rpms/mt-daapd/F-8 mt-daapd-svn-1696-check-input.patch, NONE, 1.1 mt-daapd.spec, 1.4, 1.5

W. Michael Petullo (mikep) fedora-extras-commits at redhat.com
Thu Apr 17 19:55:33 UTC 2008 

Author: mikep

Update of /cvs/extras/rpms/mt-daapd/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32231

Modified Files:
	mt-daapd.spec 
Added Files:
	mt-daapd-svn-1696-check-input.patch 
Log Message:
Apply security patch

mt-daapd-svn-1696-check-input.patch:

--- NEW FILE mt-daapd-svn-1696-check-input.patch ---
diff -urNad mt-daapd-0.9~r1696~/src/webserver.c mt-daapd-0.9~r1696/src/webserver.c
--- mt-daapd-0.9~r1696~/src/webserver.c	2007-10-22 05:40:29.000000000 +0200
+++ mt-daapd-0.9~r1696/src/webserver.c	2008-04-17 19:01:56.000000000 +0200
@@ -719,7 +719,12 @@
         return FALSE;
     }
 
-    length=atoi(content_length);
+    length=strtol(content_length, NULL, 10);
+    if(EINVAL == errno || UINT_MAX - 1 <= length){
+        ws_dprintf(L_WS_WARN, "Thread %d: Suspicious Content-Length value, ignoring request\n", pwsc->threadno);
+        return FALSE;
+    }
+
     ws_dprintf(L_WS_DBG,"Thread %d: Post var length: %d\n",
             pwsc->threadno,length);
 


Index: mt-daapd.spec
===================================================================
RCS file: /cvs/extras/rpms/mt-daapd/F-8/mt-daapd.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- mt-daapd.spec	26 Feb 2008 13:12:03 -0000	1.4
+++ mt-daapd.spec	17 Apr 2008 19:54:55 -0000	1.5
@@ -11,7 +11,7 @@
 Summary: An iTunes-compatible media server
 Name: mt-daapd
 Version: 0.9
-Release: 0.3.%{svntag}%{?dist}
+Release: 0.4.%{svntag}%{?dist}
 License: GPLv2+
 Group: Applications/Multimedia
 #Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
@@ -19,6 +19,7 @@
 Source: mt-daapd-svn-%{svntag}.tar.gz
 Patch0: mt-daapd-svn-1696-defaults.patch
 Patch1: mt-daapd-svn-1696-fedora.patch
+Patch2: mt-daapd-svn-1696-check-input.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Url: http://www.fireflymediaserver.org/
 BuildRequires: fedora-usermgmt-devel
@@ -43,6 +44,7 @@
 %setup -q -n mt-daapd-svn-%{svntag}
 %patch0 -p1 -b .defaults
 %patch1 -p1 -b .fedora
+%patch2 -p1 -b .check-input
 
 %build
 %configure --enable-avahi --enable-oggvorbis --enable-sqlite3 --enable-flac
@@ -91,6 +93,9 @@
 %doc AUTHORS COPYING CREDITS INSTALL NEWS README TODO
 
 %changelog
+* Fri Apr 18 2008 W. Michael Petullo <mike[at]flyn.org> - 0.9-0.4.1696
+   - Apply patch by Nico Golde to fix integer overflow, Bugzilla #442688.
+
 * Tue Feb 26 2008 W. Michael Petullo <mike[at]flyn.org> - 0.9-0.3.1696
    - Bump release so I may retag again.

More information about the fedora-extras-commits mailing list