Merge lp:~kentb/ubuntu/trusty/openwsman/bug-1319098 into lp:ubuntu/trusty/openwsman
- Trusty (14.04)
- bug-1319098
- Merge into trusty
Proposed by
Kent Baxley
| Status: | Merged | ||||
|---|---|---|---|---|---|
| Merge reported by: | Jamie Strandboge | ||||
| Merged at revision: | not available | ||||
| Proposed branch: | lp:~kentb/ubuntu/trusty/openwsman/bug-1319098 | ||||
| Merge into: | lp:ubuntu/trusty/openwsman | ||||
| Diff against target: |
607 lines (+539/-0) 13 files modified
debian/changelog (+30/-0) debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch (+74/-0) debian/patches/SHA512-password-fixes.patch (+82/-0) debian/patches/increase-password-upper-limit.patch (+20/-0) debian/patches/mem-allocation-dictionary-new-fix.patch (+58/-0) debian/patches/mem-allocation-mem-double-newptr-fix.patch (+37/-0) debian/patches/mem-allocation-u-error-new-fix.patch (+22/-0) debian/patches/mem-allocation-wsman-init-plugins-fix.patch (+52/-0) debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch (+19/-0) debian/patches/series (+11/-0) debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch (+29/-0) debian/patches/wsman-get-fault-status-sanity-guard-fix.patch (+64/-0) debian/patches/wsmc-create-request-fix-buff-overflow.patch (+41/-0) |
||||
| To merge this branch: | bzr merge lp:~kentb/ubuntu/trusty/openwsman/bug-1319098 | ||||
| Related bugs: |
|
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Jamie Strandboge | Approve | ||
|
Review via email:
|
|||
Commit message
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === modified file 'debian/changelog' |
| 2 | --- debian/changelog 2014-01-24 08:45:40 +0000 |
| 3 | +++ debian/changelog 2014-06-06 18:06:02 +0000 |
| 4 | @@ -1,3 +1,33 @@ |
| 5 | +openwsman (2.4.3-0ubuntu4.1) trusty-security; urgency=low |
| 6 | + |
| 7 | + * SECURITY UPDATE: Add security fixes from upstream openwsman (LP: #1319089) |
| 8 | + - debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch: |
| 9 | + ws_xml_make_default_prefix() can overflow buf parameter via sprintf() |
| 10 | + - debian/patches/wsmc-create-request-fix-buff-overflow.patch: |
| 11 | + wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW |
| 12 | + - debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch: |
| 13 | + address LocalSubscriptionOpUpdate() unchecked fopen() |
| 14 | + - debian/patches/wsman-get-fault-status-sanity-guard-fix.patch: |
| 15 | + Fix incorrect order of sanity guards in wsman_get_fault_status_from_doc() |
| 16 | + - debian/patches/mem-allocation-wsman-init-plugins-fix.patch: |
| 17 | + Fix unchecked memory allocation in wsman_init_plugins(), p->ifc |
| 18 | + - debian/patches/mem-allocation-mem-double-newptr-fix.patch: |
| 19 | + Fix unchecked memory allocation in mem_double(), newptr |
| 20 | + - debian/patches/mem-allocation-dictionary-new-fix.patch: |
| 21 | + Fix unchecked memory allocation in dictionary_new(), d, d->val, d->key, |
| 22 | + d->hash |
| 23 | + - debian/patches/mem-allocation-u-error-new-fix.patch: |
| 24 | + Fix unchecked memory allocation in u_error_new(), *error |
| 25 | + - debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch: |
| 26 | + sighup_handler() in wsmand.c use of unsafe functions in a signal handler |
| 27 | + - debian/patches/SHA512-password-fixes.patch: |
| 28 | + Support SHA512 password encoding, use safe_cmp to prevent brute-force |
| 29 | + attacks |
| 30 | + - debian/patches/increase-password-upper-limit.patch: |
| 31 | + increase password upper limit to 128 characters (from 64) |
| 32 | + |
| 33 | + -- Kent Baxley <kent.baxley@canonical.com> Fri, 06 Jun 2014 12:55:02 -0500 |
| 34 | + |
| 35 | openwsman (2.4.3-0ubuntu4) trusty; urgency=low |
