Merge lp:~kentb/ubuntu/trusty/openwsman/bug-1319098 into lp:ubuntu/trusty/openwsman
- Trusty (14.04)
- bug-1319098
- Merge into trusty
Proposed by
Kent Baxley
Status: | Merged | ||||
---|---|---|---|---|---|
Merge reported by: | Jamie Strandboge | ||||
Merged at revision: | not available | ||||
Proposed branch: | lp:~kentb/ubuntu/trusty/openwsman/bug-1319098 | ||||
Merge into: | lp:ubuntu/trusty/openwsman | ||||
Diff against target: |
607 lines (+539/-0) 13 files modified
debian/changelog (+30/-0) debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch (+74/-0) debian/patches/SHA512-password-fixes.patch (+82/-0) debian/patches/increase-password-upper-limit.patch (+20/-0) debian/patches/mem-allocation-dictionary-new-fix.patch (+58/-0) debian/patches/mem-allocation-mem-double-newptr-fix.patch (+37/-0) debian/patches/mem-allocation-u-error-new-fix.patch (+22/-0) debian/patches/mem-allocation-wsman-init-plugins-fix.patch (+52/-0) debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch (+19/-0) debian/patches/series (+11/-0) debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch (+29/-0) debian/patches/wsman-get-fault-status-sanity-guard-fix.patch (+64/-0) debian/patches/wsmc-create-request-fix-buff-overflow.patch (+41/-0) |
||||
To merge this branch: | bzr merge lp:~kentb/ubuntu/trusty/openwsman/bug-1319098 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Jamie Strandboge | Approve | ||
Review via email: mp+222379@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'debian/changelog' |
2 | --- debian/changelog 2014-01-24 08:45:40 +0000 |
3 | +++ debian/changelog 2014-06-06 18:06:02 +0000 |
4 | @@ -1,3 +1,33 @@ |
5 | +openwsman (2.4.3-0ubuntu4.1) trusty-security; urgency=low |
6 | + |
7 | + * SECURITY UPDATE: Add security fixes from upstream openwsman (LP: #1319089) |
8 | + - debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch: |
9 | + ws_xml_make_default_prefix() can overflow buf parameter via sprintf() |
10 | + - debian/patches/wsmc-create-request-fix-buff-overflow.patch: |
11 | + wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW |
12 | + - debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch: |
13 | + address LocalSubscriptionOpUpdate() unchecked fopen() |
14 | + - debian/patches/wsman-get-fault-status-sanity-guard-fix.patch: |
15 | + Fix incorrect order of sanity guards in wsman_get_fault_status_from_doc() |
16 | + - debian/patches/mem-allocation-wsman-init-plugins-fix.patch: |
17 | + Fix unchecked memory allocation in wsman_init_plugins(), p->ifc |
18 | + - debian/patches/mem-allocation-mem-double-newptr-fix.patch: |
19 | + Fix unchecked memory allocation in mem_double(), newptr |
20 | + - debian/patches/mem-allocation-dictionary-new-fix.patch: |
21 | + Fix unchecked memory allocation in dictionary_new(), d, d->val, d->key, |
22 | + d->hash |
23 | + - debian/patches/mem-allocation-u-error-new-fix.patch: |
24 | + Fix unchecked memory allocation in u_error_new(), *error |
25 | + - debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch: |
26 | + sighup_handler() in wsmand.c use of unsafe functions in a signal handler |
27 | + - debian/patches/SHA512-password-fixes.patch: |
28 | + Support SHA512 password encoding, use safe_cmp to prevent brute-force |
29 | + attacks |
30 | + - debian/patches/increase-password-upper-limit.patch: |
31 | + increase password upper limit to 128 characters (from 64) |
32 | + |
33 | + -- Kent Baxley <kent.baxley@canonical.com> Fri, 06 Jun 2014 12:55:02 -0500 |
34 | + |
35 | openwsman (2.4.3-0ubuntu4) trusty; urgency=low |
