~ubuntu-branches/ubuntu/hardy/nfs-utils/hardy-security

« back to all changes in this revision

Viewing changes to debian/patches/102-SECURITY-CVE-2008-4552.patch

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2008-12-02 13:34:22 UTC
  • mfrom: (31.1.1 hardy-proposed)
  • Revision ID: james.westby@ubuntu.com-20081202133422-y29mmp771uxs6az1
Tags: 1:1.1.2-2ubuntu2.2
* SECURITY UPDATE: netgroups access restrictions bypass from wrong argument
  order
  - debian/patches/102-SECURITY-CVE-2008-4552.patch: call hosts_ctl() with
    right argument order in support/misc/tcpwrapper.c.
  - CVE-2008-4552

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#
 
2
# Description: fix netgroups access restrictions bypass from wrong argument order
 
3
# Patch: http://patch-tracking.debian.net/patch/series/view/nfs-utils/1:1.1.2-6lenny1/08-CVE-2008-4552.patch
 
4
# Vendor: https://bugzilla.redhat.com/show_bug.cgi?id=458676
 
5
#
 
6
Index: nfs-utils-1.1.2/support/misc/tcpwrapper.c
 
7
===================================================================
 
8
--- nfs-utils-1.1.2.orig/support/misc/tcpwrapper.c      2008-12-02 13:35:24.000000000 -0500
 
9
+++ nfs-utils-1.1.2/support/misc/tcpwrapper.c   2008-12-02 13:36:14.000000000 -0500
 
10
@@ -125,12 +125,12 @@
 
11
           return 0;
 
12
 
 
13
    /* Check the official name first. */
 
14
-   if (hosts_ctl(daemon, "", hp->h_name, ""))
 
15
+   if (hosts_ctl(daemon, hp->h_name, "", ""))
 
16
        return 1;
 
17
 
 
18
    /* Check aliases. */
 
19
    for (sp = hp->h_aliases; *sp ; sp++) {
 
20
-       if (hosts_ctl(daemon, "", *sp, ""))
 
21
+       if (hosts_ctl(daemon, *sp, "", ""))
 
22
            return 1;
 
23
    }
 
24