| 36 | |
| 37 | * debian/control: fix the breaks and replaces version numbers |
| 38 | |
| 39 | === added file 'debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch' |
| 40 | --- debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch 1970-01-01 00:00:00 +0000 |
| 41 | +++ debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch 2014-06-06 18:06:02 +0000 |
| 42 | @@ -0,0 +1,74 @@ |
| 43 | +Description: fix LocalSubscriptionOpUpdate() unchecked fopen() |
| 44 | +Author: <kkaempf@suse.de> |
| 45 | +Forwarded: not-needed |
| 46 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/09c3fcf4d209f6890eb9cb9e554bff637eae73b5 |
| 47 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 48 | +Last-Update: 2014-02-27 |
| 49 | + |
| 50 | +--- |
| 51 | +--- openwsman-2.4.3.orig/src/lib/wsman-subscription-repository.c |
| 52 | ++++ openwsman-2.4.3/src/lib/wsman-subscription-repository.c |
| 53 | +@@ -91,8 +91,12 @@ int LocalSubscriptionOpGet(char * uri_repository, char * uuid, unsigned char ** |
| 54 | + if(LocalSubscriptionInitFlag == 0) return -1; |
| 55 | + char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); |
| 56 | + FILE *fp = fopen(subs_path, "r"); |
| 57 | ++ if (fp == NULL) { |
| 58 | ++ fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); |
| 59 | ++ u_free(subs_path); |
| 60 | ++ return -1; |
| 61 | ++ } |
| 62 | + u_free(subs_path); |
| 63 | +- if(fp == NULL) return -1; |
| 64 | + while(!feof(fp)) { |
| 65 | + memset(block, 0, 512); |
| 66 | + m = fread(block, 1, 511, fp); |
| 67 | +@@ -116,8 +120,12 @@ int LocalSubscriptionOpSearch(char * uri_repository, char * uuid) |
| 68 | + if(LocalSubscriptionInitFlag == 0) return -1; |
| 69 | + char *subs_path = u_strdup_printf ("%s/uuid:%s", uri_repository, uuid); |
| 70 | + FILE *fp = fopen(subs_path, "r"); |
| 71 | ++ if (fp == NULL) { |
| 72 | ++ fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); |
| 73 | ++ u_free(subs_path); |
| 74 | ++ return -1; |
| 75 | ++ } |
| 76 | + u_free(subs_path); |
| 77 | +- if(fp == NULL) return -1; |
| 78 | + fclose(fp); |
| 79 | + return 0; |
| 80 | + } |
| 81 | +@@ -145,6 +153,11 @@ int LocalSubscriptionOpLoad (char * uri_repository, list_t * subscription_list) |
| 82 | + } |
| 83 | + char *subs_path = u_strdup_printf ("%s/%s", uri_repository, namelist[n]->d_name); |
| 84 | + FILE *subs = fopen(subs_path, "r"); |
| 85 | ++ if (subs == NULL) { |
| 86 | ++ fprintf(stderr, "Can't open %s: %s", subs_path, strerror(errno)); |
| 87 | ++ u_free(subs_path); |
| 88 | ++ return -1; |
| 89 | ++ } |
| 90 | + u_free(subs_path); |
| 91 | + count = 0; |
| 92 | + buf = NULL; |
| 93 | +@@ -180,7 +193,10 @@ int LocalSubscriptionOpSave (char * uri_repository, char * uuid, unsigned char * |
| 94 | + if(LocalSubscriptionInitFlag == 0) return -1; |
| 95 | + snprintf(buf, U_NAME_MAX, "%s/uuid:%s", uri_repository, uuid); |
| 96 | + FILE *subsfile = fopen(buf, "w"); |
| 97 | +- if(subsfile == NULL) return -1; |
| 98 | ++ if (subsfile == NULL) { |
| 99 | ++ fprintf(stderr, "Can't open %s: %s", buf, strerror(errno)); |
| 100 | ++ return -1; |
| 101 | ++ } |
| 102 | + fprintf(subsfile, "%s", subscriptionDoc); |
| 103 | + fclose(subsfile); |
| 104 | + return 0; |
| 105 | +@@ -201,6 +217,10 @@ int LocalSubscriptionOpUpdate(char * uri_repository, char * uuid, char *expire) |
| 106 | + ws_xml_set_node_text(node, expire); |
| 107 | + ws_xml_dump_memory_enc(doc, &temp, &len, "UTF-8"); |
| 108 | + FILE *subsfile = fopen(buf, "w"); |
| 109 | ++ if (subsfile == NULL) { |
| 110 | ++ fprintf(stderr, "Can't open %s: %s", buf, strerror(errno)); |
| 111 | ++ return -1; |
| 112 | ++ } |
| 113 | + fprintf(subsfile, "%s", temp); |
| 114 | + fclose(subsfile); |
