--- xmlrpc-epi-0.54.2.orig/src/simplestring.c +++ xmlrpc-epi-0.54.2/src/simplestring.c @@ -35,6 +35,7 @@ #include #include +#include #define SIMPLESTRING_INCR 32 @@ -185,18 +186,31 @@ * simplestring_add () * SOURCE */ -void simplestring_addn(simplestring* target, const char* source, int add_len) { +void simplestring_addn(simplestring* target, const char* source, size_t add_len) { + size_t newsize = target->size, incr = 0; if(target && source) { if(!target->str) { simplestring_init_str(target); } + + if((SIZE_MAX - add_len) < target->len || (SIZE_MAX - add_len - 1) < target->len) { + /* check for overflows, if there's a potential overflow do nothing */ + return; + } + if(target->len + add_len + 1 > target->size) { /* newsize is current length + new length */ - int newsize = target->len + add_len + 1; - int incr = target->size * 2; + newsize = target->len + add_len + 1; + incr = target->size * 2; /* align to SIMPLESTRING_INCR increments */ - newsize = newsize - (newsize % incr) + incr; + if (incr) { + newsize = newsize - (newsize % incr) + incr; + } + if(newsize < (target->len + add_len + 1)) { + /* some kind of overflow happened */ + return; + } target->str = (char*)realloc(target->str, newsize); target->size = target->str ? newsize : 0; --- xmlrpc-epi-0.54.2.orig/src/simplestring.h +++ xmlrpc-epi-0.54.2/src/simplestring.h @@ -63,7 +63,7 @@ void simplestring_clear(simplestring* string); void simplestring_free(simplestring* string); void simplestring_add(simplestring* string, const char* add); -void simplestring_addn(simplestring* string, const char* add, int add_len); +void simplestring_addn(simplestring* string, const char* add, size_t add_len); #ifdef __cplusplus } --- xmlrpc-epi-0.54.2.orig/debian/docs +++ xmlrpc-epi-0.54.2/debian/docs @@ -0,0 +1,2 @@ +NEWS +README --- xmlrpc-epi-0.54.2.orig/debian/libxmlrpc-epi0.install +++ xmlrpc-epi-0.54.2/debian/libxmlrpc-epi0.install @@ -0,0 +1 @@ +usr/lib/*/lib*.so.* --- xmlrpc-epi-0.54.2.orig/debian/libxmlrpc-epi0.dirs +++ xmlrpc-epi-0.54.2/debian/libxmlrpc-epi0.dirs @@ -0,0 +1 @@ +usr/lib --- xmlrpc-epi-0.54.2.orig/debian/rules +++ xmlrpc-epi-0.54.2/debian/rules @@ -0,0 +1,76 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +DEB_CONFIGURE_EXTRA_FLAGS += --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +config.status: + dh_testdir + ./configure --build=$(DEB_BUILD_GNU_TYPE) --includedir=/usr/include/xmlrpc-epi \ + --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \ + CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs" $(DEB_CONFIGURE_EXTRA_FLAGS) + +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp +build-stamp: config.status + dh_testdir + $(MAKE) + touch $@ + +clean: + dh_testdir + dh_testroot + [ ! -f Makefile ] || $(MAKE) distclean + dh_clean build_stamp + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + # Install the package into debian/tmp + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_install --sourcedir=debian/tmp + dh_installman + dh_link + dh_strip --dbg-package=libxmlrpc-epi0-dbg + dh_compress + dh_fixperms + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch + +.PHONY: build clean binary-indep binary-arch binary install --- xmlrpc-epi-0.54.2.orig/debian/copyright +++ xmlrpc-epi-0.54.2/debian/copyright @@ -0,0 +1,80 @@ +X-Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat +X-Debianized-By: Paul Hampson , + Robin Cornelius +X-Debianized-Date: Sun, 18 Mar 2007 16:09:09 +1100. +X-Source-Downloaded-From: http://sourceforge.net/projects/xmlrpc-epi/ +X-Upstream-Author: Dan Libby + +Files: debian/* +Copyright: (C) 2007 Paul Hampson + (C) 2007,2008,2011 Robin Cornelius +Licence: MIT + Subject to the following 3 conditions, you are permitted, free + of charge, to (a) use, copy, distribute, modify, perform and display this + software and associated documentation files (the "Software"), and (b) + permit others to whom the Software is furnished to do so as well. + + 1) The above copyright notice and this permission notice shall be included + without modification in all copies or substantial portions of the + Software. + + 2) THE SOFTWARE IS PROVIDED "AS IS", WITHOUT ANY WARRANTY OR CONDITION OF + ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY + IMPLIED WARRANTIES OF ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE OR NONINFRINGEMENT. + + 3) IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY DIRECT, INDIRECT, + SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OR LOST PROFITS ARISING OUT + OF OR IN CONNECTION WITH THE SOFTWARE (HOWEVER ARISING, INCLUDING + NEGLIGENCE), EVEN IF THE COPYRIGHT HOLDERS ARE AWARE OF THE POSSIBILITY OF + SUCH DAMAGES. + +Files: src/base64.h, src/base64.c +Copyright: John Walker +Licence: PD + This program is in the public domain. + +Files: src/queue.c, src/queue.h +Copyright: 1993 Peter Yard +Licence: PD + This code is released to the public domain. + +The following file is included in the source distribution but is an example file +only and not required to build the xmlrpc-epi0 library. It is mentioned here as +it is under a different licence to the rest of the package. It is not used to +build the library and is not installed by this Debian package. + +Files: sample/sample.c +Copyright: (C) 2000 Epinions, Inc. +Licence: LGPL + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + +On Debian systems, the complete text of the GNU Lesser Public License +can be found in file "/usr/share/common-licenses/LGPL". + +Files: * +Copyright: (C) 2000-2001 Epinions, Inc. +Licence: MIT + Subject to the following 3 conditions, Epinions, Inc. permits you, free + of charge, to (a) use, copy, distribute, modify, perform and display this + software and associated documentation files (the "Software"), and (b) + permit others to whom the Software is furnished to do so as well. + + 1) The above copyright notice and this permission notice shall be included + without modification in all copies or substantial portions of the + Software. + + 2) THE SOFTWARE IS PROVIDED "AS IS", WITHOUT ANY WARRANTY OR CONDITION OF + ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY + IMPLIED WARRANTIES OF ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE OR NONINFRINGEMENT. + + 3) IN NO EVENT SHALL EPINIONS, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, + SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OR LOST PROFITS ARISING OUT + OF OR IN CONNECTION WITH THE SOFTWARE (HOWEVER ARISING, INCLUDING + NEGLIGENCE), EVEN IF EPINIONS, INC. IS AWARE OF THE POSSIBILITY OF SUCH + DAMAGES. + --- xmlrpc-epi-0.54.2.orig/debian/changelog +++ xmlrpc-epi-0.54.2/debian/changelog @@ -0,0 +1,75 @@ +xmlrpc-epi (0.54.2-1+deb7u1ubuntu0.12.04.1) precise-security; urgency=medium + + * Security merge from Debian + - apply d/p/CVE-2016-6296.patch directly + + -- Steve Beattie Fri, 19 Aug 2016 11:45:52 -0700 + +xmlrpc-epi (0.54.2-1+deb7u1) wheezy-security; urgency=high + + * Non-maintainer upload by the Wheezy LTS Team. + * CVE-2016-6296.patch + Integer signedness error in the simplestring_addn function in + simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP + before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows + remote attackers to cause a denial of service (heap-based buffer + overflow) or possibly have unspecified other impact via a long + first argument to the PHP xmlrpc_encode_request function. + + -- Thorsten Alteholz Fri, 29 Jul 2016 19:03:02 +0200 + +xmlrpc-epi (0.54.2-1) unstable; urgency=low + + * New upstream release (Closes:#620437) + * libtool archives removed (Closes:#633255) + * Multiarch support added + + -- Robin Cornelius Mon, 14 Dec 2011 13:24:34 +0000 + +xmlrpc-epi (0.54-3) unstable; urgency=low + + * Fix a debian/copyright omission for src/queue.* + + -- Robin Cornelius Wed, 30 Apr 2008 21:30:52 +0100 + +xmlrpc-epi (0.54-2) unstable; urgency=low + + * FTBFS - Fix build deps, libexpat1-dev was missing + + -- Robin Cornelius Mon, 28 Apr 2008 18:25:28 +0100 + +xmlrpc-epi (0.54-1) unstable; urgency=low + + * New upstream release + - Remove expat from source tree, now requires a shared libexpat installed + - Remove GPL'd cvs helper script from tarball + - Remove the libxml2 compatability layer and all php licenced code + * Packaging changes + - Change configure invocation in debian/rules to not use --host + - Update debian/copyright to reflect upstream tarball changes + - Add -dbg package + - Don't close ITP in multiple positions in changelog + + -- Robin Cornelius Thu, 24 Apr 2008 15:25:09 +0100 + +xmlrpc-epi (0.53-1) unstable; urgency=low + + * New upstream release + - Upstream has been updated, drop all patches we were applying + - Use libxml2 as xmlparser on configure option + + -- Robin Cornelius Wed, 02 Apr 2008 13:52:05 +0000 + +xmlrpc-epi (0.51-1) unstable; urgency=low + + * Initial release (Closes: #413986 - ITP: xmlrpc-epi -- XML-RPC request + serialisation/deserialisation library) + - Modified to use system expat rather than included (OLD) expat version + - Libtoolized and autoreconfd + - Install headers to /usr/include/xmlrpc-epi/ to avoid conflicting with + libxmlrpc-c3-dev + - Sync up to libxmlrpc from PHP5's xmlrpc extension + - Fix various compilation warnings + + -- Paul Hampson Sun, 18 Mar 2007 16:09:09 +1100 + --- xmlrpc-epi-0.54.2.orig/debian/control +++ xmlrpc-epi-0.54.2/debian/control @@ -0,0 +1,43 @@ +Source: xmlrpc-epi +Priority: extra +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Robin Cornelius +Uploaders: Paul TBBle Hampson +Homepage: http://xmlrpc-epi.sourceforge.net/ +Build-Depends: debhelper (>= 8.1.3~), autotools-dev, libexpat1-dev, pkg-config +Standards-Version: 3.9.2 +Section: libs +Vcs-GIT: git://github.com/robincornelius/xmlrpc-epi-debian.git +Vcs-Browser: https://github.com/robincornelius/xmlrpc-epi-debian + +Package: libxmlrpc-epi-dev +Section: libdevel +Architecture: any +Multi-Arch: same +Depends: libxmlrpc-epi0 (= ${binary:Version}), ${misc:Depends} +Description: Development files for libxmlrpc-epi0, a XML-RPC request library + An implementation of the XML-RPC protocol, providing an API for developers to + serialise RPC requests to and from XML. It does not include any transport layer + and is therefor useful for applications which implement their own transport or + wish to use XML-RPC over an existing transport layer. This package contains + the development files for applications wishing to use libxmlrpc-epi. + +Package: libxmlrpc-epi0 +Section: libs +Architecture: any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: XML-RPC request serialisation/deserialisation library + A library that implements a transportless implementation of the XML-RPC + protocol. + +Package: libxmlrpc-epi0-dbg +Section: debug +Architecture: any +Depends: libxmlrpc-epi0 (= ${binary:Version}), ${misc:Depends} +Description: Debug symbols for libxmlrpc-epi0, a XML-RPC request library + This package contains the debug symbols for libxmlrpc-epi0, and should be + installed if you wish to get stack traces into the library for debugging + purposes. + --- xmlrpc-epi-0.54.2.orig/debian/libxmlrpc-epi-dev.dirs +++ xmlrpc-epi-0.54.2/debian/libxmlrpc-epi-dev.dirs @@ -0,0 +1,2 @@ +usr/lib +usr/include --- xmlrpc-epi-0.54.2.orig/debian/watch +++ xmlrpc-epi-0.54.2/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://sf.net/xmlrpc-epi/xmlrpc-epi-([0-9\.]*)\.tar\.gz --- xmlrpc-epi-0.54.2.orig/debian/compat +++ xmlrpc-epi-0.54.2/debian/compat @@ -0,0 +1 @@ +8 --- xmlrpc-epi-0.54.2.orig/debian/libxmlrpc-epi-dev.install +++ xmlrpc-epi-0.54.2/debian/libxmlrpc-epi-dev.install @@ -0,0 +1,3 @@ +usr/include/* +usr/lib/*/lib*.a +usr/lib/*/lib*.so --- xmlrpc-epi-0.54.2.orig/debian/patches/CVE-2016-6296.patch +++ xmlrpc-epi-0.54.2/debian/patches/CVE-2016-6296.patch @@ -0,0 +1,61 @@ +Index: xmlrpc-epi-0.54.2/src/simplestring.c +=================================================================== +--- xmlrpc-epi-0.54.2.orig/src/simplestring.c 2016-07-29 21:33:00.000000000 +0200 ++++ xmlrpc-epi-0.54.2/src/simplestring.c 2016-07-29 21:33:42.000000000 +0200 +@@ -35,6 +35,7 @@ + + #include + #include ++#include + + #define SIMPLESTRING_INCR 32 + +@@ -185,18 +186,31 @@ + * simplestring_add () + * SOURCE + */ +-void simplestring_addn(simplestring* target, const char* source, int add_len) { ++void simplestring_addn(simplestring* target, const char* source, size_t add_len) { ++ size_t newsize = target->size, incr = 0; + if(target && source) { + if(!target->str) { + simplestring_init_str(target); + } ++ ++ if((SIZE_MAX - add_len) < target->len || (SIZE_MAX - add_len - 1) < target->len) { ++ /* check for overflows, if there's a potential overflow do nothing */ ++ return; ++ } ++ + if(target->len + add_len + 1 > target->size) { + /* newsize is current length + new length */ +- int newsize = target->len + add_len + 1; +- int incr = target->size * 2; ++ newsize = target->len + add_len + 1; ++ incr = target->size * 2; + + /* align to SIMPLESTRING_INCR increments */ +- newsize = newsize - (newsize % incr) + incr; ++ if (incr) { ++ newsize = newsize - (newsize % incr) + incr; ++ } ++ if(newsize < (target->len + add_len + 1)) { ++ /* some kind of overflow happened */ ++ return; ++ } + target->str = (char*)realloc(target->str, newsize); + + target->size = target->str ? newsize : 0; +Index: xmlrpc-epi-0.54.2/src/simplestring.h +=================================================================== +--- xmlrpc-epi-0.54.2.orig/src/simplestring.h 2016-07-29 21:33:00.000000000 +0200 ++++ xmlrpc-epi-0.54.2/src/simplestring.h 2016-07-29 21:33:00.000000000 +0200 +@@ -63,7 +63,7 @@ + void simplestring_clear(simplestring* string); + void simplestring_free(simplestring* string); + void simplestring_add(simplestring* string, const char* add); +-void simplestring_addn(simplestring* string, const char* add, int add_len); ++void simplestring_addn(simplestring* string, const char* add, size_t add_len); + + #ifdef __cplusplus + }