squidguard: fix CVE-2009-3700 and CVE-2009-3826

Signed-off-by: Roman I Khimov <khimov@altell.ru>
author: Roman I Khimov <khimov@altell.ru> 2010-05-02 20:53:36 +0400
committer: Roman I Khimov <khimov@altell.ru> 2010-05-02 20:54:02 +0400
commit: 267fc260d31b9968036b3309362cb9f0bc2188f6 (patch)
tree: 6f9ef398974ebfa6d0b616baac5bed1010f46a88 /recipes
parent: 14d2edfcfdb5990e348f95b4b2064f5befb1c043 (diff)
download: openembedded-267fc260d31b9968036b3309362cb9f0bc2188f6.tar.gz
3 files changed, 75 insertions, 1 deletions
diff --git a/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch
new file mode 100644
index 0000000000..6f0d9a817d
--- /dev/null
+++ b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3700.patch
@@ -0,0 +1,46 @@
+Index: squidGuard-1.4/src/sgLog.c
+===================================================================
+--- squidGuard-1.4.orig/src/sgLog.c
++++ squidGuard-1.4/src/sgLog.c
+@@ -2,7 +2,7 @@
+   By accepting this notice, you agree to be bound by the following
+   agreements:
+   
+-  This software product, squidGuard, is copyrighted (C) 1998-2007
++  This software product, squidGuard, is copyrighted (C) 1998-2009
+   by Christine Kronberg, Shalla Secure Services. All rights reserved.
+  
+   This program is free software; you can redistribute it and/or modify it
+@@ -55,8 +55,8 @@ void sgLog(log, format, va_alist)
+   char msg[MAX_BUF];
+   va_list ap;
+   VA_START(ap, format);
+-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
+-    fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno));
++  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
++    fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno));
+   va_end(ap);
+   date = niso(0);
+   if(globalDebug || log == NULL) {
+@@ -87,8 +87,8 @@ void sgLogError(format, va_alist)
+   char msg[MAX_BUF];
+   va_list ap;
+   VA_START(ap, format);
+-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
+-    sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno));
++  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
++    sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+   va_end(ap);
+   sgLog(globalErrorLog,"%s",msg);
+ }
+@@ -104,8 +104,8 @@ void sgLogFatalError(format, va_alist)
+   char msg[MAX_BUF];
+   va_list ap;
+   VA_START(ap, format);
+-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
+-    return;
++  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
++    sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
+   va_end(ap);
+   sgLog(globalErrorLog,"%s",msg);
+   sgEmergency();
diff --git a/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch
new file mode 100644
index 0000000000..8d2b6230cc
--- /dev/null
+++ b/recipes/squidguard/squidguard-1.4/squidguard-fix-CVE-2009-3826.patch
@@ -0,0 +1,26 @@
+Index: squidGuard-1.4/src/sg.h.in
+===================================================================
+--- squidGuard-1.4.orig/src/sg.h.in
++++ squidGuard-1.4/src/sg.h.in
+@@ -73,7 +73,7 @@ int tolower();
+ #define REQUEST_TYPE_REDIRECT   2
+ #define REQUEST_TYPE_PASS       3
+ 
+-#define MAX_BUF 4096
++#define MAX_BUF 12288
+ 
+ #define DEFAULT_LOGFILE "squidGuard.log"
+ #define WARNING_LOGFILE "squidGuard.log"
+Index: squidGuard-1.4/src/sgDiv.c.in
+===================================================================
+--- squidGuard-1.4.orig/src/sgDiv.c.in
++++ squidGuard-1.4/src/sgDiv.c.in
+@@ -745,7 +745,7 @@ char *sgParseRedirect(redirect, req, acl
+       p++;
+       break;
+     case 'u': /* Requested URL */
+-      strcat(buf, req->orig);
++      strncat(buf, req->orig, 2048);
+       p++;
+       break;
+     default:
diff --git a/recipes/squidguard/squidguard_1.4.bb b/recipes/squidguard/squidguard_1.4.bb
index e77469fbed..c3408f7a8b 100644
--- a/recipes/squidguard/squidguard_1.4.bb
+++ b/recipes/squidguard/squidguard_1.4.bb
@@ -4,13 +4,15 @@ SECTION = "network"
 DEPENDS = "virtual/db openldap mysql5 zlib"
 RDEPENDS += "squid"
 LICENSE = "GPL"
-PR = "r0"
+PR = "r1"
 
 SRC_URI = " \
 	http://www.squidguard.org/Downloads/squidGuard-${PV}.tar.gz;name=tar \
 	file://squidguard-1.4-no_header_checks.patch;patch=1 \
 	file://squidguard-1.4-fix-parallel-build.patch;patch=1 \
 	file://squidguard-cross-ldap.patch;patch=1 \
+	file://squidguard-fix-CVE-2009-3700.patch;patch=1 \
+	file://squidguard-fix-CVE-2009-3826.patch;patch=1 \
 	file://squidGuard.conf \
 	"
 SRC_URI[tar.md5sum] = "de834150998c1386c30feae196f16b06"
author	Roman I Khimov <khimov@altell.ru>	2010-05-02 20:53:36 +0400
committer	Roman I Khimov <khimov@altell.ru>	2010-05-02 20:54:02 +0400
commit	267fc260d31b9968036b3309362cb9f0bc2188f6 (patch)
tree	6f9ef398974ebfa6d0b616baac5bed1010f46a88 /recipes
parent	14d2edfcfdb5990e348f95b4b2064f5befb1c043 (diff)
download	openembedded-267fc260d31b9968036b3309362cb9f0bc2188f6.tar.gz