--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package ros-ros-comm/1.12.6-2
- From: Jochen Sprickerhof <jspricke@debian.org>
- Date: Sun, 01 Dec 2019 14:08:35 +0100
- Message-id: <157520571535.31060.930187794722402590.reportbug@fenchel>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Hi release team,
The ros-ros-comm version in stretch is affected affected by
CVE-2019-13566 which was flagged no-dsa by the security team. I propose
the attached patch to fix the issue. Would you be fine with me uploading
it?
This is the same as #945896, just for stretch. I adopted the values as
reportbug doesn't seem to support stretch-pu. Hope I did it right.
Cheers Jochen
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.3.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 28db48e..b4bfdc6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ros-ros-comm (1.12.6-2+deb9u1) stretch; urgency=high
+
+ * Add https://github.com/ros/ros_comm/pull/1771 (Fix CVE-2019-13566)
+
+ -- Jochen Sprickerhof <jspricke@debian.org> Sun, 24 Nov 2019 17:03:50 +0100
+
ros-ros-comm (1.12.6-2) unstable; urgency=medium
* rebuild due to changes in ros-genpy
diff --git a/debian/patches/0007-fixing-string-check.patch b/debian/patches/0007-fixing-string-check.patch
new file mode 100644
index 0000000..53dbe12
--- /dev/null
+++ b/debian/patches/0007-fixing-string-check.patch
@@ -0,0 +1,65 @@
+From: Daniel Wang <daniel.wang@canonical.com>
+Date: Mon, 22 Jul 2019 15:47:21 -0700
+Subject: fixing string check
+
+Signed-off-by: Daniel Wang <daniel.wang@canonical.com>
+---
+ clients/roscpp/src/libros/transport/transport_tcp.cpp | 8 ++++----
+ clients/roscpp/src/libros/transport/transport_udp.cpp | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/clients/roscpp/src/libros/transport/transport_tcp.cpp b/clients/roscpp/src/libros/transport/transport_tcp.cpp
+index f061fc2..6a537a2 100644
+--- a/clients/roscpp/src/libros/transport/transport_tcp.cpp
++++ b/clients/roscpp/src/libros/transport/transport_tcp.cpp
+@@ -266,7 +266,7 @@ bool TransportTCP::connect(const std::string& host, int port)
+
+ bool found = false;
+ struct addrinfo* it = addr;
+- char namebuf[128];
++ char namebuf[128] = {};
+ for (; it; it = it->ai_next)
+ {
+ if (!s_use_ipv6_ && it->ai_family == AF_INET)
+@@ -278,7 +278,7 @@ bool TransportTCP::connect(const std::string& host, int port)
+ address->sin_family = it->ai_family;
+ address->sin_port = htons(port);
+
+- strcpy(namebuf, inet_ntoa(address->sin_addr));
++ strncpy(namebuf, inet_ntoa(address->sin_addr), sizeof(namebuf)-1);
+ found = true;
+ break;
+ }
+@@ -723,14 +723,14 @@ std::string TransportTCP::getClientURI()
+ sockaddr_in *sin = (sockaddr_in *)&sas;
+ sockaddr_in6 *sin6 = (sockaddr_in6 *)&sas;
+
+- char namebuf[128];
++ char namebuf[128] = {};
+ int port;
+
+ switch (sas.ss_family)
+ {
+ case AF_INET:
+ port = ntohs(sin->sin_port);
+- strcpy(namebuf, inet_ntoa(sin->sin_addr));
++ strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1);
+ break;
+ case AF_INET6:
+ port = ntohs(sin6->sin6_port);
+diff --git a/clients/roscpp/src/libros/transport/transport_udp.cpp b/clients/roscpp/src/libros/transport/transport_udp.cpp
+index 848893b..d472a73 100644
+--- a/clients/roscpp/src/libros/transport/transport_udp.cpp
++++ b/clients/roscpp/src/libros/transport/transport_udp.cpp
+@@ -706,9 +706,9 @@ std::string TransportUDP::getClientURI()
+
+ sockaddr_in *sin = (sockaddr_in *)&sas;
+
+- char namebuf[128];
++ char namebuf[128] = {};
+ int port = ntohs(sin->sin_port);
+- strcpy(namebuf, inet_ntoa(sin->sin_addr));
++ strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1);
+
+ std::string ip = namebuf;
+ std::stringstream uri;
diff --git a/debian/patches/series b/debian/patches/series
index bb74494..6695bde 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
0004-Fix-executable-not-elf-or-script.patch
0005-Add-defaults-to-roswtf.patch
0007-move-heaers-to-include-xmlrpcpp.patch
+0007-fixing-string-check.patch
--- End Message ---