36 | |
37 | * debian/control: fix the breaks and replaces version numbers |
38 | |
39 | === added file 'debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch' |
40 | --- debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch 1970-01-01 00:00:00 +0000 |
41 | +++ debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch 2014-06-06 18:06:02 +0000 |
42 | @@ -0,0 +1,74 @@ |
43 | +Description: fix LocalSubscriptionOpUpdate() unchecked fopen() |
44 | +Author: <kkaempf@suse.de> |
45 | +Forwarded: not-needed |
46 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/09c3fcf4d209f6890eb9cb9e554bff637eae73b5 |
47 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
48 | +Last-Update: 2014-02-27 |
49 | + |
50 | +--- |
51 | +--- openwsman-2.4.3.orig/src/lib/wsman-subscription-repository.c |
52 | ++++ openwsman-2.4.3/src/lib/wsman-subscription-repository.c |
53 | +@@ -91,8 +91,12 @@ int LocalSubscriptionOpGet(char * uri_repository, char * uuid, unsigned char ** |
54 | + if(LocalSubscriptionInitFlag == 0) return -1; |
55 | + char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); |
56 | + FILE *fp = fopen(subs_path, "r"); |
57 | ++ if (fp == NULL) { |
58 | ++ fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); |
59 | ++ u_free(subs_path); |
60 | ++ return -1; |
61 | ++ } |
62 | + u_free(subs_path); |
63 | +- if(fp == NULL) return -1; |
64 | + while(!feof(fp)) { |
65 | + memset(block, 0, 512); |
66 | + m = fread(block, 1, 511, fp); |
67 | +@@ -116,8 +120,12 @@ int LocalSubscriptionOpSearch(char * uri_repository, char * uuid) |
68 | + if(LocalSubscriptionInitFlag == 0) return -1; |
69 | + char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); |
70 | + FILE *fp = fopen(subs_path, "r"); |
71 | ++ if (fp == NULL) { |
72 | ++ fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); |
73 | ++ u_free(subs_path); |
74 | ++ return -1; |
75 | ++ } |
76 | + u_free(subs_path); |
77 | +- if(fp == NULL) return -1; |
78 | + fclose(fp); |
79 | + return 0; |
80 | + } |
81 | +@@ -145,6 +153,11 @@ int LocalSubscriptionOpLoad (char * uri_repository, list_t * subscription_list) |
82 | + } |
83 | + char *subs_path = u_strdup_printf ("%s/%s", uri_repository, namelist[n]->d_name); |
84 | + FILE *subs = fopen(subs_path, "r"); |
85 | ++ if (subs == NULL) { |
86 | ++ fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); |
87 | ++ u_free(subs_path); |
88 | ++ return -1; |
89 | ++ } |
90 | + u_free(subs_path); |
91 | + count = 0; |
92 | + buf = NULL; |
93 | +@@ -180,7 +193,10 @@ int LocalSubscriptionOpSave (char * uri_repository, char * uuid, unsigned char * |
94 | + if(LocalSubscriptionInitFlag == 0) return -1; |
95 | + snprintf(buf, U_NAME_MAX, "%s/uuid:%s", uri_repository, uuid); |
96 | + FILE *subsfile = fopen(buf, "w"); |
97 | +- if(subsfile == NULL) return -1; |
98 | ++ if (subsfile == NULL) { |
99 | ++ fprintf(stderr, "Can't open %s: %s", buf, strerror(errno)); |
100 | ++ return -1; |
101 | ++ } |
102 | + fprintf(subsfile, "%s", subscriptionDoc); |
103 | + fclose(subsfile); |
104 | + return 0; |
105 | +@@ -201,6 +217,10 @@ int LocalSubscriptionOpUpdate(char * uri_repository, char * uuid, char *expire) |
106 | + ws_xml_set_node_text(node, expire); |
107 | + ws_xml_dump_memory_enc(doc, &temp, &len, "UTF-8"); |
108 | + FILE *subsfile = fopen(buf, "w"); |
109 | ++ if (subsfile == NULL) { |
110 | ++ fprintf(stderr, "Can't open %s: %s", buf, strerror(errno)); |
111 | ++ return -1; |
112 | ++ } |
113 | + fprintf(subsfile, "%s", temp); |