| 115 | + ws_xml_free_memory(temp); |
| 116 | + |
| 117 | |
| 118 | === added file 'debian/patches/SHA512-password-fixes.patch' |
| 119 | --- debian/patches/SHA512-password-fixes.patch 1970-01-01 00:00:00 +0000 |
| 120 | +++ debian/patches/SHA512-password-fixes.patch 2014-06-06 18:06:02 +0000 |
| 121 | @@ -0,0 +1,82 @@ |
| 122 | +Description: support SHA512 password encoding, use safe_cmp to prevent |
| 123 | + brute-force attacks |
| 124 | + . |
| 125 | + SHA512 passwords needs more space than 64bytes |
| 126 | + . |
| 127 | + The runtime of strcmp depends on the string size, thus allows for |
| 128 | + brute-force password attacks. Replace it by constant-time safe_cmp |
| 129 | + when comparing usernames and passwords. |
| 130 | +Author: <kkaempf@suse.de> |
| 131 | +Forwarded: not-needed |
| 132 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/b1c2192f4b4fa04286dc1bb7e467b34926099720 |
| 133 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 134 | +Last-Update: 2014-05-19 |
| 135 | +--- |
| 136 | +--- openwsman-2.4.3.orig/src/authenticators/file/file_auth.c |
| 137 | ++++ openwsman-2.4.3/src/authenticators/file/file_auth.c |
| 138 | +@@ -70,14 +70,31 @@ int initialize(void *arg) { |
| 139 | + return 0; |
| 140 | + } |
| 141 | + |
| 142 | ++/* |
| 143 | ++ * constant-time comparison to prevent brute-force attacks on authorize() |
| 144 | ++ * |
| 145 | ++ * returns zero only if s1 and s2 are bit-wise identical for the first len characters. |
| 146 | ++ */ |
| 147 | ++static int |
| 148 | ++safe_cmp(unsigned const char *s1, unsigned const char *s2, size_t len) |
| 149 | ++{ |
| 150 | ++ size_t i = 0; |
| 151 | ++ unsigned char result = 0; |
| 152 | + |
| 153 | ++ while (i++ < len) { |
| 154 | ++ result |= *s1++ ^ *s2++; |
| 155 | ++ } |
| 156 | ++ return result; |
| 157 | ++} |
| 158 | + |
| 159 | + int |
| 160 | + authorize(char *username, const char *password) |
| 161 | + { |
| 162 | + int authorized = 0; |
| 163 | +- char l[256], u[65], passwd[65]; |
| 164 | ++ char l[256], u[65], passwd[129]; |
| 165 | + char *newpw = NULL ; |
| 166 | ++ size_t username_l; |
| 167 | ++ size_t min_len; |
| 168 | + |
| 169 | + debug( "Checking basic for user: %s; password XXXXX", |
| 170 | + username); |
| 171 | +@@ -88,6 +105,7 @@ authorize(char *username, const char *password) |
| 172 | + username); |
| 173 | + return 0; |
| 174 | + } |
| 175 | ++ username_l = strlen(username); |
| 176 | + FILE *fp = fopen(filename, "r"); |
| 177 | + if (!fp) { |
| 178 | + debug( "Couldn't open basic passwd file %s", |
| 179 | +@@ -99,10 +117,20 @@ authorize(char *username, const char *password) |
| 180 | + if (sscanf(l, "%64[^:]:%64s", u, passwd) != 2) |
| 181 | + continue; /* Ignore malformed lines */ |
| 182 | + debug( "user: %s, passwd: XXXX", u); |
| 183 | +- if (!strcmp(username, u)) { |
| 184 | ++ min_len = strlen(u); |
| 185 | ++ if (username_l < min_len) { |
| 186 | ++ min_len = username_l; |
| 187 | ++ } |
| 188 | ++ if (!safe_cmp(username, u, min_len)) { |
| 189 | ++ size_t newpw_l; |
| 190 | ++ min_len = strlen(passwd); |
| 191 | + newpw = crypt(password, passwd); |
| 192 | ++ newpw_l = strlen(newpw); |
| 193 | ++ if (newpw_l < min_len) { |
| 194 | ++ min_len = newpw_l; |
| 195 | ++ } |
| 196 | + debug( "user: %s, passwd: XXXXX", u ); |
| 197 | +- authorized = ( strcmp (newpw, passwd) == 0 ); |
| 198 | ++ authorized = ( safe_cmp (newpw, passwd, min_len) == 0 ); |
| 199 | + break; |
| 200 | + } |
| 201 | + } |
| 202 | + |
| 203 | + |
| 204 | |
| 205 | === added file 'debian/patches/increase-password-upper-limit.patch' |
| 206 | --- debian/patches/increase-password-upper-limit.patch 1970-01-01 00:00:00 +0000 |
