svn commit: r303652 - in head/security: squidclamav squidclamav/files vuxml
Eygene Ryabinkin
rea at FreeBSD.org
Tue Sep 4 13:45:29 UTC 2012
Author: rea
Date: Tue Sep 4 13:45:28 2012
New Revision: 303652
URL: http://svn.freebsd.org/changeset/ports/303652
Log:
security/squidclamav: fix DoS and XSS vulnerabilities
Apply upstream patches for CVE-2012-3501 and CVE-2012-4667.
Security: http://www.vuxml.org/freebsd/ce680f0a-eea6-11e1-8bd8-0022156e8794.html
Security: http://www.vuxml.org/freebsd/8defa0f9-ee8a-11e1-8bd8-0022156e8794.html
PR: 171022
QA page: http://codelabs.ru/fbsd/ports/qa/security/squidclamav/5.7_1
Approved by: maintainer timeout (1 week)
Added:
head/security/squidclamav/files/patch-cve-2012-3501 (contents, props changed)
head/security/squidclamav/files/patch-cve-2012-4667 (contents, props changed)
Modified:
head/security/squidclamav/Makefile
head/security/vuxml/vuln.xml
Modified: head/security/squidclamav/Makefile
==============================================================================
--- head/security/squidclamav/Makefile Tue Sep 4 11:54:30 2012 (r303651)
+++ head/security/squidclamav/Makefile Tue Sep 4 13:45:28 2012 (r303652)
@@ -7,6 +7,7 @@
PORTNAME= squidclamav
PORTVERSION= 5.7
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= SF
Added: head/security/squidclamav/files/patch-cve-2012-3501
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/squidclamav/files/patch-cve-2012-3501 Tue Sep 4 13:45:28 2012 (r303652)
@@ -0,0 +1,71 @@
+Fix CVE-2012-3501, DoS when external URL checker is used
+
+This fix was integrated into 6.7 and 5.8.
+
+Obtained-from: https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00.diff
+
+--- src/squidclamav.c.orig 2010-12-11 15:20:46.000000000 +0300
++++ src/squidclamav.c 2012-08-25 15:55:51.708586983 +0400
+@@ -62,6 +62,7 @@
+ static char * escape_quote (char *s);
+ void timeit (struct timeval start, char *level);
+ int dconnect (void);
++char * replace(const char *s, const char *old, const char *new);
+ void replace_chr(char string[], char *from, char *to);
+ void free_global (); /* routine to free global pointer */
+ void freeBuff (struct IN_BUFF);
+@@ -474,11 +475,15 @@
+ /* chaining with SquidGuard - before bridge mode or not*/
+ if ((bridge_mode == 0) && (squidguard != NULL)) {
+ if (usepipe == 1) {
++ char *rbuff = NULL;
++ /* escaping escaped character to prevent unescaping by squidguard */
++ rbuff = replace(rbuff, "%", "%25");
+ if (debug > 0)
+ logit(log_file, "DEBUG Sending request to chained program: %s\n", squidguard);
+ fprintf(sgfpw,"%s\n",sbuff);
+ fflush(sgfpw);
+ xfree(escaped);
++ xfree(rbuff);
+ escaped = NULL;
+ /* the chained redirector must return empty line if ok or the redirection url */
+ chain_ret = (char *)malloc(sizeof(char)*MAX_URL);
+@@ -1114,3 +1119,38 @@
+ }
+
+
++/**
++ * Searches all occurrences of old into s
++ * and replaces with new
++ */
++char *
++replace(const char *s, const char *old, const char *new)
++{
++ char *ret;
++ int i, count = 0;
++ size_t newlen = strlen(new);
++ size_t oldlen = strlen(old);
++
++ for (i = 0; s[i] != '\0'; i++) {
++ if (strstr(&s[i], old) == &s[i]) {
++ count++;
++ i += oldlen - 1;
++ }
++ }
++ ret = malloc(i + 1 + count * (newlen - oldlen));
++ if (ret != NULL) {
++ i = 0;
++ while (*s) {
++ if (strstr(s, old) == s) {
++ strcpy(&ret[i], new);
++ i += newlen;
++ s += oldlen;
++ } else {
++ ret[i++] = *s++;
++ }
++ }
++ ret[i] = '\0';
++ }
++
++ return ret;
++}
Added: head/security/squidclamav/files/patch-cve-2012-4667
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/squidclamav/files/patch-cve-2012-4667 Tue Sep 4 13:45:28 2012 (r303652)
@@ -0,0 +1,124 @@
+Fixes CVE-2012-4667, XSS in clwarn.cgi
+
+Integrated to 5.8 and 6.7.
