diff options
| author | Axel Lin <axel.lin@ingics.com> | 2013-12-02 14:51:41 +0800 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2013-12-02 11:24:34 +0100 |
| commit | 509b00d34456c053fbd36fa5079985644428380b (patch) | |
| tree | 2aa498bca216895e18bca446bb5f45b80e03e126 /package/lighttpd/lighttpd-04-fix_setuid.patch | |
| parent | 9a61d1f77f6b0d091813ef600b1daf1bfb4ae85e (diff) | |
| download | buildroot-509b00d34456c053fbd36fa5079985644428380b.tar.gz buildroot-509b00d34456c053fbd36fa5079985644428380b.zip | |
lighttpd: apply security patches for lighttpd-1.4.33
Apply security patches for lighttpd-1.4.33.
Also rename these patches to follow buildroot's naming scheme.
lighttpd-03-fix_fam_use_after_free.patch:
http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.33_fix_fam_use_after_free.patch
lighttpd-04-fix_setuid.patch:
http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.33_fix_setuid.patch
lighttpd-05-fix_ssl_sni.patch:
http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.33_fix_ssl_sni.patch
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/lighttpd/lighttpd-04-fix_setuid.patch')
| -rw-r--r-- | package/lighttpd/lighttpd-04-fix_setuid.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/package/lighttpd/lighttpd-04-fix_setuid.patch b/package/lighttpd/lighttpd-04-fix_setuid.patch new file mode 100644 index 0000000000..cb7f563530 --- /dev/null +++ b/package/lighttpd/lighttpd-04-fix_setuid.patch @@ -0,0 +1,43 @@ +commit 99cddff73ab4023186bcfca54cbb73051140e15d +Author: Stefan Bühler <stbuehler@web.de> +Date: Wed Nov 13 11:43:33 2013 +0000 + + [core] check success of setuid,setgid,setgroups (CVE-2013-4559) + + From: Stefan Bühler <stbuehler@web.de> + + git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2923 152afb58-edef-0310-8abb-c4023f1b3aa9 + +diff --git a/src/server.c b/src/server.c +index 2d825bb..e2b42eb 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -820,8 +820,14 @@ int main (int argc, char **argv) { + * to /etc/group + * */ + if (NULL != grp) { +- setgid(grp->gr_gid); +- setgroups(0, NULL); ++ if (-1 == setgid(grp->gr_gid)) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "setgid failed: ", strerror(errno)); ++ return -1; ++ } ++ if (-1 == setgroups(0, NULL)) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "setgroups failed: ", strerror(errno)); ++ return -1; ++ } + if (srv->srvconf.username->used) { + initgroups(srv->srvconf.username->ptr, grp->gr_gid); + } +@@ -844,7 +850,10 @@ int main (int argc, char **argv) { + #ifdef HAVE_PWD_H + /* drop root privs */ + if (NULL != pwd) { +- setuid(pwd->pw_uid); ++ if (-1 == setuid(pwd->pw_uid)) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "setuid failed: ", strerror(errno)); ++ return -1; ++ } + } + #endif + #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) |