| 207 | +++ debian/patches/increase-password-upper-limit.patch 2014-06-06 18:06:02 +0000 |
| 208 | @@ -0,0 +1,20 @@ |
| 209 | +Subject: increase password upper limit to 128 characters (from 64) |
| 210 | +Author: <kkaempf@suse.de> |
| 211 | +Forwarded: not-needed |
| 212 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/9b51b3c49600846751d3e06043da53d93c62b566 |
| 213 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 214 | +Last-Update: 2014-05-21 |
| 215 | +--- |
| 216 | +--- openwsman-2.4.3.orig/src/authenticators/file/file_auth.c |
| 217 | ++++ openwsman-2.4.3/src/authenticators/file/file_auth.c |
| 218 | +@@ -114,7 +114,7 @@ authorize(char *username, const char *password) |
| 219 | + } |
| 220 | + |
| 221 | + while (fgets(l, sizeof(l), fp) != NULL) { |
| 222 | +- if (sscanf(l, "%64[^:]:%64s", u, passwd) != 2) |
| 223 | ++ if (sscanf(l, "%64[^:]:%128s", u, passwd) != 2) |
| 224 | + continue; /* Ignore malformed lines */ |
| 225 | + debug( "user: %s, passwd: XXXX", u); |
| 226 | + min_len = strlen(u); |
| 227 | + |
| 228 | + |
| 229 | |
| 230 | === added file 'debian/patches/mem-allocation-dictionary-new-fix.patch' |
| 231 | --- debian/patches/mem-allocation-dictionary-new-fix.patch 1970-01-01 00:00:00 +0000 |
| 232 | +++ debian/patches/mem-allocation-dictionary-new-fix.patch 2014-06-06 18:06:02 +0000 |
| 233 | @@ -0,0 +1,58 @@ |
| 234 | +Description: fix unchecked memory allocation in dictionary_new(), d, d->val, |
| 235 | + d->key, d->hash |
| 236 | + . |
| 237 | + iniparser_new might return NULL, handle this case in redirect.c |
| 238 | +Author: <kkaempf@suse.de> |
| 239 | +Forwarded: not-needed |
| 240 | +Origin: https://github.com/Openwsman/openwsman/commit/638abcbf5faa97ccb2c3ab15faeb2f2cc9363b56 |
| 241 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 242 | +Last-Update: 2014-02-27 |
| 243 | +--- |
| 244 | +--- openwsman-2.4.3.orig/src/lib/u/iniparser.c |
| 245 | ++++ openwsman-2.4.3/src/lib/u/iniparser.c |
| 246 | +@@ -218,11 +218,16 @@ static dictionary * dictionary_new(int size) |
| 247 | + if (size<DICTMINSZ) size=DICTMINSZ ; |
| 248 | + |
| 249 | + d = (dictionary *)calloc(1, sizeof(dictionary)); |
| 250 | +- d->size = size ; |
| 251 | +- d->val = (char **)calloc(size, sizeof(char*)); |
| 252 | +- d->key = (char **)calloc(size, sizeof(char*)); |
| 253 | +- d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); |
| 254 | +- |
| 255 | ++ if (d != NULL) { |
| 256 | ++ d->size = size ; |
| 257 | ++ d->val = (char **)calloc(size, sizeof(char*)); |
| 258 | ++ d->key = (char **)calloc(size, sizeof(char*)); |
| 259 | ++ d->hash = (unsigned int *)calloc(size, sizeof(unsigned)); |
| 260 | ++ } |
| 261 | ++ if ((d == NULL) || (d->val == NULL) || (d->key == NULL) || (d->hash == NULL)) { |
| 262 | ++ fprintf(stderr, "dictionary_new: memory allocation failure\n"); |
| 263 | ++ d = NULL; |
| 264 | ++ } |
| 265 | + return d; |
| 266 | + } |
| 267 | + |
| 268 | +@@ -884,6 +889,8 @@ dictionary * iniparser_new(char *ininame) |
| 269 | + * Initialize a new dictionary entry |
| 270 | + */ |
| 271 | + d = dictionary_new(0); |
| 272 | ++ if (d == NULL) |
| 273 | ++ return d; |
| 274 | + lineno = 0 ; |
| 275 | + while (fgets(lin, ASCIILINESZ, ini)!=NULL) { |
| 276 | + lineno++ ; |
| 277 | +--- openwsman-2.4.3.orig/src/plugins/redirect/redirect.c |
| 278 | ++++ openwsman-2.4.3/src/plugins/redirect/redirect.c |
| 279 | +@@ -99,7 +99,10 @@ int init( void *self, void **data ) |
| 280 | + dictionary *ini, *inc_ini; |
| 281 | + filename = (char *) wsmand_options_get_config_file(); |
| 282 | + ini = iniparser_new(filename); |
| 283 | +- |
| 284 | ++ if (ini == NULL) { |
| 285 | ++ error("redirect: iniparser_new failed"); |
| 286 | ++ return 0; |