+
+Obtained-from: https://github.com/darold/squidclamav/commit/5806d10a31183a0b0d18eccc3a3e04e536e2315b.diff
+
+diff --git a/cgi-bin/clwarn.cgi b/cgi-bin/clwarn.cgi
+index 9333bef..a43eca7 100755
+--- cgi-bin/clwarn.cgi
++++ cgi-bin/clwarn.cgi
+@@ -7,11 +7,11 @@ my $VERSION = '6.6';
+
+ my $cgi = new CGI;
+
+-my $url = $cgi->param('url') || '';
+-my $virus = $cgi->param('virus') || '';
+-my $source = $cgi->param('source') || '';
++my $url = CGI::escapeHTML($cgi->param('url')) || '';
++my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
++my $source = CGI::escapeHTML($cgi->param('source')) || '';
+ $source =~ s/\/-//;
+-my $user = $cgi->param('user') || '';
++my $user = CGI::escapeHTML($cgi->param('user')) || '';
+
+
+ my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection";
+diff --git a/cgi-bin/clwarn.cgi.de_DE b/cgi-bin/clwarn.cgi.de_DE
+index 700c3df..3f21180 100755
+--- cgi-bin/clwarn.cgi.de_DE
++++ cgi-bin/clwarn.cgi.de_DE
+@@ -7,11 +7,11 @@ my $VERSION = '6.6';
+
+ my $cgi = new CGI;
+
+-my $url = $cgi->param('url') || '';
+-my $virus = $cgi->param('virus') || '';
+-my $source = $cgi->param('source') || '';
++my $url = CGI::escapeHTML($cgi->param('url')) || '';
++my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
++my $source = CGI::escapeHTML($cgi->param('source')) || '';
+ $source =~ s/\/-//;
+-my $user = $cgi->param('user') || '';
++my $user = CGI::escapeHTML($cgi->param('user')) || '';
+
+ my $TITLE_VIRUS = "Virus Alarm";
+ my $subtitle = 'enthält folgenden Virus';
+diff --git a/cgi-bin/clwarn.cgi.en_EN b/cgi-bin/clwarn.cgi.en_EN
+index d246e54..6e70e46 100755
+--- cgi-bin/clwarn.cgi.en_EN
++++ cgi-bin/clwarn.cgi.en_EN
+@@ -7,11 +7,11 @@ my $VERSION = '6.6';
+
+ my $cgi = new CGI;
+
+-my $url = $cgi->param('url') || '';
+-my $virus = $cgi->param('virus') || '';
+-my $source = $cgi->param('source') || '';
++my $url = CGI::escapeHTML($cgi->param('url')) || '';
++my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
++my $source = CGI::escapeHTML($cgi->param('source')) || '';
+ $source =~ s/\/-//;
+-my $user = $cgi->param('user') || '';
++my $user = CGI::escapeHTML($cgi->param('user')) || '';
+
+ my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection";
+ my $subtitle = 'contains the virus';
+diff --git a/cgi-bin/clwarn.cgi.fr_FR b/cgi-bin/clwarn.cgi.fr_FR
+index c0b3896..323fa30 100755
+--- cgi-bin/clwarn.cgi.fr_FR
++++ cgi-bin/clwarn.cgi.fr_FR
+@@ -7,11 +7,11 @@ my $VERSION = '6.6';
+
+ my $cgi = new CGI;
+
+-my $url = $cgi->param('url') || '';
+-my $virus = $cgi->param('virus') || '';
+-my $source = $cgi->param('source') || '';
++my $url = CGI::escapeHTML($cgi->param('url')) || '';
++my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
++my $source = CGI::escapeHTML($cgi->param('source')) || '';
+ $source =~ s/\/-//;
+-my $user = $cgi->param('user') || '';
++my $user = CGI::escapeHTML($cgi->param('user')) || '';
+
+ my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection";
+ my $subtitle = 'contient le virus';
+diff --git a/cgi-bin/clwarn.cgi.pt_BR b/cgi-bin/clwarn.cgi.pt_BR
+index 6bf12a0..1a6492a 100755
+--- cgi-bin/clwarn.cgi.pt_BR
++++ cgi-bin/clwarn.cgi.pt_BR
+@@ -7,8 +7,11 @@ my $VERSION = '6.6';
+
+ my $cgi = new CGI;
+
+-my $url = $cgi->param('url') || '';
+-my $virus = $cgi->param('virus') || '';
++my $url = CGI::escapeHTML($cgi->param('url')) || '';
++my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
++my $source = CGI::escapeHTML($cgi->param('source')) || '';
++$source =~ s/\/-//;
++my $user = CGI::escapeHTML($cgi->param('user')) || '';
+
+ my $TITLE_VIRUS = "SquidClamAv $VERSION: Foi detectado um vírus!";
+ my $subtitle = 'está infectada pelo vírus';
+diff --git a/cgi-bin/clwarn.cgi.ru_RU b/cgi-bin/clwarn.cgi.ru_RU
+index 21e4d94..1e82a0b 100755
+--- cgi-bin/clwarn.cgi.ru_RU
++++ cgi-bin/clwarn.cgi.ru_RU
+@@ -7,11 +7,11 @@ my $VERSION = '6.6';
+
+ my $cgi = new CGI;
+
+-my $url = $cgi->param('url') || '';
+-my $virus = $cgi->param('virus') || '';
+-my $source = $cgi->param('source') || '';
++my $url = CGI::escapeHTML($cgi->param('url')) || '';
++my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
++my $source = CGI::escapeHTML($cgi->param('source')) || '';
+ $source =~ s/\/-//;
+-my $user = $cgi->param('user') || '';
++my $user = CGI::escapeHTML($cgi->param('user')) || '';
+
+ my $TITLE_VIRUS = "SquidClamAv $VERSION: ÐбнаÑÑжен виÑÑÑ!";
+ my $subtitle = 'ÑодеÑÐ¶Ð¸Ñ Ð²Ð¸ÑÑÑ';
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Sep 4 11:54:30 2012 (r303651)
+++ head/security/vuxml/vuln.xml Tue Sep 4 13:45:28 2012 (r303652)
@@ -695,7 +695,7 @@ Note: Please add new entries to the beg
<affects>
<package>
<name>squidclamav</name>
- <range><lt>5.8</lt></range>
+ <range><lt>5.7_1</lt></range>
<range><ge>6.0</ge><lt>6.7</lt></range>
</package>
</affects>
@@ -722,6 +722,7 @@ Note: Please add new entries to the beg
<dates>
<discovery>2012-07-24</discovery>
<entry>2012-08-25</entry>
+ <modified>2012-09-04</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list