aboutsummaryrefslogtreecommitdiffstats
path: root/community
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2019-05-06 18:17:54 +0200
committerNatanael Copa <ncopa@alpinelinux.org>2019-05-06 18:17:54 +0200
commit16956b90ab430f1836112c44807b832d8f520760 (patch)
tree3a68ae1c115365f1e524deca619156329b9dec17 /community
parent524469741e70b00e5c399a8da0e6dcde143adfab (diff)
downloadaports-16956b90ab430f1836112c44807b832d8f520760.tar.bz2
aports-16956b90ab430f1836112c44807b832d8f520760.tar.xz
community/znc: security fix for CVE-2019-9917
fixes #10383
Diffstat (limited to 'community')
-rw-r--r--community/znc/APKBUILD6
-rw-r--r--community/znc/CVE-2019-9917.patch122
2 files changed, 127 insertions, 1 deletions
diff --git a/community/znc/APKBUILD b/community/znc/APKBUILD
index aa054b0e2d..7f8d2b413b 100644
--- a/community/znc/APKBUILD
+++ b/community/znc/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=znc
pkgver=1.7.1
-pkgrel=2
+pkgrel=3
pkgdesc="Advanced IRC bouncer"
url="http://znc.in"
arch="all"
@@ -15,11 +15,14 @@ install="$pkgname.pre-install"
subpackages="$pkgname-dev $pkgname-doc $pkgname-extra $pkgname-modtcl
$pkgname-modperl $pkgname-modpython"
source="http://znc.in/releases/znc-$pkgver.tar.gz
+ CVE-2019-9917.patch
$pkgname.initd
$pkgname.confd"
builddir="$srcdir/znc-$pkgver"
# secfixes:
+# 1.7.1-r3:
+# - CVE-2019-9917
# 1.7.1-r0:
# - CVE-2018-14055
# - CVE-2018-14056
@@ -110,5 +113,6 @@ _mv_to_sub() {
}
sha512sums="907068fb0828091026d440145b70ca76109302f13c18d94f772660192434287f209a06a52da1dd39726b9a38735b3cea9afbd062eb6def4cd428bb73c562a902 znc-1.7.1.tar.gz
+0c1bdb08ce5ca4b0ff8efedff9e711ffceba460594caf14aa1bfd04ca81ec2d3e2b10ed6e34960b8251f2d9d1e95ad1e9093db1aefd36beb35ff92c2e58e84f8 CVE-2019-9917.patch
47f9bd00f07861e195333d2cda5b1c7386e2324a1842b890837a7936a94b65b7a269f7fee656a522ec86b58a94bd451a2a3629bd6465578681b8d0733c2c77dc znc.initd
00360f9b487ed5a9d50c85ce597e65c89cf869cabb893c294d0bc7fcd88f9610ecb63ba6df7af1ba1dd977b6d5b05da625a3ee799a46d381f17ac04b976a1f29 znc.confd"
diff --git a/community/znc/CVE-2019-9917.patch b/community/znc/CVE-2019-9917.patch
new file mode 100644
index 0000000000..595d95f553
--- /dev/null
+++ b/community/znc/CVE-2019-9917.patch
@@ -0,0 +1,122 @@
+From 64613bc8b6b4adf1e32231f9844d99cd512b8973 Mon Sep 17 00:00:00 2001
+From: Alexey Sokolov <alexey+znc@asokolov.org>
+Date: Fri, 15 Mar 2019 20:34:10 +0000
+Subject: [PATCH] Don't crash if user specified invalid encoding.
+
+This is CVE-2019-9917
+---
+ modules/controlpanel.cpp | 2 +-
+ src/IRCNetwork.cpp | 4 ++--
+ src/User.cpp | 4 ++--
+ src/znc.cpp | 26 ++++++++++++++++++++++----
+ test/integration/tests/scripting.cpp | 7 +++++++
+ 5 files changed, 34 insertions(+), 9 deletions(-)
+
+diff --git a/modules/controlpanel.cpp b/modules/controlpanel.cpp
+index 139c2aefa..109f8c6b0 100644
+--- a/modules/controlpanel.cpp
++++ b/modules/controlpanel.cpp
+@@ -495,7 +495,7 @@ class CAdminMod : public CModule {
+ #ifdef HAVE_ICU
+ else if (sVar == "clientencoding") {
+ pUser->SetClientEncoding(sValue);
+- PutModule("ClientEncoding = " + sValue);
++ PutModule("ClientEncoding = " + pUser->GetClientEncoding());
+ }
+ #endif
+ else
+diff --git a/src/IRCNetwork.cpp b/src/IRCNetwork.cpp
+index 0284dc53e..0e1d6e2a3 100644
+--- a/src/IRCNetwork.cpp
++++ b/src/IRCNetwork.cpp
+@@ -1482,9 +1482,9 @@ void CIRCNetwork::SetBindHost(const CString& s) {
+ }
+
+ void CIRCNetwork::SetEncoding(const CString& s) {
+- m_sEncoding = s;
++ m_sEncoding = CZNC::Get().FixupEncoding(s);
+ if (GetIRCSock()) {
+- GetIRCSock()->SetEncoding(s);
++ GetIRCSock()->SetEncoding(m_sEncoding);
+ }
+ }
+
+diff --git a/src/User.cpp b/src/User.cpp
+index 3fd532a7c..c44cf6070 100644
+--- a/src/User.cpp
++++ b/src/User.cpp
+@@ -1253,9 +1253,9 @@ void CUser::SetAdmin(bool b) { m_bAdmin = b; }
+ void CUser::SetDenySetBindHost(bool b) { m_bDenySetBindHost = b; }
+ void CUser::SetDefaultChanModes(const CString& s) { m_sDefaultChanModes = s; }
+ void CUser::SetClientEncoding(const CString& s) {
+- m_sClientEncoding = s;
++ m_sClientEncoding = CZNC::Get().FixupEncoding(s);
+ for (CClient* pClient : GetAllClients()) {
+- pClient->SetEncoding(s);
++ pClient->SetEncoding(m_sClientEncoding);
+ }
+ }
+ void CUser::SetQuitMsg(const CString& s) { m_sQuitMsg = s; }
+diff --git a/src/znc.cpp b/src/znc.cpp
+index 4e7216ee1..3f4dd2e07 100644
+--- a/src/znc.cpp
++++ b/src/znc.cpp
+@@ -2092,18 +2092,36 @@ void CZNC::ForceEncoding() {
+ m_uiForceEncoding++;
+ #ifdef HAVE_ICU
+ for (Csock* pSock : GetManager()) {
+- if (pSock->GetEncoding().empty()) {
+- pSock->SetEncoding("UTF-8");
+- }
++ pSock->SetEncoding(FixupEncoding(pSock->GetEncoding()));
+ }
+ #endif
+ }
+ void CZNC::UnforceEncoding() { m_uiForceEncoding--; }
+ bool CZNC::IsForcingEncoding() const { return m_uiForceEncoding; }
+ CString CZNC::FixupEncoding(const CString& sEncoding) const {
+- if (sEncoding.empty() && m_uiForceEncoding) {
++ if (!m_uiForceEncoding) {
++ return sEncoding;
++ }
++ if (sEncoding.empty()) {
++ return "UTF-8";
++ }
++ const char* sRealEncoding = sEncoding.c_str();
++ if (sEncoding[0] == '*' || sEncoding[0] == '^') {
++ sRealEncoding++;
++ }
++ if (!*sRealEncoding) {
+ return "UTF-8";
+ }
++#ifdef HAVE_ICU
++ UErrorCode e = U_ZERO_ERROR;
++ UConverter* cnv = ucnv_open(sRealEncoding, &e);
++ if (cnv) {
++ ucnv_close(cnv);
++ }
++ if (U_FAILURE(e)) {
++ return "UTF-8";
++ }
++#endif
+ return sEncoding;
+ }
+
+diff --git a/test/integration/tests/scripting.cpp b/test/integration/tests/scripting.cpp
+index 9dd68d8fa..8f809f50c 100644
+--- a/test/integration/tests/scripting.cpp
++++ b/test/integration/tests/scripting.cpp
+@@ -55,6 +55,13 @@ TEST_F(ZNCTest, Modpython) {
+ ircd.Write(":n!u@h PRIVMSG nick :Hi\xF0, github issue #1229");
+ // "replacement character"
+ client.ReadUntil("Hi\xEF\xBF\xBD, github issue");
++
++ // Non-existing encoding
++ client.Write("PRIVMSG *controlpanel :Set ClientEncoding $me Western");
++ client.Write("JOIN #a\342");
++ client.ReadUntil(
++ ":*controlpanel!znc@znc.in PRIVMSG nick :ClientEncoding = UTF-8");
++ ircd.ReadUntil("JOIN #a\xEF\xBF\xBD");
+ }
+
+ TEST_F(ZNCTest, ModpythonSocket) {