diff options
| author | rea <rea@FreeBSD.org> | 2012-09-04 21:45:28 +0800 |
|---|---|---|
| committer | rea <rea@FreeBSD.org> | 2012-09-04 21:45:28 +0800 |
| commit | 1a0dd29beb321162a1ae48b79745ba10e5f99ede (patch) | |
| tree | deac5a2eca44e898e341a556f4fa283ee2163e73 /security | |
| parent | a2b2ed70ad7087655a7a7190a15bcd5643bf4825 (diff) | |
| download | freebsd-ports-gnome-1a0dd29beb321162a1ae48b79745ba10e5f99ede.tar.gz freebsd-ports-gnome-1a0dd29beb321162a1ae48b79745ba10e5f99ede.tar.zst freebsd-ports-gnome-1a0dd29beb321162a1ae48b79745ba10e5f99ede.zip | |
security/squidclamav: fix DoS and XSS vulnerabilities
Apply upstream patches for CVE-2012-3501 and CVE-2012-4667.
Security: http://www.vuxml.org/freebsd/ce680f0a-eea6-11e1-8bd8-0022156e8794.html
Security: http://www.vuxml.org/freebsd/8defa0f9-ee8a-11e1-8bd8-0022156e8794.html
PR: 171022
QA page: http://codelabs.ru/fbsd/ports/qa/security/squidclamav/5.7_1
Approved by: maintainer timeout (1 week)
Diffstat (limited to 'security')
| -rw-r--r-- | security/squidclamav/Makefile | 1 | ||||
| -rw-r--r-- | security/squidclamav/files/patch-cve-2012-3501 | 71 | ||||
| -rw-r--r-- | security/squidclamav/files/patch-cve-2012-4667 | 124 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 3 |
4 files changed, 198 insertions, 1 deletions
diff --git a/security/squidclamav/Makefile b/security/squidclamav/Makefile index 72e94e52df23..856570a77490 100644 --- a/security/squidclamav/Makefile +++ b/security/squidclamav/Makefile @@ -7,6 +7,7 @@ PORTNAME= squidclamav PORTVERSION= 5.7 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF diff --git a/security/squidclamav/files/patch-cve-2012-3501 b/security/squidclamav/files/patch-cve-2012-3501 new file mode 100644 index 000000000000..240d83961ff3 --- /dev/null +++ b/security/squidclamav/files/patch-cve-2012-3501 @@ -0,0 +1,71 @@ +Fix CVE-2012-3501, DoS when external URL checker is used + +This fix was integrated into 6.7 and 5.8. + +Obtained-from: https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00.diff + +--- src/squidclamav.c.orig 2010-12-11 15:20:46.000000000 +0300 ++++ src/squidclamav.c 2012-08-25 15:55:51.708586983 +0400 +@@ -62,6 +62,7 @@ + static char * escape_quote (char *s); + void timeit (struct timeval start, char *level); + int dconnect (void); ++char * replace(const char *s, const char *old, const char *new); + void replace_chr(char string[], char *from, char *to); + void free_global (); /* routine to free global pointer */ + void freeBuff (struct IN_BUFF); +@@ -474,11 +475,15 @@ + /* chaining with SquidGuard - before bridge mode or not*/ + if ((bridge_mode == 0) && (squidguard != NULL)) { + if (usepipe == 1) { ++ char *rbuff = NULL; ++ /* escaping escaped character to prevent unescaping by squidguard */ ++ rbuff = replace(rbuff, "%", "%25"); + if (debug > 0) + logit(log_file, "DEBUG Sending request to chained program: %s\n", squidguard); + fprintf(sgfpw,"%s\n",sbuff); + fflush(sgfpw); + xfree(escaped); ++ xfree(rbuff); + escaped = NULL; + /* the chained redirector must return empty line if ok or the redirection url */ + chain_ret = (char *)malloc(sizeof(char)*MAX_URL); +@@ -1114,3 +1119,38 @@ + } + + ++/** ++ * Searches all occurrences of old into s ++ * and replaces with new ++ */ ++char * ++replace(const char *s, const char *old, const char *new) ++{ ++ char *ret; ++ int i, count = 0; ++ size_t newlen = strlen(new); ++ size_t oldlen = strlen(old); ++ ++ for (i = 0; s[i] != '\0'; i++) { ++ if (strstr(&s[i], old) == &s[i]) { ++ count++; ++ i += oldlen - 1; ++ } ++ } ++ ret = malloc(i + 1 + count * (newlen - oldlen)); ++ if (ret != NULL) { ++ i = 0; ++ while (*s) { ++ if (strstr(s, old) == s) { ++ strcpy(&ret[i], new); ++ i += newlen; ++ s += oldlen; ++ } else { ++ ret[i++] = *s++; ++ } ++ } ++ ret[i] = '\0'; ++ } ++ ++ return ret; ++} diff --git a/security/squidclamav/files/patch-cve-2012-4667 b/security/squidclamav/files/patch-cve-2012-4667 new file mode 100644 index 000000000000..aa0bc6afc837 --- /dev/null +++ b/security/squidclamav/files/patch-cve-2012-4667 @@ -0,0 +1,124 @@ +Fixes CVE-2012-4667, XSS in clwarn.cgi + +Integrated to 5.8 and 6.7. + +Obtained-from: https://github.com/darold/squidclamav/commit/5806d10a31183a0b0d18eccc3a3e04e536e2315b.diff + +diff --git a/cgi-bin/clwarn.cgi b/cgi-bin/clwarn.cgi +index 9333bef..a43eca7 100755 +--- cgi-bin/clwarn.cgi ++++ cgi-bin/clwarn.cgi +@@ -7,11 +7,11 @@ my $VERSION = '6.6'; + + my $cgi = new CGI; + +-my $url = $cgi->param('url') || ''; +-my $virus = $cgi->param('virus') || ''; +-my $source = $cgi->param('source') || ''; ++my $url = CGI::escapeHTML($cgi->param('url')) || ''; ++my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; ++my $source = CGI::escapeHTML($cgi->param('source')) || ''; + $source =~ s/\/-//; +-my $user = $cgi->param('user') || ''; ++my $user = CGI::escapeHTML($cgi->param('user')) || ''; + + + my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection"; +diff --git a/cgi-bin/clwarn.cgi.de_DE b/cgi-bin/clwarn.cgi.de_DE +index 700c3df..3f21180 100755 +--- cgi-bin/clwarn.cgi.de_DE ++++ cgi-bin/clwarn.cgi.de_DE +@@ -7,11 +7,11 @@ my $VERSION = '6.6'; + + my $cgi = new CGI; + +-my $url = $cgi->param('url') || ''; +-my $virus = $cgi->param('virus') || ''; +-my $source = $cgi->param('source') || ''; ++my $url = CGI::escapeHTML($cgi->param('url')) || ''; ++my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; ++my $source = CGI::escapeHTML($cgi->param('source')) || ''; + $source =~ s/\/-//; +-my $user = $cgi->param('user') || ''; ++my $user = CGI::escapeHTML($cgi->param('user')) || ''; + + my $TITLE_VIRUS = "Virus Alarm"; + my $subtitle = 'enthlt folgenden Virus'; +diff --git a/cgi-bin/clwarn.cgi.en_EN b/cgi-bin/clwarn.cgi.en_EN +index d246e54..6e70e46 100755 +--- cgi-bin/clwarn.cgi.en_EN ++++ cgi-bin/clwarn.cgi.en_EN +@@ -7,11 +7,11 @@ my $VERSION = '6.6'; + + my $cgi = new CGI; + +-my $url = $cgi->param('url') || ''; +-my $virus = $cgi->param('virus') || ''; +-my $source = $cgi->param('source') || ''; ++my $url = CGI::escapeHTML($cgi->param('url')) || ''; ++my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; ++my $source = CGI::escapeHTML($cgi->param('source')) || ''; + $source =~ s/\/-//; +-my $user = $cgi->param('user') || ''; ++my $user = CGI::escapeHTML($cgi->param('user')) || ''; + + my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection"; + my $subtitle = 'contains the virus'; +diff --git a/cgi-bin/clwarn.cgi.fr_FR b/cgi-bin/clwarn.cgi.fr_FR +index c0b3896..323fa30 100755 +--- cgi-bin/clwarn.cgi.fr_FR ++++ cgi-bin/clwarn.cgi.fr_FR +@@ -7,11 +7,11 @@ my $VERSION = '6.6'; + + my $cgi = new CGI; + +-my $url = $cgi->param('url') || ''; +-my $virus = $cgi->param('virus') || ''; +-my $source = $cgi->param('source') || ''; ++my $url = CGI::escapeHTML($cgi->param('url')) || ''; ++my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; ++my $source = CGI::escapeHTML($cgi->param('source')) || ''; + $source =~ s/\/-//; +-my $user = $cgi->param('user') || ''; ++my $user = CGI::escapeHTML($cgi->param('user')) || ''; + + my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection"; + my $subtitle = 'contient le virus'; +diff --git a/cgi-bin/clwarn.cgi.pt_BR b/cgi-bin/clwarn.cgi.pt_BR +index 6bf12a0..1a6492a 100755 +--- cgi-bin/clwarn.cgi.pt_BR ++++ cgi-bin/clwarn.cgi.pt_BR +@@ -7,8 +7,11 @@ my $VERSION = '6.6'; + + my $cgi = new CGI; + +-my $url = $cgi->param('url') || ''; +-my $virus = $cgi->param('virus') || ''; ++my $url = CGI::escapeHTML($cgi->param('url')) || ''; ++my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; ++my $source = CGI::escapeHTML($cgi->param('source')) || ''; ++$source =~ s/\/-//; ++my $user = CGI::escapeHTML($cgi->param('user')) || ''; + + my $TITLE_VIRUS = "SquidClamAv $VERSION: Foi detectado um vírus!"; + my $subtitle = 'está infectada pelo vírus'; +diff --git a/cgi-bin/clwarn.cgi.ru_RU b/cgi-bin/clwarn.cgi.ru_RU +index 21e4d94..1e82a0b 100755 +--- cgi-bin/clwarn.cgi.ru_RU ++++ cgi-bin/clwarn.cgi.ru_RU +@@ -7,11 +7,11 @@ my $VERSION = '6.6'; + + my $cgi = new CGI; + +-my $url = $cgi->param('url') || ''; +-my $virus = $cgi->param('virus') || ''; +-my $source = $cgi->param('source') || ''; ++my $url = CGI::escapeHTML($cgi->param('url')) || ''; ++my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; ++my $source = CGI::escapeHTML($cgi->param('source')) || ''; + $source =~ s/\/-//; +-my $user = $cgi->param('user') || ''; ++my $user = CGI::escapeHTML($cgi->param('user')) || ''; + + my $TITLE_VIRUS = "SquidClamAv $VERSION: Обнаружен вирус!"; + my $subtitle = 'содержит вирус'; diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 99ef4c3a1ba5..5705a1255ef5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -695,7 +695,7 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>squidclamav</name> - <range><lt>5.8</lt></range> + <range><lt>5.7_1</lt></range> <range><ge>6.0</ge><lt>6.7</lt></range> </package> </affects> @@ -722,6 +722,7 @@ Note: Please add new entries to the beginning of this file. <dates> <discovery>2012-07-24</discovery> <entry>2012-08-25</entry> + <modified>2012-09-04</modified> </dates> </vuln> |