Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix CVE-2012-2944: upsd can be remotely crashed

NUT server (upsd), from versions 2.4.0 to 2.6.3,  are exposed to
crashes when receiving random data from the network.

This issue is related to the way NUT parses characters, especially
from the network. Non printable characters were missed from strings
operation (such as strlen), but still copied to the buffer, causing
an overflow.

Thus, fix NUT parser, to only allow the subset Ascii charset from
Space to ~

(Reported by Sebastian Pohle, Alioth bug #313636, CVE-2012-2944)

Fossil-ID: SVN r3633
  • Loading branch information...
commit 2d6b47296c2b9345a603054681a4ecfc902d9ebb 1 parent a52c583
@aquette aquette authored
Showing with 7 additions and 0 deletions.
  1. +7 −0 common/parseconf.c
View
7 common/parseconf.c
@@ -171,6 +171,13 @@ static void addchar(PCONF_CTX_t *ctx)
wbuflen = strlen(ctx->wordbuf);
+ /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
+ if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
+ fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
+ ctx->ch);
+ return;
+ }
+
if (ctx->wordlen_limit != 0) {
if (wbuflen >= ctx->wordlen_limit) {
Please sign in to comment.
Something went wrong with that request. Please try again.