mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2025-12-15 23:05:34 +01:00
znc: Fix for CVE-2013-2130
ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp. Per: http://cwe.mitre.org/data/definitions/476.html CWE-476: NULL Pointer Dereference Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This commit is contained in:
Xufeng Zhang
Joe MacDonald
parent
71bb2dc7c3
commit
c1094b8af7
|
|
@ -0,0 +1,58 @@
|
|||
Subject: [PATCH] Fix NULL pointer dereference in webadmin.
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
commit 2bd410ee5570cea127233f1133ea22f25174eb28 upstream
|
||||
|
||||
Triggerable by any non-admin, if webadmin is loaded.
|
||||
|
||||
The only affected version is 1.0
|
||||
|
||||
Thanks to ChauffeR (Simone Esposito) for reporting this.
|
||||
---
|
||||
modules/webadmin.cpp | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp
|
||||
index b793c02..816f217 100644
|
||||
--- a/modules/webadmin.cpp
|
||||
+++ b/modules/webadmin.cpp
|
||||
@@ -419,7 +419,7 @@ public:
|
||||
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
|
||||
|
||||
// Admin||Self Check
|
||||
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
|
||||
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -448,7 +448,7 @@ public:
|
||||
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
|
||||
|
||||
// Admin||Self Check
|
||||
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
|
||||
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -472,7 +472,7 @@ public:
|
||||
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
|
||||
|
||||
// Admin||Self Check
|
||||
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
|
||||
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -486,7 +486,7 @@ public:
|
||||
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
|
||||
|
||||
// Admin||Self Check
|
||||
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
|
||||
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
--
|
||||
1.8.5.2.233.g932f7e4
|
||||
|
||||
|
|
@ -7,7 +7,9 @@ DEPENDS = "openssl"
|
|||
PV = "1.0+git"
|
||||
|
||||
SRCREV = "ef59c23068547c132cb678092fba9a21317fd5f2"
|
||||
SRC_URI = "git://github.com/znc/znc.git"
|
||||
SRC_URI = "git://github.com/znc/znc.git \
|
||||
file://0001-Fix-NULL-pointer-dereference-in-webadmin.patch \
|
||||
"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user