Mageia Bugzilla – Attachment 11644 Details for
Bug 26413
coturn new security issues CVE-2020-606[12]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
[patch]
Accidentally used commit as patch, my bad
patch (text/plain), 5.08 KB, created by
Elliot L
on 2020-05-13 17:42:26 CEST
(
hide
)
Description:
Accidentally used commit as patch, my bad
Filename:
MIME Type:
Creator:
Elliot L
Created:
2020-05-13 17:42:26 CEST
Size:
5.08 KB
patch
obsolete
>Index: SOURCES/coturn-4.5.1.1-cve-2020-6061.patch >=================================================================== >--- SOURCES/coturn-4.5.1.1-cve-2020-6061.patch (nonexistent) >+++ SOURCES/coturn-4.5.1.1-cve-2020-6061.patch (working copy) >@@ -0,0 +1,22 @@ >+From 51a7c2b9bf924890c7a3ff4db9c4976c5a93340a Mon Sep 17 00:00:00 2001 >+From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu> >+Date: Mon, 17 Feb 2020 10:34:56 +0100 >+Subject: [PATCH] Fix: CVE-2020-6061/TALOS-2020-0984 >+ >+--- >+ src/apps/relay/http_server.c | 2 +- >+ 1 file changed, 1 insertion(+), 1 deletion(-) >+ >+diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c >+index 573af49b..1126b49c 100644 >+--- a/src/apps/relay/http_server.c >++++ b/src/apps/relay/http_server.c >+@@ -103,7 +103,7 @@ const char* get_http_date_header() >+ >+ static struct headers_list * post_parse(char *data, size_t data_len) >+ { >+- while((*data=='\r')||(*data=='\n')) ++data; >++ while((*data=='\r')||(*data=='\n')) { ++data; --data_len; } >+ char *post_data = (char*)calloc(data_len + 1, sizeof(char)); >+ memcpy(post_data, data, data_len); >+ char *fmarker = NULL; >Index: SOURCES/coturn-4.5.1.1-cve-2020-6062.patch >=================================================================== >--- SOURCES/coturn-4.5.1.1-cve-2020-6062.patch (nonexistent) >+++ SOURCES/coturn-4.5.1.1-cve-2020-6062.patch (working copy) >@@ -0,0 +1,85 @@ >+From e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 Mon Sep 17 00:00:00 2001 >+From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu> >+Date: Tue, 18 Feb 2020 12:31:38 +0100 >+Subject: [PATCH] Fix: CVE-2020-6062 / TALOS-2020-0985 >+ >+--- >+ src/apps/relay/http_server.c | 63 ++++++++++++++++++++---------------- >+ 1 file changed, 36 insertions(+), 27 deletions(-) >+ >+diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c >+index 1126b49c..ff8e3992 100644 >+--- a/src/apps/relay/http_server.c >++++ b/src/apps/relay/http_server.c >+@@ -104,35 +104,44 @@ const char* get_http_date_header() >+ static struct headers_list * post_parse(char *data, size_t data_len) >+ { >+ while((*data=='\r')||(*data=='\n')) { ++data; --data_len; } >+- char *post_data = (char*)calloc(data_len + 1, sizeof(char)); >+- memcpy(post_data, data, data_len); >+- char *fmarker = NULL; >+- char *fsplit = strtok_r(post_data, "&", &fmarker); >+- struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); >+- ns_bzero(list,sizeof(struct headers_list)); >+- while (fsplit != NULL) { >+- char *vmarker = NULL; >+- char *key = strtok_r(fsplit, "=", &vmarker); >+- char *value = strtok_r(NULL, "=", &vmarker); >+- char empty[1]; >+- empty[0]=0; >+- value = value ? value : empty; >+- value = evhttp_decode_uri(value); >+- char *p = value; >+- while (*p) { >+- if (*p == '+') >+- *p = ' '; >+- p++; >++ if (data_len) { >++ char *post_data = (char*)calloc(data_len + 1, sizeof(char)); >++ if (post_data != NULL) { >++ memcpy(post_data, data, data_len); >++ char *fmarker = NULL; >++ char *fsplit = strtok_r(post_data, "&", &fmarker); >++ struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); >++ bzero(list,sizeof(struct headers_list)); >++ while (fsplit != NULL) { >++ char *vmarker = NULL; >++ char *key = strtok_r(fsplit, "=", &vmarker); >++ if (key == NULL) >++ break; >++ else { >++ char *value = strtok_r(NULL, "=", &vmarker); >++ char empty[1]; >++ empty[0]=0; >++ value = value ? value : empty; >++ value = evhttp_decode_uri(value); >++ char *p = value; >++ while (*p) { >++ if (*p == '+') >++ *p = ' '; >++ p++; >++ } >++ list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); >++ list->keys[list->n] = strdup(key); >++ list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); >++ list->values[list->n] = value; >++ ++(list->n); >++ fsplit = strtok_r(NULL, "&", &fmarker); >++ } >++ } >++ free(post_data); >++ return list; >+ } >+- list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); >+- list->keys[list->n] = strdup(key); >+- list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); >+- list->values[list->n] = value; >+- ++(list->n); >+- fsplit = strtok_r(NULL, "&", &fmarker); >+ } >+- free(post_data); >+- return list; >++ return NULL; >+ } >+ >+ static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post) >Index: SPECS/coturn.spec >=================================================================== >--- SPECS/coturn.spec (revision 1583436) >+++ SPECS/coturn.spec (working copy) >@@ -1,4 +1,5 @@ > %define sname turnserver >+%global subrel 1 > > # We don't yet ship libmongoc > #%bcond_with build_mongodb >@@ -12,6 +13,8 @@ > Summary: Free open source implementation of TURN and STUN Server > URL: http://coturn.github.io > Source: https://github.com/%{name}/%{name}/archive/%{version}/%{name}-%{version}.tar.gz >+Patch0: coturn-4.5.1.1-cve-2020-6061.patch >+Patch1: coturn-4.5.1.1-cve-2020-6062.patch > BuildRequires: pkgconfig(openssl) >= 1.0.2 > BuildRequires: pkgconfig(libevent) >= 2.0 > BuildRequires: pkgconfig(sqlite3) >@@ -31,6 +34,7 @@ > > %prep > %setup -q >+%autopatch -p1 > > %build
Index: SOURCES/coturn-4.5.1.1-cve-2020-6061.patch =================================================================== --- SOURCES/coturn-4.5.1.1-cve-2020-6061.patch (nonexistent) +++ SOURCES/coturn-4.5.1.1-cve-2020-6061.patch (working copy) @@ -0,0 +1,22 @@ +From 51a7c2b9bf924890c7a3ff4db9c4976c5a93340a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu> +Date: Mon, 17 Feb 2020 10:34:56 +0100 +Subject: [PATCH] Fix: CVE-2020-6061/TALOS-2020-0984 + +--- + src/apps/relay/http_server.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c +index 573af49b..1126b49c 100644 +--- a/src/apps/relay/http_server.c ++++ b/src/apps/relay/http_server.c +@@ -103,7 +103,7 @@ const char* get_http_date_header() + + static struct headers_list * post_parse(char *data, size_t data_len) + { +- while((*data=='\r')||(*data=='\n')) ++data; ++ while((*data=='\r')||(*data=='\n')) { ++data; --data_len; } + char *post_data = (char*)calloc(data_len + 1, sizeof(char)); + memcpy(post_data, data, data_len); + char *fmarker = NULL; Index: SOURCES/coturn-4.5.1.1-cve-2020-6062.patch =================================================================== --- SOURCES/coturn-4.5.1.1-cve-2020-6062.patch (nonexistent) +++ SOURCES/coturn-4.5.1.1-cve-2020-6062.patch (working copy) @@ -0,0 +1,85 @@ +From e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu> +Date: Tue, 18 Feb 2020 12:31:38 +0100 +Subject: [PATCH] Fix: CVE-2020-6062 / TALOS-2020-0985 + +--- + src/apps/relay/http_server.c | 63 ++++++++++++++++++++---------------- + 1 file changed, 36 insertions(+), 27 deletions(-) + +diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c +index 1126b49c..ff8e3992 100644 +--- a/src/apps/relay/http_server.c ++++ b/src/apps/relay/http_server.c +@@ -104,35 +104,44 @@ const char* get_http_date_header() + static struct headers_list * post_parse(char *data, size_t data_len) + { + while((*data=='\r')||(*data=='\n')) { ++data; --data_len; } +- char *post_data = (char*)calloc(data_len + 1, sizeof(char)); +- memcpy(post_data, data, data_len); +- char *fmarker = NULL; +- char *fsplit = strtok_r(post_data, "&", &fmarker); +- struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); +- ns_bzero(list,sizeof(struct headers_list)); +- while (fsplit != NULL) { +- char *vmarker = NULL; +- char *key = strtok_r(fsplit, "=", &vmarker); +- char *value = strtok_r(NULL, "=", &vmarker); +- char empty[1]; +- empty[0]=0; +- value = value ? value : empty; +- value = evhttp_decode_uri(value); +- char *p = value; +- while (*p) { +- if (*p == '+') +- *p = ' '; +- p++; ++ if (data_len) { ++ char *post_data = (char*)calloc(data_len + 1, sizeof(char)); ++ if (post_data != NULL) { ++ memcpy(post_data, data, data_len); ++ char *fmarker = NULL; ++ char *fsplit = strtok_r(post_data, "&", &fmarker); ++ struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list)); ++ bzero(list,sizeof(struct headers_list)); ++ while (fsplit != NULL) { ++ char *vmarker = NULL; ++ char *key = strtok_r(fsplit, "=", &vmarker); ++ if (key == NULL) ++ break; ++ else { ++ char *value = strtok_r(NULL, "=", &vmarker); ++ char empty[1]; ++ empty[0]=0; ++ value = value ? value : empty; ++ value = evhttp_decode_uri(value); ++ char *p = value; ++ while (*p) { ++ if (*p == '+') ++ *p = ' '; ++ p++; ++ } ++ list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); ++ list->keys[list->n] = strdup(key); ++ list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); ++ list->values[list->n] = value; ++ ++(list->n); ++ fsplit = strtok_r(NULL, "&", &fmarker); ++ } ++ } ++ free(post_data); ++ return list; + } +- list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1)); +- list->keys[list->n] = strdup(key); +- list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1)); +- list->values[list->n] = value; +- ++(list->n); +- fsplit = strtok_r(NULL, "&", &fmarker); + } +- free(post_data); +- return list; ++ return NULL; + } + + static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post) Index: SPECS/coturn.spec =================================================================== --- SPECS/coturn.spec (revision 1583436) +++ SPECS/coturn.spec (working copy) @@ -1,4 +1,5 @@ %define sname turnserver +%global subrel 1 # We don't yet ship libmongoc #%bcond_with build_mongodb @@ -12,6 +13,8 @@ Summary: Free open source implementation of TURN and STUN Server URL: http://coturn.github.io Source: https://github.com/%{name}/%{name}/archive/%{version}/%{name}-%{version}.tar.gz +Patch0: coturn-4.5.1.1-cve-2020-6061.patch +Patch1: coturn-4.5.1.1-cve-2020-6062.patch BuildRequires: pkgconfig(openssl) >= 1.0.2 BuildRequires: pkgconfig(libevent) >= 2.0 BuildRequires: pkgconfig(sqlite3) @@ -31,6 +34,7 @@ %prep %setup -q +%autopatch -p1 %build
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 26413
:
11640
|
11641
|
11642
|
11643
| 11644