114 | + fclose(subsfile); |
115 | + ws_xml_free_memory(temp); |
116 | + |
117 | |
118 | === added file 'debian/patches/SHA512-password-fixes.patch' |
119 | --- debian/patches/SHA512-password-fixes.patch 1970-01-01 00:00:00 +0000 |
120 | +++ debian/patches/SHA512-password-fixes.patch 2014-06-06 18:06:02 +0000 |
121 | @@ -0,0 +1,82 @@ |
122 | +Description: support SHA512 password encoding, use safe_cmp to prevent |
123 | + brute-force attacks |
124 | + . |
125 | + SHA512 passwords needs more space than 64bytes |
126 | + . |
127 | + The runtime of strcmp depends on the string size, thus allows for |
128 | + brute-force password attacks. Replace it by constant-time safe_cmp |
129 | + when comparing usernames and passwords. |
130 | +Author: <kkaempf@suse.de> |
131 | +Forwarded: not-needed |
132 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/b1c2192f4b4fa04286dc1bb7e467b34926099720 |
133 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
134 | +Last-Update: 2014-05-19 |
135 | +--- |
136 | +--- openwsman-2.4.3.orig/src/authenticators/file/file_auth.c |
137 | ++++ openwsman-2.4.3/src/authenticators/file/file_auth.c |
138 | +@@ -70,14 +70,31 @@ int initialize(void *arg) { |
139 | + return 0; |
140 | + } |
141 | + |
142 | ++/* |
143 | ++ * constant-time comparison to prevent brute-force attacks on authorize() |
144 | ++ * |
145 | ++ * returns zero only if s1 and s2 are bit-wise identical for the first len characters. |
146 | ++ */ |
147 | ++static int |
148 | ++safe_cmp(unsigned const char *s1, unsigned const char *s2, size_t len) |
149 | ++{ |
150 | ++ size_t i = 0; |
151 | ++ unsigned char result = 0; |
152 | + |
153 | ++ while (i++ < len) { |
154 | ++ result |= *s1++ ^ *s2++; |
155 | ++ } |
156 | ++ return result; |
157 | ++} |
158 | + |
159 | + int |
160 | + authorize(char *username, const char *password) |
161 | + { |
162 | + int authorized = 0; |
163 | +- char l[256], u[65], passwd[65]; |
164 | ++ char l[256], u[65], passwd[129]; |
165 | + char *newpw = NULL ; |
166 | ++ size_t username_l; |
167 | ++ size_t min_len; |
168 | + |
169 | + debug( "Checking basic for user: %s; password XXXXX", |
170 | + username); |
171 | +@@ -88,6 +105,7 @@ authorize(char *username, const char *password) |
172 | + username); |
173 | + return 0; |
174 | + } |
175 | ++ username_l = strlen(username); |
176 | + FILE *fp = fopen(filename, "r"); |
177 | + if (!fp) { |
178 | + debug( "Couldn't open basic passwd file %s", |
179 | +@@ -99,10 +117,20 @@ authorize(char *username, const char *password) |
180 | + if (sscanf(l, "%64[^:]:%64s", u, passwd) != 2) |
181 | + continue; /* Ignore malformed lines */ |
182 | + debug( "user: %s, passwd: XXXX", u); |
183 | +- if (!strcmp(username, u)) { |
184 | ++ min_len = strlen(u); |
185 | ++ if (username_l < min_len) { |
186 | ++ min_len = username_l; |
187 | ++ } |
188 | ++ if (!safe_cmp(username, u, min_len)) { |
189 | ++ size_t newpw_l; |
190 | ++ min_len = strlen(passwd); |
191 | + newpw = crypt(password, passwd); |
192 | ++ newpw_l = strlen(newpw); |
193 | ++ if (newpw_l < min_len) { |
194 | ++ min_len = newpw_l; |
195 | ++ } |
196 | + debug( "user: %s, passwd: XXXXX", u ); |
197 | +- authorized = ( strcmp (newpw, passwd) == 0 ); |
198 | ++ authorized = ( safe_cmp (newpw, passwd, min_len) == 0 ); |
199 | + break; |
200 | + } |
201 | + } |
202 | + |
203 | + |
204 | |
205 | === added file 'debian/patches/increase-password-upper-limit.patch' |
206 | --- debian/patches/increase-password-upper-limit.patch 1970-01-01 00:00:00 +0000 |
