Hi Attached you will find my NMU proposal. Please include it in your next upload and tell me, if you do not want me to upload this NMU. Thanks in advance.
Cheers Steffen
diff -u slocate-3.1/debian/changelog slocate-3.1/debian/changelog
--- slocate-3.1/debian/changelog
+++ slocate-3.1/debian/changelog
@@ -1,3 +1,13 @@
+slocate (3.1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing security team
+ * Include patch to prevent users obtaining names of private files
+ (apply patch directly, since no patch system is used so far)
+ (Closes: #411937) Fixes: CVE-2007-0227
+ Thanks to Kees Cook
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Mon, 13 Aug 2007 10:15:47 +0000
+
slocate (3.1-1) unstable; urgency=low
* User defines database paths were not being parsed correctly. Thanks to
only in patch2:
unchanged:
--- slocate-3.1.orig/src/utils.c
+++ slocate-3.1/src/utils.c
@@ -524,6 +524,7 @@
{
struct stat path_stat;
int ret = 0;
+ char *path_copy = NULL;
char *ptr = NULL;
if (lstat(path, &path_stat) == -1)
@@ -532,15 +533,25 @@
if (!S_ISLNK(path_stat.st_mode)) {
if (access(path, F_OK) != 0)
goto EXIT;
- } else if ((ptr = rindex(path, '/'))) {
- *ptr = 0;
- if (access(path, F_OK) == 0)
- ret = 1;
- *ptr = '/';
- goto EXIT;
}
+ /* "path" is const, so we shouldn't modify it. Also, for speed,
+ * I suspect strdup/free is less expensive than the deep access
+ * checks... */
+ if (!(path_copy = strdup(path)))
+ goto EXIT;
+
ret = 1;
+
+ /* Each directory leading to the file (symlink or not) must be
+ * readable for us to allow it to be listed in search results. */
+ while (ret && (ptr=rindex(path_copy,'/'))) {
+ *ptr=0;
+ if (*path_copy && access(path_copy, R_OK) != 0)
+ ret = 0;
+ }
+ free(path_copy);
+
EXIT:
return ret;
}
signature.asc
Description: This is a digitally signed message part.
