[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#945944: marked as done (stretch-pu: package ros-ros-comm/1.12.6-2)

Your message dated Sat, 08 Feb 2020 14:23:35 +0000
with message-id <a894a0233c2d264936953d7a69507573c4a5742a.camel@adam-barratt.org.uk>
and subject line Closing bugs included in 9.12
has caused the Debian Bug report #945944,
regarding stretch-pu: package ros-ros-comm/1.12.6-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
945944: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945944
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Hi release team,

The ros-ros-comm version in stretch is affected affected by
CVE-2019-13566 which was flagged no-dsa by the security team. I propose
the attached patch to fix the issue. Would you be fine with me uploading
it?

This is the same as #945896, just for stretch. I adopted the values as
reportbug doesn't seem to support stretch-pu. Hope I did it right.

Cheers Jochen

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.3.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff --git a/debian/changelog b/debian/changelog
index 28db48e..b4bfdc6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ros-ros-comm (1.12.6-2+deb9u1) stretch; urgency=high
+
+  * Add https://github.com/ros/ros_comm/pull/1771 (Fix CVE-2019-13566)
+
+ -- Jochen Sprickerhof <jspricke@debian.org>  Sun, 24 Nov 2019 17:03:50 +0100
+
 ros-ros-comm (1.12.6-2) unstable; urgency=medium
 
   * rebuild due to changes in ros-genpy
diff --git a/debian/patches/0007-fixing-string-check.patch b/debian/patches/0007-fixing-string-check.patch
new file mode 100644
index 0000000..53dbe12
--- /dev/null
+++ b/debian/patches/0007-fixing-string-check.patch
@@ -0,0 +1,65 @@
+From: Daniel Wang <daniel.wang@canonical.com>
+Date: Mon, 22 Jul 2019 15:47:21 -0700
+Subject: fixing string check
+
+Signed-off-by: Daniel Wang <daniel.wang@canonical.com>
+---
+ clients/roscpp/src/libros/transport/transport_tcp.cpp | 8 ++++----
+ clients/roscpp/src/libros/transport/transport_udp.cpp | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/clients/roscpp/src/libros/transport/transport_tcp.cpp b/clients/roscpp/src/libros/transport/transport_tcp.cpp
+index f061fc2..6a537a2 100644
+--- a/clients/roscpp/src/libros/transport/transport_tcp.cpp
++++ b/clients/roscpp/src/libros/transport/transport_tcp.cpp
+@@ -266,7 +266,7 @@ bool TransportTCP::connect(const std::string& host, int port)
+ 
+     bool found = false;
+     struct addrinfo* it = addr;
+-    char namebuf[128];
++    char namebuf[128] = {};
+     for (; it; it = it->ai_next)
+     {
+       if (!s_use_ipv6_ && it->ai_family == AF_INET)
+@@ -278,7 +278,7 @@ bool TransportTCP::connect(const std::string& host, int port)
+         address->sin_family = it->ai_family;
+         address->sin_port = htons(port);
+ 	
+-        strcpy(namebuf, inet_ntoa(address->sin_addr));
++        strncpy(namebuf, inet_ntoa(address->sin_addr), sizeof(namebuf)-1);
+         found = true;
+         break;
+       }
+@@ -723,14 +723,14 @@ std::string TransportTCP::getClientURI()
+   sockaddr_in *sin = (sockaddr_in *)&sas;
+   sockaddr_in6 *sin6 = (sockaddr_in6 *)&sas;
+ 
+-  char namebuf[128];
++  char namebuf[128] = {};
+   int port;
+ 
+   switch (sas.ss_family)
+   {
+     case AF_INET:
+       port = ntohs(sin->sin_port);
+-      strcpy(namebuf, inet_ntoa(sin->sin_addr));
++      strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1);
+       break;
+     case AF_INET6:
+       port = ntohs(sin6->sin6_port);
+diff --git a/clients/roscpp/src/libros/transport/transport_udp.cpp b/clients/roscpp/src/libros/transport/transport_udp.cpp
+index 848893b..d472a73 100644
+--- a/clients/roscpp/src/libros/transport/transport_udp.cpp
++++ b/clients/roscpp/src/libros/transport/transport_udp.cpp
+@@ -706,9 +706,9 @@ std::string TransportUDP::getClientURI()
+ 
+   sockaddr_in *sin = (sockaddr_in *)&sas;
+ 
+-  char namebuf[128];
++  char namebuf[128] = {};
+   int port = ntohs(sin->sin_port);
+-  strcpy(namebuf, inet_ntoa(sin->sin_addr));
++  strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1);
+ 
+   std::string ip = namebuf;
+   std::stringstream uri;
diff --git a/debian/patches/series b/debian/patches/series
index bb74494..6695bde 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
 0004-Fix-executable-not-elf-or-script.patch
 0005-Add-defaults-to-roswtf.patch
 0007-move-heaers-to-include-xmlrpcpp.patch
+0007-fixing-string-check.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 9.12

Hi,

Each of the uploads referred to by these bugs was included in today's
oldstable point release.

Regards,

Adam

--- End Message ---
Reply to: