Skip to content

Commit 2d6b472

Browse files
committed
Fix CVE-2012-2944: upsd can be remotely crashed
NUT server (upsd), from versions 2.4.0 to 2.6.3, are exposed to crashes when receiving random data from the network. This issue is related to the way NUT parses characters, especially from the network. Non printable characters were missed from strings operation (such as strlen), but still copied to the buffer, causing an overflow. Thus, fix NUT parser, to only allow the subset Ascii charset from Space to ~ (Reported by Sebastian Pohle, Alioth bug #313636, CVE-2012-2944) Fossil-ID: SVN r3633
1 parent a52c583 commit 2d6b472

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

Diff for: common/parseconf.c

+7
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,13 @@ static void addchar(PCONF_CTX_t *ctx)
171171

172172
wbuflen = strlen(ctx->wordbuf);
173173

174+
/* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
175+
if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
176+
fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
177+
ctx->ch);
178+
return;
179+
}
180+
174181
if (ctx->wordlen_limit != 0) {
175182
if (wbuflen >= ctx->wordlen_limit) {
176183

0 commit comments

Comments
 (0)