summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJustin Lecher <jlec@gentoo.org>2012-11-07 21:21:34 +0000
committerJustin Lecher <jlec@gentoo.org>2012-11-07 21:21:34 +0000
commita72c2801e74a55d1fe5df7168fbe1d57714cd89c (patch)
treea336098ca3c2cb1b5c919a602faaa403da766785 /app-misc/dtach
parentSlot gstreamer dependencies in preparation for gstreamer-1.0. (diff)
downloadgentoo-2-a72c2801e74a55d1fe5df7168fbe1d57714cd89c.tar.gz
gentoo-2-a72c2801e74a55d1fe5df7168fbe1d57714cd89c.tar.bz2
gentoo-2-a72c2801e74a55d1fe5df7168fbe1d57714cd89c.zip
app-misc/dtach: Backport fix for CVE-2012-3368, #426496
(Portage version: 2.2.0_alpha142/cvs/Linux x86_64, signed Manifest commit with key 8009D6F070EB7916)
Diffstat (limited to 'app-misc/dtach')
-rw-r--r--app-misc/dtach/ChangeLog10
-rw-r--r--app-misc/dtach/dtach-0.8-r1.ebuild26
-rw-r--r--app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch35
3 files changed, 69 insertions, 2 deletions
diff --git a/app-misc/dtach/ChangeLog b/app-misc/dtach/ChangeLog
index fda68d5291e9..138cf1388949 100644
--- a/app-misc/dtach/ChangeLog
+++ b/app-misc/dtach/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-misc/dtach
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/dtach/ChangeLog,v 1.17 2011/01/04 17:55:39 jlec Exp $
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/dtach/ChangeLog,v 1.18 2012/11/07 21:21:34 jlec Exp $
+
+*dtach-0.8-r1 (07 Nov 2012)
+
+ 07 Nov 2012; Justin Lecher <jlec@gentoo.org> +dtach-0.8-r1.ebuild,
+ +files/dtach-0.8-CVE-2012-3368.patch:
+ Backport fix for CVE-2012-3368, #426496
04 Jan 2011; Justin Lecher <jlec@gentoo.org> dtach-0.8.ebuild:
Some Clean up
diff --git a/app-misc/dtach/dtach-0.8-r1.ebuild b/app-misc/dtach/dtach-0.8-r1.ebuild
new file mode 100644
index 000000000000..af5d42545172
--- /dev/null
+++ b/app-misc/dtach/dtach-0.8-r1.ebuild
@@ -0,0 +1,26 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/dtach/dtach-0.8-r1.ebuild,v 1.1 2012/11/07 21:21:34 jlec Exp $
+
+EAPI=4
+
+inherit eutils
+
+DESCRIPTION="Emulates the detach feature of screen"
+HOMEPAGE="http://dtach.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-CVE-2012-3368.patch
+}
+
+src_install() {
+ dobin dtach
+ doman dtach.1
+ dodoc README
+}
diff --git a/app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch b/app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch
new file mode 100644
index 000000000000..82d5f0e1e159
--- /dev/null
+++ b/app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch
@@ -0,0 +1,35 @@
+Fix error handling for read from stdin in attach.c
+
+attach.c did not correctly handle a read from stdin when read returned
+an error. The code assigned the return value of read to pkt.len (an
+unsigned char) before checking the value. This prevented the error check
+from working correctly, since an unsigned integer can never be < 0.
+
+A packet with an invalid length was then sent to the master, which then
+sent 255 bytes of garbage to the program.
+
+Fix the bug in attach.c and the unchecked packet length bug in master.c.
+
+Report and initial patch by Enrico Scholz.
+
+--- attach.c 2012/07/01 21:26:10 1.12
++++ attach.c 2012/07/01 21:44:34 1.13
+@@ -237,12 +237,16 @@
+ /* stdin activity */
+ if (n > 0 && FD_ISSET(0, &readfds))
+ {
++ ssize_t len;
++
+ pkt.type = MSG_PUSH;
+ memset(pkt.u.buf, 0, sizeof(pkt.u.buf));
+- pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
++ len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
+
+- if (pkt.len <= 0)
++ if (len <= 0)
+ exit(1);
++
++ pkt.len = len;
+ process_kbd(s, &pkt);
+ n--;
+ }