207 | +++ debian/patches/increase-password-upper-limit.patch 2014-06-06 18:06:02 +0000 |
208 | @@ -0,0 +1,20 @@ |
209 | +Subject: increase password upper limit to 128 characters (from 64) |
210 | +Author: <kkaempf@suse.de> |
211 | +Forwarded: not-needed |
212 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/9b51b3c49600846751d3e06043da53d93c62b566 |
213 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
214 | +Last-Update: 2014-05-21 |
215 | +--- |
216 | +--- openwsman-2.4.3.orig/src/authenticators/file/file_auth.c |
217 | ++++ openwsman-2.4.3/src/authenticators/file/file_auth.c |
218 | +@@ -114,7 +114,7 @@ authorize(char *username, const char *password) |
219 | + } |
220 | + |
221 | + while (fgets(l, sizeof(l), fp) != NULL) { |
222 | +- if (sscanf(l, "%64[^:]:%64s", u, passwd) != 2) |
223 | ++ if (sscanf(l, "%64[^:]:%128s", u, passwd) != 2) |
224 | + continue; /* Ignore malformed lines */ |
225 | + debug( "user: %s, passwd: XXXX", u); |
226 | + min_len = strlen(u); |
227 | + |
228 | + |
229 | |
230 | === added file 'debian/patches/mem-allocation-dictionary-new-fix.patch' |
231 | --- debian/patches/mem-allocation-dictionary-new-fix.patch 1970-01-01 00:00:00 +0000 |
232 | +++ debian/patches/mem-allocation-dictionary-new-fix.patch 2014-06-06 18:06:02 +0000 |
233 | @@ -0,0 +1,58 @@ |
234 | +Description: fix unchecked memory allocation in dictionary_new(), d, d->val, |
235 | + d->key, d->hash |
236 | + . |
237 | + iniparser_new might return NULL, handle this case in redirect.c |
238 | +Author: <kkaempf@suse.de> |
239 | +Forwarded: not-needed |
240 | +Origin: https://github.com/Openwsman/openwsman/commit/638abcbf5faa97ccb2c3ab15faeb2f2cc9363b56 |
241 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
242 | +Last-Update: 2014-02-27 |
243 | +--- |
244 | +--- openwsman-2.4.3.orig/src/lib/u/iniparser.c |
245 | ++++ openwsman-2.4.3/src/lib/u/iniparser.c |
246 | +@@ -218,11 +218,16 @@ static dictionary * dictionary_new(int size) |
247 | + if (size<DICTMINSZ) size=DICTMINSZ ; |
248 | + |
249 | + d = (dictionary *)calloc(1, sizeof(dictionary)); |
250 | +- d->size = size ; |
251 | +- d->val = (char **)calloc(size, sizeof(char*)); |
252 | +- d->key = (char **)calloc(size, sizeof(char*)); |
253 | +- d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); |
254 | +- |
255 | ++ if (d != NULL) { |
256 | ++ d->size = size ; |
257 | ++ d->val = (char **)calloc(size, sizeof(char*)); |
258 | ++ d->key = (char **)calloc(size, sizeof(char*)); |
259 | ++ d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); |
260 | ++ } |
261 | ++ if ((d == NULL) || (d->val == NULL) || (d->key == NULL) || (d->hash == NULL)) { |
262 | ++ fprintf(stderr, "dictionary_new: memory allocation failure\n"); |
263 | ++ d = NULL; |
264 | ++ } |
265 | + return d; |
266 | + } |
267 | + |
268 | +@@ -884,6 +889,8 @@ dictionary * iniparser_new(char *ininame) |
269 | + * Initialize a new dictionary entry |
270 | + */ |
271 | + d = dictionary_new(0); |
272 | ++ if (d == NULL) |
273 | ++ return d; |
274 | + lineno = 0 ; |
275 | + while (fgets(lin, ASCIILINESZ, ini)!=NULL) { |
276 | + lineno++ ; |
277 | +--- openwsman-2.4.3.orig/src/plugins/redirect/redirect.c |
278 | ++++ openwsman-2.4.3/src/plugins/redirect/redirect.c |
279 | +@@ -99,7 +99,10 @@ int init( void *self, void **data ) |
280 | + dictionary *ini, *inc_ini; |
281 | + filename = (char *) wsmand_options_get_config_file(); |
282 | + ini = iniparser_new(filename); |
283 | +- |
284 | ++ if (ini == NULL) { |
285 | ++ error("redirect: iniparser_new failed"); |
