[Astlinux-commits] SF.net SVN: astlinux:[6298] branches/1.0/package/lighttpd

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 6298
          http://sourceforge.net/p/astlinux/code/6298
Author:   abelbeck
Date:     2013-12-02 18:08:19 +0000 (Mon, 02 Dec 2013)
Log Message:
-----------
lighttpd, add upstream security fixes as patches, CVE-2013-4559, CVE-2013-4560

Added Paths:
-----------
    branches/1.0/package/lighttpd/lighttpd-03-fix_fam_use_after_free.patch
    branches/1.0/package/lighttpd/lighttpd-04-fix_setuid.patch

Added: branches/1.0/package/lighttpd/lighttpd-03-fix_fam_use_after_free.patch
===================================================================

--- branches/1.0/package/lighttpd/lighttpd-03-fix_fam_use_after_free.patch	                        (rev 0)
+++ branches/1.0/package/lighttpd/lighttpd-03-fix_fam_use_after_free.patch	2013-12-02 18:08:19 UTC (rev 6298)
@@ -0,0 +1,22 @@
+commit ae1335503a8f63489f847668ee37df8470a2ab0a
+Author: Stefan Bühler <stb...@we...>
+Date:   Wed Nov 13 11:43:28 2013 +0000
+
+    [stat-cache] FAM: fix use after free (CVE-2013-4560)
+    
+    From: Stefan Bühler <stb...@we...>
+    
+    git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
+
+diff --git a/src/stat_cache.c b/src/stat_cache.c
+index e995f3b..924f4dc 100644
+--- a/src/stat_cache.c
++++ b/src/stat_cache.c
+@@ -648,6 +648,7 @@ handler_t stat_cache_get_entry(server *srv, connection *con, buffer *name, stat_
+ 						FamErrlist[FAMErrno]);
+ 
+ 				fam_dir_entry_free(fam_dir);
++				fam_dir = NULL;
+ 			} else {
+ 				int osize = 0;
+ 

Added: branches/1.0/package/lighttpd/lighttpd-04-fix_setuid.patch
===================================================================
--- branches/1.0/package/lighttpd/lighttpd-04-fix_setuid.patch	                        (rev 0)
+++ branches/1.0/package/lighttpd/lighttpd-04-fix_setuid.patch	2013-12-02 18:08:19 UTC (rev 6298)
@@ -0,0 +1,43 @@
+commit 99cddff73ab4023186bcfca54cbb73051140e15d
+Author: Stefan Bühler <stb...@we...>
+Date:   Wed Nov 13 11:43:33 2013 +0000
+
+    [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
+    
+    From: Stefan Bühler <stb...@we...>
+    
+    git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2923 152afb58-edef-0310-8abb-c4023f1b3aa9
+
+diff --git a/src/server.c b/src/server.c
+index 2d825bb..e2b42eb 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -820,8 +820,14 @@ int main (int argc, char **argv) {
+ 		 * to /etc/group
+ 		 * */
+ 		if (NULL != grp) {
+-			setgid(grp->gr_gid);
+-			setgroups(0, NULL);
++			if (-1 == setgid(grp->gr_gid)) {
++				log_error_write(srv, __FILE__, __LINE__, "ss", "setgid failed: ", strerror(errno));
++				return -1;
++			}
++			if (-1 == setgroups(0, NULL)) {
++				log_error_write(srv, __FILE__, __LINE__, "ss", "setgroups failed: ", strerror(errno));
++				return -1;
++			}
+ 			if (srv->srvconf.username->used) {
+ 				initgroups(srv->srvconf.username->ptr, grp->gr_gid);
+ 			}
+@@ -844,7 +850,10 @@ int main (int argc, char **argv) {
+ #ifdef HAVE_PWD_H
+ 		/* drop root privs */
+ 		if (NULL != pwd) {
+-			setuid(pwd->pw_uid);
++			if (-1 == setuid(pwd->pw_uid)) {
++				log_error_write(srv, __FILE__, __LINE__, "ss", "setuid failed: ", strerror(errno));
++				return -1;
++			}
+ 		}
+ #endif
+ #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



