aboutsummaryrefslogtreecommitdiffstats
path: root/net-p2p
diff options
context:
space:
mode:
authormiwi <miwi@FreeBSD.org>2009-01-12 03:42:13 +0800
committermiwi <miwi@FreeBSD.org>2009-01-12 03:42:13 +0800
commit83a6844c3bdb54d46fcd9260277c9d89e9a7e46e (patch)
tree7eb33c873a760e8d5ceafe35dd1acb7b37f5fd00 /net-p2p
parentf226dc7ff9726058c3988371d64c6d74ff8b1abd (diff)
downloadfreebsd-ports-gnome-83a6844c3bdb54d46fcd9260277c9d89e9a7e46e.tar.gz
freebsd-ports-gnome-83a6844c3bdb54d46fcd9260277c9d89e9a7e46e.tar.zst
freebsd-ports-gnome-83a6844c3bdb54d46fcd9260277c9d89e9a7e46e.zip
- Fix insecure temporary file usage and arbitrary command execution
PR: 129981 (based on) Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Approved by: maintainer
Diffstat (limited to 'net-p2p')
-rw-r--r--net-p2p/verlihub/Makefile5
-rw-r--r--net-p2p/verlihub/files/patch-CVE-2008-570682
2 files changed, 84 insertions, 3 deletions
diff --git a/net-p2p/verlihub/Makefile b/net-p2p/verlihub/Makefile
index 7d5091d15a9a..009cd1f04384 100644
--- a/net-p2p/verlihub/Makefile
+++ b/net-p2p/verlihub/Makefile
@@ -7,11 +7,10 @@
PORTNAME= verlihub
DISTVERSION= 0.9.8d-RC2
-PORTREVISION= 1
+PORTREVISION= 2
PORTEPOCH= 1
CATEGORIES= net-p2p
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
-MASTER_SITE_SUBDIR= ${PORTNAME}
+MASTER_SITES= SF
MAINTAINER= skylord@vt.net.ru
COMMENT= A Direct Connect protocol server (Hub)
diff --git a/net-p2p/verlihub/files/patch-CVE-2008-5706 b/net-p2p/verlihub/files/patch-CVE-2008-5706
new file mode 100644
index 000000000000..61dc4ca9bef6
--- /dev/null
+++ b/net-p2p/verlihub/files/patch-CVE-2008-5706
@@ -0,0 +1,82 @@
+--- src/ctrigger.cpp.orig 2005-04-11 19:18:38.000000000 +0400
++++ src/ctrigger.cpp 2008-12-27 23:28:14.000000000 +0300
+@@ -7,6 +7,9 @@
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ ***************************************************************************/
++#include <errno.h>
++#include <stdio.h>
++#include <string.h>
+ #include "cserverdc.h"
+ #include "ctrigger.h"
+ #include "cconndc.h"
+@@ -44,16 +47,33 @@
+ {
+ string buf, filename, sender;
+ string par1, end1, parall;
++ string cmdl;
++
+ if (conn && conn->mpUser)
+ {
++ cmd_line >> cmdl;
++ /* Sanitise user input if we're going to exec anything */
++ if (mFlags & eTF_EXECUTE && server.mDBConf.allow_exec) {
++ string cleaned = string();
++ const string toclean = string(";\"'\\`:!${}[]&><|~/");
++
++ for (string::iterator i = cmdl.begin();
++ i < cmdl.end();
++ i++) {
++ if (toclean.find(*i) == string::npos)
++ cleaned.append(1, *i);
++ }
++ cmdl = cleaned;
++ }
++
+ int uclass = conn->mpUser->mClass;
+ if ((uclass >= this->mMinClass) &&(uclass <= this->mMaxClass)) {
+
+- if(cmd_line.str().size() > mCommand.size()) {
+- parall.assign(cmd_line.str(),mCommand.size()+1,string::npos);
++ if(cmdl.size() > mCommand.size()) {
++ parall.assign(cmdl,mCommand.size()+1,string::npos);
+ }
+- cmd_line >> par1;
+- end1 = cmd_line.str();
++ par1 = cmdl;
++ end1 = cmdl;
+
+ sender = server.mC.hub_security;
+ if (mSendAs.size()) sender = mSendAs;
+@@ -104,14 +124,25 @@
+
+ if (mFlags & eTF_EXECUTE && server.mDBConf.allow_exec) {
+ string command(buf);
+- filename = server.mConfigBaseDir;
+- filename.append("/tmp/trigger.tmp");
+- command.append(" > ");
+- command.append(filename);
++ char buffer[1024];
++ FILE *stream;
++
+ cout << command << endl;
+- system(command.c_str());
+ buf = "";
+- if (!LoadFileInString(filename,buf)) return 0;
++ stream = popen(command.c_str(), "r");
++ if (stream == NULL) {
++ cout << strerror(errno) << std::endl;
++ return 0;
++ } else {
++ while (fgets(buffer, sizeof(buffer),
++ stream) != NULL)
++ buf.append(buffer);
++ if (pclose(stream) == -1) {
++ cout << strerror(errno) <<
++ std::endl;
++ return 0;
++ }
++ }
+ }
+
+ // @CHANGED by dReiska +BEGINS+