temp) {
++ print "ok 7\n";
++ push @passed, 7;
++ }
++ else {
++ unlink $temp;
++ print "not ok 7\n";
++ push @failed, 7;
++ }
++ }
++ {
++ my $temp = File::Temp->new()->filename();
++ my $evil = sprintf '1$(touch %s)', $temp;
++ my $fail = 0;
++ for (qw(size count timeout)) {
++ eval { ping(host => '127.0.0.1', $_ => $evil) };
++ $fail = 1 if -e $temp;
++ }
++ unless ($fail) {
++ print "ok 8\n";
++ push @passed, 8;
++ }
++ else {
++ unlink $temp;
++ print "not ok 8\n";
++ push @failed, 8;
++ }
++ }
++}
++else {
++ # TODO: win32 tests
++ for (qw(7 8)) {
++ print "ok $_\n";
++ push @passed, $_;
++ }
++}
++
+ print "\nRunning a more verbose test suite.";
+ print "\n-------------------------------------------------\n";
+ print "Net::Ping::External version: ", $Net::Ping::External::VERSION, "\n";
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..639899a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2008-7319_debian_bts_881097.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libnet-ping-external-perl.git
More information about the Pkg-perl-cvs-commits
mailing list