Hi.
I prepared a patch for the security problem in pound:
diff -Naur pound-1.8.2.bak/debian/changelog pound-1.8.2/debian/changelog
--- pound-1.8.2.bak/debian/changelog 2005-05-05 22:22:44.190098920 +0200
+++ pound-1.8.2/debian/changelog 2005-05-05 22:55:11.950994256 +0200
@@ -1,3 +1,12 @@
+pound (1.8.2-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * CAN-2005-1391: Fix possible buffer overflow in the add_port
+ function which could be triggered by a long Host: header
+ from a remote host (Closes: #307852)
+
+ -- Frank Lichtenheld <[EMAIL PROTECTED]> Thu, 5 May 2005 22:32:12 +0200
+
pound (1.8.2-1) unstable; urgency=low
* New upstream version, closes: #285357
diff -Naur pound-1.8.2.bak/svc.c pound-1.8.2/svc.c
--- pound-1.8.2.bak/svc.c 2005-03-07 19:09:35.000000000 +0100
+++ pound-1.8.2/svc.c 2005-05-05 22:37:32.368075344 +0200
@@ -690,7 +690,7 @@
if(strchr(host, ':') != NULL)
/* the host already contains a port */
return NULL;
- sprintf(res, "Host: %s:%hd", host, ntohs(to_host->sin_port));
+ snprintf(res, MAXBUF - 1, "Host: %s:%hd", host, ntohs(to_host->sin_port));
return strdup(res);
}
I can do a NMU for this problem if wanted.
Gruesse,
--
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