286 | ++ return 0; |
287 | ++ } |
288 | + redirect_data = malloc (sizeof(struct __Redirect_Data)); |
289 | + if (redirect_data == NULL){ |
290 | + error("Failed while allocating memory for redirect_data"); |
291 | + |
292 | |
293 | === added file 'debian/patches/mem-allocation-mem-double-newptr-fix.patch' |
294 | --- debian/patches/mem-allocation-mem-double-newptr-fix.patch 1970-01-01 00:00:00 +0000 |
295 | +++ debian/patches/mem-allocation-mem-double-newptr-fix.patch 2014-06-06 18:06:02 +0000 |
296 | @@ -0,0 +1,37 @@ |
297 | +Description: fix unchecked memory allocation in mem_double(), newptr |
298 | +Author: <kkaempf@suse.de> |
299 | +Forwarded: not-needed |
300 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/89dabd4582e3fbb88328dd780e89baf6efb4ad3f |
301 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
302 | +Last-Update: 2014-02-27 |
303 | +--- |
304 | +--- openwsman-2.4.3.orig/src/lib/u/iniparser.c |
305 | ++++ openwsman-2.4.3/src/lib/u/iniparser.c |
306 | +@@ -152,6 +152,10 @@ static void * mem_double(void * ptr, int size) |
307 | + void *newptr; |
308 | + |
309 | + newptr = calloc(2*size, 1); |
310 | ++ if (newptr == NULL) { |
311 | ++ fprintf(stderr, "mem_double: allocation failed\n"); |
312 | ++ return NULL; |
313 | ++ } |
314 | + memcpy(newptr, ptr, size); |
315 | + free(ptr); |
316 | + return newptr ; |
317 | +@@ -346,8 +350,14 @@ static void dictionary_set(dictionary * d, char * key, char * val) |
318 | + |
319 | + /* Reached maximum size: reallocate blackboard */ |
320 | + d->val = (char **)mem_double(d->val, d->size * sizeof(char*)) ; |
321 | ++ if (d->val == NULL) |
322 | ++ exit(1); |
323 | + d->key = (char **)mem_double(d->key, d->size * sizeof(char*)) ; |
324 | ++ if (d->key == NULL) |
325 | ++ exit(1); |
326 | + d->hash = (unsigned int *)mem_double(d->hash, d->size * sizeof(unsigned)) ; |
327 | ++ if (d->hash == NULL) |
328 | ++ exit(1); |
329 | + |
330 | + /* Double size */ |
331 | + d->size *= 2 ; |
332 | + |
333 | + |
334 | |
335 | === added file 'debian/patches/mem-allocation-u-error-new-fix.patch' |
336 | --- debian/patches/mem-allocation-u-error-new-fix.patch 1970-01-01 00:00:00 +0000 |
337 | +++ debian/patches/mem-allocation-u-error-new-fix.patch 2014-06-06 18:06:02 +0000 |
338 | @@ -0,0 +1,22 @@ |
339 | +Description: fix unchecked memory allocation in u_error_new(), *error |
340 | +Author: <kkaempf@suse.de> |
341 | +Forwarded: not-needed |
342 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/d9b48a472819b258a34746a07256516653d5a141 |
343 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
344 | +Last-Update: 2014-02-27 |
345 | +--- |
346 | +--- openwsman-2.4.3.orig/src/lib/u/uerr.c |
347 | ++++ openwsman-2.4.3/src/lib/u/uerr.c |
348 | +@@ -44,6 +44,10 @@ void u_error_new(u_error_t **error, int code, const char *format, ...) |
349 | + return; |
350 | + |
351 | + *error = u_malloc(sizeof(u_error_t)); |
352 | ++ if (*error == NULL) { |
353 | ++ fprintf(stderr, "u_error_new: memory allocation failure\n"); |
354 | ++ return; |
355 | ++ } |
356 | + (*error)->code = code; |
357 | + va_start(args, format); |
358 | + (*error)->message = u_strdup_vprintf(format, args); |
359 | + |
360 | + |
361 | |
362 | === added file 'debian/patches/mem-allocation-wsman-init-plugins-fix.patch' |
363 | --- debian/patches/mem-allocation-wsman-init-plugins-fix.patch 1970-01-01 00:00:00 +0000 |
364 | +++ debian/patches/mem-allocation-wsman-init-plugins-fix.patch 2014-06-06 18:06:02 +0000 |
365 | @@ -0,0 +1,52 @@ |
