calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b478977d7d'
${ noResults }
gentoo-overlay/sys-power/nut/files/nut-2.6.3-CVE-2012-2944.patch

22 lines
736 B
Raw Blame History

Origin: http://trac.networkupstools.org/projects/nut/changeset/3633
Description: Fix CVE-2012-2944: upsd can be remotely crashed
Index: nut-2.6.3/common/parseconf.c
===================================================================
--- nut-2.6.3.orig/common/parseconf.c 2011-10-04 02:06:25.000000000 -0500
+++ nut-2.6.3/common/parseconf.c 2012-05-30 13:29:41.000000000 -0500
@@ -171,6 +171,13 @@
wbuflen = strlen(ctx->wordbuf);
+ /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
+ if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
+ fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
+ ctx->ch);
+ return;
+ }
+
if (ctx->wordlen_limit != 0) {
if (wbuflen >= ctx->wordlen_limit) {
Reference in new issue View Git Blame Copy Permalink