Date: Fri, 29 Sep 2006 13:01:32 +0800 From: chinsan <chinsan.tw@gmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: simon@FreeBSD.org Subject: ports/103798: [MAINTAINER] www/dokuwiki: Fix security issue(Image resize DOS-Attack) Message-ID: <20060929050605.5265B2E9DF@smtp2.bc.hgc.com.tw> Resent-Message-ID: <200609290510.k8T5AICJ041176@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 103798 >Category: ports >Synopsis: [MAINTAINER] www/dokuwiki: Fix security issue(Image resize DOS-Attack) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Sep 29 05:10:18 GMT 2006 >Closed-Date: >Last-Modified: >Originator: chinsan >Release: FreeBSD 6.2-PRERELEASE i386 >Organization: Taiwan >Environment: System: FreeBSD BSD6.giga.hgc.com.tw 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #6: Thu Sep 14 09:46:10 CST 2006 >Description: - Fix security issue(Image resize DOS-Attack in fetch.php) http://bugs.splitbrain.org/?do=details&id=924 Notified by simon@, thanks. Added file(s): - files/patch-lib-exe-fetch.php Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- dokuwiki-20060309_5.patch begins here --- diff -ruN --exclude=CVS /usr/ports/www/dokuwiki/Makefile /usr/home/chinsan/project/dokuwiki/Makefile --- /usr/ports/www/dokuwiki/Makefile Sat Jun 24 05:09:31 2006 +++ /usr/home/chinsan/project/dokuwiki/Makefile Fri Sep 29 12:57:49 2006 @@ -7,7 +7,7 @@ PORTNAME= dokuwiki PORTVERSION= ${DIST_VER:S/${PORTNAME}//:S/-//g} -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= www MASTER_SITES= http://www.splitbrain.org/_media/projects/dokuwiki/ \ http://dev.splitbrain.org/browse/snapshots/ @@ -83,6 +83,9 @@ ${WRKSRC}/conf/dokuwiki.php @${FIND} ${WRKSRC}/conf -name "*.php.bak" -delete .endif + +post-patch: + @${FIND} ${WRKSRC}/lib/exe -name "*.orig" -delete pre-install: @${TOUCH} ${WRKSRC}/data/changes.log diff -ruN --exclude=CVS /usr/ports/www/dokuwiki/files/patch-lib-exe-fetch.php /usr/home/chinsan/project/dokuwiki/files/patch-lib-exe-fetch.php --- /usr/ports/www/dokuwiki/files/patch-lib-exe-fetch.php Thu Jan 1 08:00:00 1970 +++ /usr/home/chinsan/project/dokuwiki/files/patch-lib-exe-fetch.php Fri Sep 29 12:55:39 2006 @@ -0,0 +1,24 @@ +--- lib/exe/fetch.php.bak Fri Mar 10 04:32:34 2006 ++++ lib/exe/fetch.php Fri Sep 29 12:54:09 2006 +@@ -21,8 +21,8 @@ + //get input + $MEDIA = getID('media',false); // no cleaning - maybe external + $CACHE = calc_cache($_REQUEST['cache']); +- $WIDTH = $_REQUEST['w']; +- $HEIGHT = $_REQUEST['h']; ++ $WIDTH = (int) $_REQUEST['w']; ++ $HEIGHT = (int) $_REQUEST['h']; + list($EXT,$MIME) = mimetype($MEDIA); + if($EXT === false){ + $EXT = 'unknown'; +@@ -198,6 +198,10 @@ + $info = getimagesize($file); + if(!$h) $h = round(($w * $info[1]) / $info[0]); + ++ /* ++ * This is the fix for http://bugs.splitbrain.org/?do=details&id=924 ++ */ ++ if($w > 2000 || $h > 2000) return $file; + + //cache + $local = getCacheName($file,'.media.'.$w.'x'.$h.'.'.$ext); --- dokuwiki-20060309_5.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060929050605.5265B2E9DF>