366 | +Description: unchecked memory allocation in wsman_init_plugins(), p->ifc |
367 | + return NULL if alloc fails, handle NULL return in callers |
368 | +Author: <kkaempf@suse.de> |
369 | +Forwarded: not-needed |
370 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/d51551bf791083c00105e5d8ef0b3bc24e5bb4b5 |
371 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
372 | +Last-Update: 2014-02-27 |
373 | +--- |
374 | +--- openwsman-2.4.3.orig/src/lib/wsman-server.c |
375 | ++++ openwsman-2.4.3/src/lib/wsman-server.c |
376 | +@@ -102,6 +102,10 @@ WsContextH wsman_init_plugins(WsManListenerH * listener) |
377 | + |
378 | + p->ifc = (WsDispatchInterfaceInfo *) |
379 | + malloc(sizeof(WsDispatchInterfaceInfo)); |
380 | ++ if (p->ifc == NULL) { |
381 | ++ error("Memory allocation error while loading plugin"); |
382 | ++ return NULL; |
383 | ++ } |
384 | + ifcinfo = p->ifc; |
385 | + ifcinfo->extraData = p->data; |
386 | + p->set_config = dlsym(p->p_handle, "set_config"); |
387 | +--- openwsman-2.4.3.orig/src/server/wsmand-listener.c |
388 | ++++ openwsman-2.4.3/src/server/wsmand-listener.c |
389 | +@@ -674,21 +674,21 @@ WsManListenerH *wsmand_start_server(dictionary * ini) |
390 | + WsManListenerH *listener = wsman_dispatch_list_new(); |
391 | + listener->config = ini; |
392 | + WsContextH cntx = wsman_init_plugins(listener); |
393 | +- int num_threads=0; |
394 | +- int max_threads=wsmand_options_get_max_threads(); |
395 | ++ int num_threads = 0; |
396 | ++ int max_threads = wsmand_options_get_max_threads(); |
397 | + int max_connections_per_thread = wsmand_options_get_max_connections_per_thread(); |
398 | +- if(max_threads && !max_connections_per_thread){ |
399 | ++ if (max_threads && !max_connections_per_thread) { |
400 | + error("max_threads: %d and max_connections_per_thread : %d", max_threads, max_connections_per_thread); |
401 | + return listener; |
402 | + } |
403 | + |
404 | ++ if (cntx == NULL) { |
405 | ++ return listener; |
406 | ++ } |
407 | + #ifdef ENABLE_EVENTING_SUPPORT |
408 | + wsman_event_init(cntx->soap); |
409 | + #endif |
410 | + |
411 | +- if (cntx == NULL) { |
412 | +- return listener; |
413 | +- } |
414 | + #ifndef HAVE_SSL |
415 | + if (use_ssl) { |
416 | + error("Server configured without SSL support"); |
417 | + |
418 | |
419 | === added file 'debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch' |
420 | --- debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch 1970-01-01 00:00:00 +0000 |
421 | +++ debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch 2014-06-06 18:06:02 +0000 |
422 | @@ -0,0 +1,19 @@ |
423 | +Description: remove (unsafe) debug() call from sighup_handler |
424 | +Author: <kkaempf@suse.de> |
425 | +Forwarded: not-needed |
426 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/2cd98b07fa6930727a35da2b7409610b74535cae |
427 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
428 | +Last-Update: 2014-02-27 |
429 | +--- |
430 | +--- openwsman-2.4.3.orig/src/server/wsmand.c |
431 | ++++ openwsman-2.4.3/src/server/wsmand.c |
432 | +@@ -141,8 +141,6 @@ static void signal_handler(int sig_num) |
433 | + |
434 | + static void sighup_handler(int sig_num) |
435 | + { |
436 | +- debug("SIGHUP received; reloading data"); |
437 | +- |
438 | + if (wsmand_options_get_debug_level() == 0) { |
439 | + int fd; |
440 | + |
441 | + |
442 | |
443 | === modified file 'debian/patches/series' |
444 | --- debian/patches/series 2014-01-13 12:11:37 +0000 |
445 | +++ debian/patches/series 2014-06-06 18:06:02 +0000 |
446 | @@ -1,1 +1,12 @@ |