| 287 | ++ } |
| 288 | + redirect_data = malloc (sizeof(struct __Redirect_Data)); |
| 289 | + if (redirect_data == NULL){ |
| 290 | + error("Failed while allocating memory for redirect_data"); |
| 291 | + |
| 292 | |
| 293 | === added file 'debian/patches/mem-allocation-mem-double-newptr-fix.patch' |
| 294 | --- debian/patches/mem-allocation-mem-double-newptr-fix.patch 1970-01-01 00:00:00 +0000 |
| 295 | +++ debian/patches/mem-allocation-mem-double-newptr-fix.patch 2014-06-06 18:06:02 +0000 |
| 296 | @@ -0,0 +1,37 @@ |
| 297 | +Description: fix unchecked memory allocation in mem_double(), newptr |
| 298 | +Author: <kkaempf@suse.de> |
| 299 | +Forwarded: not-needed |
| 300 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/89dabd4582e3fbb88328dd780e89baf6efb4ad3f |
| 301 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 302 | +Last-Update: 2014-02-27 |
| 303 | +--- |
| 304 | +--- openwsman-2.4.3.orig/src/lib/u/iniparser.c |
| 305 | ++++ openwsman-2.4.3/src/lib/u/iniparser.c |
| 306 | +@@ -152,6 +152,10 @@ static void * mem_double(void * ptr, int size) |
| 307 | + void *newptr; |
| 308 | + |
| 309 | + newptr = calloc(2*size, 1); |
| 310 | ++ if (newptr == NULL) { |
| 311 | ++ fprintf(stderr, "mem_double: allocation failed\n"); |
| 312 | ++ return NULL; |
| 313 | ++ } |
| 314 | + memcpy(newptr, ptr, size); |
| 315 | + free(ptr); |
| 316 | + return newptr ; |
| 317 | +@@ -346,8 +350,14 @@ static void dictionary_set(dictionary * d, char * key, char * val) |
| 318 | + |
| 319 | + /* Reached maximum size: reallocate blackboard */ |
| 320 | + d->val = (char **)mem_double(d->val, d->size * sizeof(char*)) ; |
| 321 | ++ if (d->val == NULL) |
| 322 | ++ exit(1); |
| 323 | + d->key = (char **)mem_double(d->key, d->size * sizeof(char*)) ; |
| 324 | ++ if (d->key == NULL) |
| 325 | ++ exit(1); |
| 326 | + d->hash = (unsigned int *)mem_double(d->hash, d->size * sizeof(unsigned)) ; |
| 327 | ++ if (d->hash == NULL) |
| 328 | ++ exit(1); |
| 329 | + |
| 330 | + /* Double size */ |
| 331 | + d->size *= 2 ; |
| 332 | + |
| 333 | + |
| 334 | |
| 335 | === added file 'debian/patches/mem-allocation-u-error-new-fix.patch' |
| 336 | --- debian/patches/mem-allocation-u-error-new-fix.patch 1970-01-01 00:00:00 +0000 |
| 337 | +++ debian/patches/mem-allocation-u-error-new-fix.patch 2014-06-06 18:06:02 +0000 |
| 338 | @@ -0,0 +1,22 @@ |
| 339 | +Description: fix unchecked memory allocation in u_error_new(), *error |
| 340 | +Author: <kkaempf@suse.de> |
| 341 | +Forwarded: not-needed |
| 342 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/d9b48a472819b258a34746a07256516653d5a141 |
| 343 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 344 | +Last-Update: 2014-02-27 |
| 345 | +--- |
| 346 | +--- openwsman-2.4.3.orig/src/lib/u/uerr.c |
| 347 | ++++ openwsman-2.4.3/src/lib/u/uerr.c |
| 348 | +@@ -44,6 +44,10 @@ void u_error_new(u_error_t **error, int code, const char *format, ...) |
| 349 | + return; |
| 350 | + |
| 351 | + *error = u_malloc(sizeof(u_error_t)); |
| 352 | ++ if (*error == NULL) { |
| 353 | ++ fprintf(stderr, "u_error_new: memory allocation failure\n"); |
| 354 | ++ return; |
| 355 | ++ } |
| 356 | + (*error)->code = code; |
| 357 | + va_start(args, format); |
| 358 | + (*error)->message = u_strdup_vprintf(format, args); |
| 359 | + |
| 360 | + |
| 361 | |
| 362 | === added file 'debian/patches/mem-allocation-wsman-init-plugins-fix.patch' |
| 363 | --- debian/patches/mem-allocation-wsman-init-plugins-fix.patch 1970-01-01 00:00:00 +0000 |
| 364 | +++ debian/patches/mem-allocation-wsman-init-plugins-fix.patch 2014-06-06 18:06:02 +0000 |
| 365 | @@ -0,0 +1,52 @@ |
| 366 | +Description: unchecked memory allocation in wsman_init_plugins(), p->ifc |
