Bug#994880: bullseye-pu: package ulfius/2.7.1-1

Wed, 22 Sep 2021 06:27:18 -0700 

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu

Fix CVE-2021-40540 in Bullseye

[ Reason ]
Ulfius package contains the bug that is rewferred by CVE-2021-40540

[ Impact ]
Application segfault when a malformed http request is received

[ Tests ]
none

[ Risks ]
the patch is trivial, the risk is low

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
add 'memset(con_info, 0, sizeof(struct connection_info_struct));' after
con_info is malloced to initialize the structure and avoid testing an undefined
value.

[ Other info ]
(Anything else the release team should know.)

diff -Nru ulfius-2.7.1/debian/changelog ulfius-2.7.1/debian/changelog
--- ulfius-2.7.1/debian/changelog       2021-01-03 09:03:05.000000000 -0500
+++ ulfius-2.7.1/debian/changelog       2021-09-19 15:39:39.000000000 -0400
@@ -1,3 +1,9 @@
+ulfius (2.7.1-1+deb11u1) bullseye; urgency=medium
+
+  * d/patches: Fix CVE-2021-40540 (Closes: #994763)
+
+ -- Nicolas Mora <babelou...@debian.org>  Sun, 19 Sep 2021 15:39:39 -0400
+
 ulfius (2.7.1-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru ulfius-2.7.1/debian/patches/CVE-2021-40540.patch 
ulfius-2.7.1/debian/patches/CVE-2021-40540.patch
--- ulfius-2.7.1/debian/patches/CVE-2021-40540.patch    1969-12-31 
19:00:00.000000000 -0500
+++ ulfius-2.7.1/debian/patches/CVE-2021-40540.patch    2021-09-19 
15:39:20.000000000 -0400
@@ -0,0 +1,13 @@
+Description: Fix CVE-2021-40540
+Author: Nicolas Mora <babelou...@debian.org>
+Forwarded: not-needed
+--- a/src/ulfius.c
++++ b/src/ulfius.c
+@@ -207,6 +207,7 @@
+   UNUSED(cls);
+ 
+   if (con_info != NULL) {
++    memset(con_info, 0, sizeof(struct connection_info_struct));
+     con_info->callback_first_iteration = 1;
+     con_info->u_instance = NULL;
+     u_map_init(&con_info->map_url_initial);
diff -Nru ulfius-2.7.1/debian/patches/series ulfius-2.7.1/debian/patches/series
--- ulfius-2.7.1/debian/patches/series  2021-01-03 09:03:05.000000000 -0500
+++ ulfius-2.7.1/debian/patches/series  2021-09-19 15:39:39.000000000 -0400
@@ -1,2 +1,3 @@
 examples.patch
 doc.patch
+CVE-2021-40540.patch

Reply via email to