447 | cmake-python-includes.patch |
448 | +ws-xml-make-default-prefix-buff-overflow-fix.patch |
449 | +wsmc-create-request-fix-buff-overflow.patch |
450 | +LocalSubscriptionOpUpdate-fix-fopen.patch |
451 | +wsman-get-fault-status-sanity-guard-fix.patch |
452 | +mem-allocation-wsman-init-plugins-fix.patch |
453 | +mem-allocation-mem-double-newptr-fix.patch |
454 | +mem-allocation-dictionary-new-fix.patch |
455 | +mem-allocation-u-error-new-fix.patch |
456 | +remove-unsafe-debug-call-from-sighup-handler.patch |
457 | +SHA512-password-fixes.patch |
458 | +increase-password-upper-limit.patch |
459 | |
460 | === added file 'debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch' |
461 | --- debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch 1970-01-01 00:00:00 +0000 |
462 | +++ debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch 2014-06-06 18:06:02 +0000 |
463 | @@ -0,0 +1,29 @@ |
464 | +Description: ws_xml_make_default_prefix() overflow fix |
465 | + [PATCH] ws_xml_make_default_prefix() can overflow buf parameter via |
466 | + sprintf(). |
467 | +Author: <kkaempf@suse.de> |
468 | +Forwarded: not-needed |
469 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/1c21816f1d2cc63eee6326d0f1340d3341694e60 |
470 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
471 | +Last-Update: 2014-02-27 |
472 | + |
473 | +--- |
474 | +--- openwsman-2.4.3.orig/src/lib/wsman-xml.c |
475 | ++++ openwsman-2.4.3/src/lib/wsman-xml.c |
476 | +@@ -94,13 +94,13 @@ ws_xml_make_default_prefix(WsXmlNodeH node, |
477 | + for (i = 0; g_wsNsData[i].uri != NULL; i++) { |
478 | + WsXmlNsData *nsd = &g_wsNsData[i]; |
479 | + if (strcmp(uri, nsd->uri) == 0 && nsd->prefix) { |
480 | +- sprintf(buf, "%s", nsd->prefix ); |
481 | ++ snprintf(buf, bufsize, "%s", nsd->prefix ); |
482 | + return; |
483 | + } |
484 | + } |
485 | + } |
486 | + if(g_wsNsData[i].uri == NULL && bufsize >= 12) |
487 | +- sprintf(buf, "n%lu", ++doc->prefixIndex); |
488 | ++ snprintf(buf, bufsize, "n%lu", ++doc->prefixIndex); |
489 | + else |
490 | + buf[0] = 0; |
491 | + } |
492 | + |
493 | |
494 | === added file 'debian/patches/wsman-get-fault-status-sanity-guard-fix.patch' |
495 | --- debian/patches/wsman-get-fault-status-sanity-guard-fix.patch 1970-01-01 00:00:00 +0000 |
496 | +++ debian/patches/wsman-get-fault-status-sanity-guard-fix.patch 2014-06-06 18:06:02 +0000 |
497 | @@ -0,0 +1,64 @@ |
498 | +Description: fix incorrect order of sanity guards in |
499 | + wsman_get_fault_status_from_doc(). |
500 | +Author: <kkaempf@suse.de> |
501 | +Forwarded: not-needed |
502 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/ca68ddd7c24b238cbb94bc97ffac349ff25f07bf |
503 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
504 | +Last-Update: 2014-02-27 |
505 | +--- |
506 | +--- openwsman-2.4.3.orig/src/lib/wsman-faults.c |
507 | ++++ openwsman-2.4.3/src/lib/wsman-faults.c |
508 | +@@ -607,22 +607,37 @@ void |
509 | + wsman_get_fault_status_from_doc (WsXmlDocH doc, WsmanStatus *status) |
510 | + { |
511 | + int i; |
512 | +- char *subcode_value=ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); |
513 | +- char *subcode_value_msg =calloc(1,strlen(subcode_value)); |
514 | +- char *start_pos = strchr(subcode_value,':'); |
515 | +- strcpy(subcode_value_msg, start_pos+1); |
516 | +- if (strlen(subcode_value)== 0 ) return ; |
517 | ++ char *subcode_value = ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); |
518 | ++ char *subcode_value_msg; |
519 | ++ char *start_pos; |
520 | ++ |
521 | ++ if (strlen(subcode_value) == 0) |
