diff options
author | adrianp <adrianp> | 2005-05-18 21:58:45 +0000 |
---|---|---|
committer | adrianp <adrianp> | 2005-05-18 21:58:45 +0000 |
commit | 9a864dcc373c808e705cb200db2bd4d287b3e24a (patch) | |
tree | 0d4c728b676c8669b212f2f6fd4a2f1856de9a0a | |
parent | 1e4ddb400ffd8c1127e2c14aeaa18dfc0d6a9001 (diff) | |
download | pkgsrc-9a864dcc373c808e705cb200db2bd4d287b3e24a.tar.gz |
- Add fix for recent security issue
-rw-r--r-- | net/freeradius/Makefile | 4 | ||||
-rw-r--r-- | net/freeradius/distinfo | 3 | ||||
-rw-r--r-- | net/freeradius/patches/patch-ak | 90 |
3 files changed, 94 insertions, 3 deletions
diff --git a/net/freeradius/Makefile b/net/freeradius/Makefile index 3832e0967d6..a687ef11e1b 100644 --- a/net/freeradius/Makefile +++ b/net/freeradius/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.27 2005/04/11 21:46:46 tv Exp $ +# $NetBSD: Makefile,v 1.28 2005/05/18 21:58:45 adrianp Exp $ DISTNAME= freeradius-1.0.2 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \ ftp://ftp.Awfulhak.org/pub/radius/ diff --git a/net/freeradius/distinfo b/net/freeradius/distinfo index 523501eb240..e906376846d 100644 --- a/net/freeradius/distinfo +++ b/net/freeradius/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.13 2005/03/02 21:44:55 adrianp Exp $ +$NetBSD: distinfo,v 1.14 2005/05/18 21:58:45 adrianp Exp $ SHA1 (freeradius-1.0.2.tar.gz) = 5703fd8abb4f28c15d716bd1ec1e9cfe2e1e6c90 RMD160 (freeradius-1.0.2.tar.gz) = 796da74e64da189d7d7520201c7c4139f9f478c4 @@ -6,3 +6,4 @@ Size (freeradius-1.0.2.tar.gz) = 2208884 bytes SHA1 (patch-ae) = 0c1b6c79329f41c35e3a783e61cc205cb78a4773 SHA1 (patch-ai) = bb4dafd3f6b961403caa955c9a09c271468ada36 SHA1 (patch-aj) = 422c9dfbde08c26acf41a040c57508ab9725004e +SHA1 (patch-ak) = ad272be635d6b27e5b986c3e9a06ef85484c1230 diff --git a/net/freeradius/patches/patch-ak b/net/freeradius/patches/patch-ak new file mode 100644 index 00000000000..f5e80698007 --- /dev/null +++ b/net/freeradius/patches/patch-ak @@ -0,0 +1,90 @@ +$NetBSD: patch-ak,v 1.3 2005/05/18 21:58:45 adrianp Exp $ + +--- src/modules/rlm_sql/rlm_sql.c.orig 2004-09-30 15:54:22.000000000 +0100 ++++ src/modules/rlm_sql/rlm_sql.c +@@ -158,6 +158,7 @@ static int rlm_sql_init(void) { + */ + static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username); + static int generate_sql_clients(SQL_INST *inst); ++static int sql_escape_func(char *out, int outlen, const char *in); + + /* + * sql xlat function. Right now only SELECTs are supported. Only +@@ -184,7 +185,7 @@ static int sql_xlat(void *instance, REQU + /* + * Do an xlat on the provided string (nice recursive operation). + */ +- if (!radius_xlat(querystr, sizeof(querystr), fmt, request, func)) { ++ if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) { + radlog(L_ERR, "rlm_sql (%s): xlat failed.", + inst->config->xlat_name); + return 0; +@@ -409,18 +410,18 @@ static int sql_escape_func(char *out, in + + while (in[0]) { + /* +- * Only one byte left. +- */ +- if (outlen <= 1) { +- break; +- } +- +- /* + * Non-printable characters get replaced with their + * mime-encoded equivalents. + */ + if ((in[0] < 32) || + strchr(allowed_chars, *in) == NULL) { ++ /* ++ * Only 3 or less bytes available. ++ */ ++ if (outlen <= 3) { ++ break; ++ } ++ + snprintf(out, outlen, "=%02X", (unsigned char) in[0]); + in++; + out += 3; +@@ -430,7 +431,14 @@ static int sql_escape_func(char *out, in + } + + /* +- * Else it's a nice character. ++ * Only one byte left. ++ */ ++ if (outlen <= 1) { ++ break; ++ } ++ ++ /* ++ * Allowed character. + */ + *out = *in; + out++; +@@ -517,7 +525,7 @@ static int sql_groupcmp(void *instance, + */ + if (sql_set_user(inst, req, sqlusername, 0) < 0) + return 1; +- if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, NULL)){ ++ if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, sql_escape_func)){ + radlog(L_ERR, "rlm_sql (%s): xlat failed.", + inst->config->xlat_name); + /* Remove the username we (maybe) added above */ +@@ -1149,7 +1157,7 @@ static int rlm_sql_checksimul(void *inst + if(sql_set_user(inst, request, sqlusername, 0) <0) + return RLM_MODULE_FAIL; + +- radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, NULL); ++ radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func); + + /* initialize the sql socket */ + sqlsocket = sql_get_socket(inst); +@@ -1193,7 +1201,7 @@ static int rlm_sql_checksimul(void *inst + return RLM_MODULE_OK; + } + +- radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, NULL); ++ radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func); + if(rlm_sql_select_query(sqlsocket, inst, querystr)) { + radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name); + sql_release_socket(inst, sqlsocket); |