Security fix for CVE-2012-2944: upsd can be remotely crashed

ok sthen@ (MAINTAINER)
2012-06-01 07:12:41 +00:00 · 2012-06-01 07:12:41 +00:00 · 6d105eb08d
commit 6d105eb08d
parent 5f9fae9f61
2 changed files with 26 additions and 2 deletions
--- a/sysutils/nut/Makefile
+++ b/sysutils/nut/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.60 2012/05/14 06:26:52 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.61 2012/06/01 07:12:41 jasper Exp $

 COMMENT-main=		UPS monitoring program supporting many brands
 COMMENT-cgi=		CGIs for monitoring Nut-based UPSs
@ -6,7 +6,10 @@ COMMENT-snmp=		driver for monitoring UPS via SNMP
 COMMENT-xml=		driver for monitoring UPS via XML/HTTP

 DISTNAME=		nut-2.6.3
-REVISION=		4
+REVISION-main=		5
+REVISION-cgi=		4
+REVISION-snmp=		4
+REVISION-xml=		4

 PKGNAME-main=		${DISTNAME}
 PKGNAME-cgi=		${DISTNAME:S/-/-cgi-/}
--- a/sysutils/nut/patches/patch-common_parseconf_c
+++ b/sysutils/nut/patches/patch-common_parseconf_c
@ -0,0 +1,21 @@
+$OpenBSD: patch-common_parseconf_c,v 1.1 2012/06/01 07:12:42 jasper Exp $
+
+Security fix for CVE-2012-2944: upsd can be remotely crashed
+Patch taken from http://trac.networkupstools.org/projects/nut/changeset/3633
+
+--- common/parseconf.c.orig	Fri Jun  1 09:03:34 2012
+++ common/parseconf.c	Fri Jun  1 09:04:40 2012
+@@ -171,6 +171,13 @@ static void addchar(PCONF_CTX_t *ctx)
+ 
+ 	wbuflen = strlen(ctx->wordbuf);
+ 
+	/* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
+	if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
+		fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
+			ctx->ch);
+		return;
+	}
+
+ 	if (ctx->wordlen_limit != 0) {
+ 		if (wbuflen >= ctx->wordlen_limit) {
+