522 | ++ return; |
523 | ++ |
524 | ++ subcode_value_msg = calloc(1, strlen(subcode_value)); |
525 | ++ if (subcode_value_msg == NULL) { |
526 | ++ error("Out of memory"); |
527 | ++ status->fault_code = WSMAN_INTERNAL_ERROR; |
528 | ++ /* some default values */ |
529 | ++ status->fault_detail_code = OWSMAN_SYSTEM_ERROR; |
530 | ++ status->fault_msg = NULL; |
531 | ++ return; |
532 | ++ } |
533 | ++ |
534 | ++ start_pos = strchr(subcode_value, ':'); |
535 | ++ if (start_pos != NULL) { |
536 | ++ strcpy(subcode_value_msg, start_pos+1); |
537 | + |
538 | +- int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); |
539 | +- for (i = 0; i < nfaults; i++) { |
540 | +- if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { |
541 | +- status->fault_code = fault_code_table[i].fault_code; |
542 | +- //some default values |
543 | +- status->fault_detail_code = 0; |
544 | +- status->fault_msg='\0'; |
545 | +- return; |
546 | ++ int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); |
547 | ++ for (i = 0; i < nfaults; i++) { |
548 | ++ if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { |
549 | ++ status->fault_code = fault_code_table[i].fault_code; |
550 | ++ /* some default values */ |
551 | ++ status->fault_detail_code = 0; |
552 | ++ status->fault_msg = NULL; |
553 | ++ return; |
554 | ++ } |
555 | + } |
556 | +- |
557 | + } |
558 | + return; |
559 | + } |
560 | + |
561 | + |
562 | |
563 | === added file 'debian/patches/wsmc-create-request-fix-buff-overflow.patch' |
564 | --- debian/patches/wsmc-create-request-fix-buff-overflow.patch 1970-01-01 00:00:00 +0000 |
565 | +++ debian/patches/wsmc-create-request-fix-buff-overflow.patch 2014-06-06 18:06:02 +0000 |
566 | @@ -0,0 +1,41 @@ |
567 | +Description: wsmc_create_request() buffer overflow fix |
568 | + wsmc_create_request() correct a potential buf[20] overflow via WSMAN_ACTION_RENEW. |
569 | +Author: <kkaempf@suse.de> |
570 | +Forwarded: not-needed |
571 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/a61b2074a90c9fb3019f49b6b347ad651a3f80af |
572 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
573 | +Last-Update: 2014-02-27 |
574 | + |
575 | +--- |
576 | +--- openwsman-2.4.3.orig/src/lib/wsman-client.c |
577 | ++++ openwsman-2.4.3/src/lib/wsman-client.c |
578 | +@@ -855,7 +855,6 @@ wsmc_create_request(WsManClient * cl, const char *resource_uri, |
579 | + WsXmlNodeH header; |
580 | + WsXmlNodeH node; |
581 | + char *_action = NULL; |
582 | +- char buf[20]; |
583 | + if (action == WSMAN_ACTION_IDENTIFY) { |
584 | + request = ws_xml_create_envelope(); |
585 | + } else { |
586 | +@@ -964,14 +963,18 @@ wsmc_create_request(WsManClient * cl, const char *resource_uri, |
587 | + } |
588 | + break; |
589 | + case WSMAN_ACTION_RENEW: |
590 | ++ { |
591 | ++ char buf[20]; |
592 | + node = ws_xml_add_child(body, |
593 | + XML_NS_EVENTING, WSEVENT_RENEW, NULL); |
594 | +- sprintf(buf, "PT%fS", options->expires); |
595 | ++ /* %f default precision is 6 -> [-]ddd.ddd */ |
596 | ++ snprintf(buf, 20, "PT%fS", options->expires); |
597 | + ws_xml_add_child(node, XML_NS_EVENTING, WSEVENT_EXPIRES, buf); |
598 | + if(data) { |
599 | + if(((char *)data)[0] != 0) |
600 | + add_subscription_context(ws_xml_get_soap_header(request), (char *)data); |
601 | + } |
602 | ++ } |
603 | + break; |
604 | + case WSMAN_ACTION_NONE: |
605 | + case WSMAN_ACTION_TRANSFER_CREATE: |
606 | + |
607 | + |
Looks good except for some very minor trailing whitespace in debian/changelog. I can adjust this for the upload. Thanks!