diff options
| author | salo <salo@pkgsrc.org> | 2005-05-19 11:03:55 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2005-05-19 11:03:55 +0000 |
| commit | 872afa8e3e0397b826d195a6605e7e0a7547da00 (patch) | |
| tree | 2d83ab0caf83c31030a36ed3e5f5f837ba4bb042 | |
| parent | b24196ec61a3260499780a3ebadc4c8531ddade7 (diff) | |
| download | pkgsrc-872afa8e3e0397b826d195a6605e7e0a7547da00.tar.gz | |
Pullup ticket 510 - requested by Adrian Portelli
security fix for freeradius
Revisions pulled up:
- pkgsrc/net/freeradius/Makefile 1.28
- pkgsrc/net/freeradius/distinfo 1.14
- pkgsrc/net/freeradius/patches/patch-ak 1.3
Module Name: pkgsrc
Committed By: adrianp
Date: Wed May 18 21:58:45 UTC 2005
Modified Files:
pkgsrc/net/freeradius: Makefile distinfo
Added Files:
pkgsrc/net/freeradius/patches: patch-ak
Log Message:
- Add fix for recent security issue
| -rw-r--r-- | net/freeradius/Makefile | 4 | ||||
| -rw-r--r-- | net/freeradius/distinfo | 3 | ||||
| -rw-r--r-- | net/freeradius/patches/patch-ak | 90 |
3 files changed, 94 insertions, 3 deletions
diff --git a/net/freeradius/Makefile b/net/freeradius/Makefile index 71a7076eb47..6cb7a4ea2f8 100644 --- a/net/freeradius/Makefile +++ b/net/freeradius/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.26 2005/03/02 21:50:18 adrianp Exp $ +# $NetBSD: Makefile,v 1.26.2.1 2005/05/19 11:03:55 salo Exp $ DISTNAME= freeradius-1.0.2 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \ ftp://ftp.Awfulhak.org/pub/radius/ diff --git a/net/freeradius/distinfo b/net/freeradius/distinfo index 523501eb240..e86060c9e9f 100644 --- a/net/freeradius/distinfo +++ b/net/freeradius/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.13 2005/03/02 21:44:55 adrianp Exp $ +$NetBSD: distinfo,v 1.13.2.1 2005/05/19 11:03:55 salo Exp $ SHA1 (freeradius-1.0.2.tar.gz) = 5703fd8abb4f28c15d716bd1ec1e9cfe2e1e6c90 RMD160 (freeradius-1.0.2.tar.gz) = 796da74e64da189d7d7520201c7c4139f9f478c4 @@ -6,3 +6,4 @@ Size (freeradius-1.0.2.tar.gz) = 2208884 bytes SHA1 (patch-ae) = 0c1b6c79329f41c35e3a783e61cc205cb78a4773 SHA1 (patch-ai) = bb4dafd3f6b961403caa955c9a09c271468ada36 SHA1 (patch-aj) = 422c9dfbde08c26acf41a040c57508ab9725004e +SHA1 (patch-ak) = ad272be635d6b27e5b986c3e9a06ef85484c1230 diff --git a/net/freeradius/patches/patch-ak b/net/freeradius/patches/patch-ak new file mode 100644 index 00000000000..77512030809 --- /dev/null +++ b/net/freeradius/patches/patch-ak @@ -0,0 +1,90 @@ +$NetBSD: patch-ak,v 1.2.4.1 2005/05/19 11:03:55 salo Exp $ + +--- src/modules/rlm_sql/rlm_sql.c.orig 2004-09-30 15:54:22.000000000 +0100 ++++ src/modules/rlm_sql/rlm_sql.c +@@ -158,6 +158,7 @@ static int rlm_sql_init(void) { + */ + static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username); + static int generate_sql_clients(SQL_INST *inst); ++static int sql_escape_func(char *out, int outlen, const char *in); + + /* + * sql xlat function. Right now only SELECTs are supported. Only +@@ -184,7 +185,7 @@ static int sql_xlat(void *instance, REQU + /* + * Do an xlat on the provided string (nice recursive operation). + */ +- if (!radius_xlat(querystr, sizeof(querystr), fmt, request, func)) { ++ if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) { + radlog(L_ERR, "rlm_sql (%s): xlat failed.", + inst->config->xlat_name); + return 0; +@@ -409,18 +410,18 @@ static int sql_escape_func(char *out, in + + while (in[0]) { + /* +- * Only one byte left. +- */ +- if (outlen <= 1) { +- break; +- } +- +- /* + * Non-printable characters get replaced with their + * mime-encoded equivalents. + */ + if ((in[0] < 32) || + strchr(allowed_chars, *in) == NULL) { ++ /* ++ * Only 3 or less bytes available. ++ */ ++ if (outlen <= 3) { ++ break; ++ } ++ + snprintf(out, outlen, "=%02X", (unsigned char) in[0]); + in++; + out += 3; +@@ -430,7 +431,14 @@ static int sql_escape_func(char *out, in + } + + /* +- * Else it's a nice character. ++ * Only one byte left. ++ */ ++ if (outlen <= 1) { ++ break; ++ } ++ ++ /* ++ * Allowed character. + */ + *out = *in; + out++; +@@ -517,7 +525,7 @@ static int sql_groupcmp(void *instance, + */ + if (sql_set_user(inst, req, sqlusername, 0) < 0) + return 1; +- if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, NULL)){ ++ if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, sql_escape_func)){ + radlog(L_ERR, "rlm_sql (%s): xlat failed.", + inst->config->xlat_name); + /* Remove the username we (maybe) added above */ +@@ -1149,7 +1157,7 @@ static int rlm_sql_checksimul(void *inst + if(sql_set_user(inst, request, sqlusername, 0) <0) + return RLM_MODULE_FAIL; + +- radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, NULL); ++ radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func); + + /* initialize the sql socket */ + sqlsocket = sql_get_socket(inst); +@@ -1193,7 +1201,7 @@ static int rlm_sql_checksimul(void *inst + return RLM_MODULE_OK; + } + +- radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, NULL); ++ radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func); + if(rlm_sql_select_query(sqlsocket, inst, querystr)) { + radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name); + sql_release_socket(inst, sqlsocket); |