| 367 | + return NULL if alloc fails, handle NULL return in callers |
| 368 | +Author: <kkaempf@suse.de> |
| 369 | +Forwarded: not-needed |
| 370 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/d51551bf791083c00105e5d8ef0b3bc24e5bb4b5 |
| 371 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 372 | +Last-Update: 2014-02-27 |
| 373 | +--- |
| 374 | +--- openwsman-2.4.3.orig/src/lib/wsman-server.c |
| 375 | ++++ openwsman-2.4.3/src/lib/wsman-server.c |
| 376 | +@@ -102,6 +102,10 @@ WsContextH wsman_init_plugins(WsManListenerH * listener) |
| 377 | + |
| 378 | + p->ifc = (WsDispatchInterfaceInfo *) |
| 379 | + malloc(sizeof(WsDispatchInterfaceInfo)); |
| 380 | ++ if (p->ifc == NULL) { |
| 381 | ++ error("Memory allocation error while loading plugin"); |
| 382 | ++ return NULL; |
| 383 | ++ } |
| 384 | + ifcinfo = p->ifc; |
| 385 | + ifcinfo->extraData = p->data; |
| 386 | + p->set_config = dlsym(p->p_handle, "set_config"); |
| 387 | +--- openwsman-2.4.3.orig/src/server/wsmand-listener.c |
| 388 | ++++ openwsman-2.4.3/src/server/wsmand-listener.c |
| 389 | +@@ -674,21 +674,21 @@ WsManListenerH *wsmand_start_server(dictionary * ini) |
| 390 | + WsManListenerH *listener = wsman_dispatch_list_new(); |
| 391 | + listener->config = ini; |
| 392 | + WsContextH cntx = wsman_init_plugins(listener); |
| 393 | +- int num_threads=0; |
| 394 | +- int max_threads=wsmand_options_get_max_threads(); |
| 395 | ++ int num_threads = 0; |
| 396 | ++ int max_threads = wsmand_options_get_max_threads(); |
| 397 | + int max_connections_per_thread = wsmand_options_get_max_connections_per_thread(); |
| 398 | +- if(max_threads && !max_connections_per_thread){ |
| 399 | ++ if (max_threads && !max_connections_per_thread) { |
| 400 | + error("max_threads: %d and max_connections_per_thread : %d", max_threads, max_connections_per_thread); |
| 401 | + return listener; |
| 402 | + } |
| 403 | + |
| 404 | ++ if (cntx == NULL) { |
| 405 | ++ return listener; |
| 406 | ++ } |
| 407 | + #ifdef ENABLE_EVENTING_SUPPORT |
| 408 | + wsman_event_init(cntx->soap); |
| 409 | + #endif |
| 410 | + |
| 411 | +- if (cntx == NULL) { |
| 412 | +- return listener; |
| 413 | +- } |
| 414 | + #ifndef HAVE_SSL |
| 415 | + if (use_ssl) { |
| 416 | + error("Server configured without SSL support"); |
| 417 | + |
| 418 | |
| 419 | === added file 'debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch' |
| 420 | --- debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch 1970-01-01 00:00:00 +0000 |
| 421 | +++ debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch 2014-06-06 18:06:02 +0000 |
| 422 | @@ -0,0 +1,19 @@ |
| 423 | +Description: remove (unsafe) debug() call from sighup_handler |
| 424 | +Author: <kkaempf@suse.de> |
| 425 | +Forwarded: not-needed |
| 426 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/2cd98b07fa6930727a35da2b7409610b74535cae |
| 427 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 428 | +Last-Update: 2014-02-27 |
| 429 | +--- |
| 430 | +--- openwsman-2.4.3.orig/src/server/wsmand.c |
| 431 | ++++ openwsman-2.4.3/src/server/wsmand.c |
| 432 | +@@ -141,8 +141,6 @@ static void signal_handler(int sig_num) |
| 433 | + |
| 434 | + static void sighup_handler(int sig_num) |
| 435 | + { |
| 436 | +- debug("SIGHUP received; reloading data"); |
| 437 | +- |
| 438 | + if (wsmand_options_get_debug_level() == 0) { |
| 439 | + int fd; |
| 440 | + |
| 441 | + |
| 442 | |
| 443 | === modified file 'debian/patches/series' |
| 444 | --- debian/patches/series 2014-01-13 12:11:37 +0000 |
| 445 | +++ debian/patches/series 2014-06-06 18:06:02 +0000 |
| 446 | @@ -1,1 +1,12 @@ |
| 447 | cmake-python-includes.patch |
