diff options
| author |   Markus Ullmann <jokey@gentoo.org> | 2007-01-17 00:29:31 +0000 |
|---|---|---|
| committer | Markus Ullmann <jokey@gentoo.org> | 2007-01-17 00:29:31 +0000 |
| commit | 47bbe075eded72c4bbee32c708d9620663b43538 (patch) | |
| tree | 617a9c374f87ace37854bc62b8b84132f5a43cc1 /dev-libs/geoip/files | |
| parent | Fix sed expression. (bug #160328) (diff) | |
| download | historical-47bbe075eded72c4bbee32c708d9620663b43538.tar.gz historical-47bbe075eded72c4bbee32c708d9620663b43538.tar.bz2 historical-47bbe075eded72c4bbee32c708d9620663b43538.zip | |
Adding vuln fix wrt bug #161288
Package-Manager: portage-2.1.2_rc4-r8
Diffstat (limited to 'dev-libs/geoip/files')
| -rw-r--r-- | dev-libs/geoip/files/digest-geoip-1.4.0-r1 | 3 | ||||
| -rw-r--r-- | dev-libs/geoip/files/geoip-1.4.0-update-vulnerability.patch | 57 |
2 files changed, 60 insertions, 0 deletions
diff --git a/dev-libs/geoip/files/digest-geoip-1.4.0-r1 b/dev-libs/geoip/files/digest-geoip-1.4.0-r1 new file mode 100644 index 000000000000..f72b725309f3 --- /dev/null +++ b/dev-libs/geoip/files/digest-geoip-1.4.0-r1 @@ -0,0 +1,3 @@ +MD5 da09a3d9a1a91e3d16c0a29e6b056c15 GeoIP-1.4.0.tar.gz 808314 +RMD160 54779bae497d6032a35c1c1de8c97461db9b7075 GeoIP-1.4.0.tar.gz 808314 +SHA256 166782a73f6552a5faea525193a62d273abd8d43556ab88a09efedb597fd6be9 GeoIP-1.4.0.tar.gz 808314 diff --git a/dev-libs/geoip/files/geoip-1.4.0-update-vulnerability.patch b/dev-libs/geoip/files/geoip-1.4.0-update-vulnerability.patch new file mode 100644 index 000000000000..d2a2c9dea8dc --- /dev/null +++ b/dev-libs/geoip/files/geoip-1.4.0-update-vulnerability.patch @@ -0,0 +1,57 @@ +From dean-maxmind.com@arctic.org Mon Sep 4 18:50:28 2006 +Date: Mon, 4 Sep 2006 18:50:28 -0700 (PDT) +From: dean gaudet <dean-maxmind.com@arctic.org> +To: support@maxmind.com +Subject: serious geoipupdate vulnerability + +i'm looking at the GeoIP-1.4.0.tar.gz source ... and it does no sanity +checking on the filename returned by "GET +/app/update_getfilename?product_id=%s". + +for example suppose your webserver were compromised and returned +../../../../../../etc/passwd as the filename. + +please consider something like the patch below... + +-dean + +Index: GeoIP-1.4.0/libGeoIP/GeoIPUpdate.c +=================================================================== +--- GeoIP-1.4.0.orig/libGeoIP/GeoIPUpdate.c 2006-09-04 18:41:21.810722758 -0700 ++++ GeoIP-1.4.0/libGeoIP/GeoIPUpdate.c 2006-09-04 18:45:10.771752943 -0700 +@@ -92,6 +92,8 @@ + return "Invalid userID"; + case GEOIP_PRODUCT_ID_INVALID_ERR: + return "Invalid product ID or subscription expired"; ++ case GEOIP_INVALID_SERVER_RESPONSE: ++ return "Server returned something unexpected"; + default: + return "no error"; + } +@@ -420,6 +422,10 @@ + buf[offset] = 0; + offset = 0; + tmpstr = strstr(buf, "\r\n\r\n") + 4; ++ if (tmpstr[0] == '.' || strchr(tmpstr, '/') != NULL) { ++ free(buf); ++ return GEOIP_INVALID_SERVER_RESPONSE; ++ } + geoipfilename = _GeoIP_full_path_to(tmpstr); + free(buf); + +Index: GeoIP-1.4.0/libGeoIP/GeoIPUpdate.h +=================================================================== +--- GeoIP-1.4.0.orig/libGeoIP/GeoIPUpdate.h 2006-09-04 18:43:41.265969814 -0700 ++++ GeoIP-1.4.0/libGeoIP/GeoIPUpdate.h 2006-09-04 18:43:56.475632408 -0700 +@@ -43,7 +43,8 @@ + GEOIP_SANITY_LOOKUP_FAIL = -22, /* Sanity check ip address lookup failed */ + GEOIP_RENAME_ERR = -23, /* Rename error while installing db, check errno */ + GEOIP_USER_ID_INVALID_ERR = -24, /* Invalid userID */ +- GEOIP_PRODUCT_ID_INVALID_ERR = -25 /* Invalid product ID or subscription expired */ ++ GEOIP_PRODUCT_ID_INVALID_ERR = -25, /* Invalid product ID or subscription expired */ ++ GEOIP_INVALID_SERVER_RESPONSE = -26 + } GeoIPUpdateCode; + + const char * GeoIP_get_error_message(int i); + + |