| 448 | +ws-xml-make-default-prefix-buff-overflow-fix.patch |
| 449 | +wsmc-create-request-fix-buff-overflow.patch |
| 450 | +LocalSubscriptionOpUpdate-fix-fopen.patch |
| 451 | +wsman-get-fault-status-sanity-guard-fix.patch |
| 452 | +mem-allocation-wsman-init-plugins-fix.patch |
| 453 | +mem-allocation-mem-double-newptr-fix.patch |
| 454 | +mem-allocation-dictionary-new-fix.patch |
| 455 | +mem-allocation-u-error-new-fix.patch |
| 456 | +remove-unsafe-debug-call-from-sighup-handler.patch |
| 457 | +SHA512-password-fixes.patch |
| 458 | +increase-password-upper-limit.patch |
| 459 | |
| 460 | === added file 'debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch' |
| 461 | --- debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch 1970-01-01 00:00:00 +0000 |
| 462 | +++ debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch 2014-06-06 18:06:02 +0000 |
| 463 | @@ -0,0 +1,29 @@ |
| 464 | +Description: ws_xml_make_default_prefix() overflow fix |
| 465 | + [PATCH] ws_xml_make_default_prefix() can overflow buf parameter via |
| 466 | + sprintf(). |
| 467 | +Author: <kkaempf@suse.de> |
| 468 | +Forwarded: not-needed |
| 469 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/1c21816f1d2cc63eee6326d0f1340d3341694e60 |
| 470 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 471 | +Last-Update: 2014-02-27 |
| 472 | + |
| 473 | +--- |
| 474 | +--- openwsman-2.4.3.orig/src/lib/wsman-xml.c |
| 475 | ++++ openwsman-2.4.3/src/lib/wsman-xml.c |
| 476 | +@@ -94,13 +94,13 @@ ws_xml_make_default_prefix(WsXmlNodeH node, |
| 477 | + for (i = 0; g_wsNsData[i].uri != NULL; i++) { |
| 478 | + WsXmlNsData *nsd = &g_wsNsData[i]; |
| 479 | + if (strcmp(uri, nsd->uri) == 0 && nsd->prefix) { |
| 480 | +- sprintf(buf, "%s", nsd->prefix ); |
| 481 | ++ snprintf(buf, bufsize, "%s", nsd->prefix ); |
| 482 | + return; |
| 483 | + } |
| 484 | + } |
| 485 | + } |
| 486 | + if(g_wsNsData[i].uri == NULL && bufsize >= 12) |
| 487 | +- sprintf(buf, "n%lu", ++doc->prefixIndex); |
| 488 | ++ snprintf(buf, bufsize, "n%lu", ++doc->prefixIndex); |
| 489 | + else |
| 490 | + buf[0] = 0; |
| 491 | + } |
| 492 | + |
| 493 | |
| 494 | === added file 'debian/patches/wsman-get-fault-status-sanity-guard-fix.patch' |
| 495 | --- debian/patches/wsman-get-fault-status-sanity-guard-fix.patch 1970-01-01 00:00:00 +0000 |
| 496 | +++ debian/patches/wsman-get-fault-status-sanity-guard-fix.patch 2014-06-06 18:06:02 +0000 |
| 497 | @@ -0,0 +1,64 @@ |
| 498 | +Description: fix incorrect order of sanity guards in |
| 499 | + wsman_get_fault_status_from_doc(). |
| 500 | +Author: <kkaempf@suse.de> |
| 501 | +Forwarded: not-needed |
| 502 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/ca68ddd7c24b238cbb94bc97ffac349ff25f07bf |
| 503 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 504 | +Last-Update: 2014-02-27 |
| 505 | +--- |
| 506 | +--- openwsman-2.4.3.orig/src/lib/wsman-faults.c |
| 507 | ++++ openwsman-2.4.3/src/lib/wsman-faults.c |
| 508 | +@@ -607,22 +607,37 @@ void |
| 509 | + wsman_get_fault_status_from_doc (WsXmlDocH doc, WsmanStatus *status) |
| 510 | + { |
| 511 | + int i; |
| 512 | +- char *subcode_value=ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); |
| 513 | +- char *subcode_value_msg =calloc(1,strlen(subcode_value)); |
| 514 | +- char *start_pos = strchr(subcode_value,':'); |
| 515 | +- strcpy(subcode_value_msg, start_pos+1); |
| 516 | +- if (strlen(subcode_value)== 0 ) return ; |
| 517 | ++ char *subcode_value = ws_xml_get_xpath_value(doc, FAULT_SUBCODE_VALUE_XPATH); |
| 518 | ++ char *subcode_value_msg; |
| 519 | ++ char *start_pos; |
| 520 | ++ |
| 521 | ++ if (strlen(subcode_value) == 0) |
| 522 | ++ return; |
| 523 | ++ |
| 524 | ++ subcode_value_msg = calloc(1, strlen(subcode_value)); |
| 525 | ++ if (subcode_value_msg == NULL) { |
| 526 | ++ error("Out of memory"); |
| 527 | ++ status->fault_code = WSMAN_INTERNAL_ERROR; |
| 528 | ++ /* some default values */ |
| 529 | ++ status->fault_detail_code = OWSMAN_SYSTEM_ERROR; |
| 530 | ++ status->fault_msg = NULL; |
| 531 | ++ return; |
| 532 | ++ } |
| 533 | ++ |
| 534 | ++ start_pos = strchr(subcode_value, ':'); |
| 535 | ++ if (start_pos != NULL) { |
| 536 | ++ strcpy(subcode_value_msg, start_pos+1); |
| 537 | + |
| 538 | +- int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); |
| 539 | +- for (i = 0; i < nfaults; i++) { |
| 540 | +- if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { |
| 541 | +- status->fault_code = fault_code_table[i].fault_code; |
| 542 | +- //some default values |
| 543 | +- status->fault_detail_code = 0; |
| 544 | +- status->fault_msg='\0'; |
| 545 | +- return; |
| 546 | ++ int nfaults = sizeof (fault_code_table) / sizeof (fault_code_table[0]); |
| 547 | ++ for (i = 0; i < nfaults; i++) { |
| 548 | ++ if (strcmp (subcode_value_msg , fault_code_table[i].subCode) == 0) { |
| 549 | ++ status->fault_code = fault_code_table[i].fault_code; |
| 550 | ++ /* some default values */ |
| 551 | ++ status->fault_detail_code = 0; |
| 552 | ++ status->fault_msg = NULL; |
| 553 | ++ return; |
| 554 | ++ } |
| 555 | + } |
| 556 | +- |
| 557 | + } |
| 558 | + return; |
| 559 | + } |
| 560 | + |
| 561 | + |
| 562 | |
| 563 | === added file 'debian/patches/wsmc-create-request-fix-buff-overflow.patch' |
| 564 | --- debian/patches/wsmc-create-request-fix-buff-overflow.patch 1970-01-01 00:00:00 +0000 |
| 565 | +++ debian/patches/wsmc-create-request-fix-buff-overflow.patch 2014-06-06 18:06:02 +0000 |
| 566 | @@ -0,0 +1,41 @@ |
| 567 | +Description: wsmc_create_request() buffer overflow fix |
| 568 | + wsmc_create_request() correct a potential buf[20] overflow via WSMAN_ACTION_RENEW. |
| 569 | +Author: <kkaempf@suse.de> |
| 570 | +Forwarded: not-needed |
| 571 | +Origin: upstream, https://github.com/Openwsman/openwsman/commit/a61b2074a90c9fb3019f49b6b347ad651a3f80af |
| 572 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089 |
| 573 | +Last-Update: 2014-02-27 |
| 574 | + |
| 575 | +--- |
| 576 | +--- openwsman-2.4.3.orig/src/lib/wsman-client.c |
| 577 | ++++ openwsman-2.4.3/src/lib/wsman-client.c |
| 578 | +@@ -855,7 +855,6 @@ wsmc_create_request(WsManClient * cl, const char *resource_uri, |
| 579 | + WsXmlNodeH header; |
| 580 | + WsXmlNodeH node; |
| 581 | + char *_action = NULL; |
| 582 | +- char buf[20]; |
| 583 | + if (action == WSMAN_ACTION_IDENTIFY) { |
| 584 | + request = ws_xml_create_envelope(); |
| 585 | + } else { |
| 586 | +@@ -964,14 +963,18 @@ wsmc_create_request(WsManClient * cl, const char *resource_uri, |
| 587 | + } |
| 588 | + break; |
| 589 | + case WSMAN_ACTION_RENEW: |
| 590 | ++ { |
| 591 | ++ char buf[20]; |
| 592 | + node = ws_xml_add_child(body, |
| 593 | + XML_NS_EVENTING, WSEVENT_RENEW, NULL); |
| 594 | +- sprintf(buf, "PT%fS", options->expires); |
| 595 | ++ /* %f default precision is 6 -> [-]ddd.ddd */ |
| 596 | ++ snprintf(buf, 20, "PT%fS", options->expires); |
| 597 | + ws_xml_add_child(node, XML_NS_EVENTING, WSEVENT_EXPIRES, buf); |
| 598 | + if(data) { |
| 599 | + if(((char *)data)[0] != 0) |
| 600 | + add_subscription_context(ws_xml_get_soap_header(request), (char *)data); |
| 601 | + } |
| 602 | ++ } |
| 603 | + break; |
| 604 | + case WSMAN_ACTION_NONE: |
| 605 | + case WSMAN_ACTION_TRANSFER_CREATE: |
| 606 | + |
| 607 | + |
Looks good except for some very minor trailing whitespace in debian/changelog. I can adjust this for the upload. Thanks!