--- /dev/null
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04_CVE-2008-1614.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Libtool update
+
+@DPATCH@
+--- suphp-0.6.2.orig/src/API_Linux.hpp
++++ suphp-0.6.2/src/API_Linux.hpp
+@@ -169,6 +169,11 @@
+ virtual GroupInfo File_getGroup(const File& file) const
+ throw (SystemException);
+
++ /**
++ * Checks whether a file is a symlink
++ */
++ virtual bool File_isSymlink(const File& file) const throw (SystemException);
++
+ /**
+ * Runs another program (replaces current process)
+ */
+only in patch2:
+unchanged:
+--- suphp-0.6.2.orig/src/File.cpp
++++ suphp-0.6.2/src/File.cpp
+@@ -57,6 +57,9 @@
+ File suPHP::File::getParentDirectory() const {
+ std::string path = this->getPath();
+ path = path.substr(0, path.rfind('/'));
++ if (path.length() == 0) {
++ path = "/";
++ }
+ return File(path);
+ }
+
+@@ -104,3 +107,7 @@
+ GroupInfo suPHP::File::getGroup() const throw (SystemException) {
+ return API_Helper::getSystemAPI().File_getGroup(*this);
+ }
++
++bool suPHP::File::isSymlink() const throw (SystemException) {
++ return API_Helper::getSystemAPI().File_isSymlink(*this);
++}
+only in patch2:
+unchanged:
+--- suphp-0.6.2.orig/src/Application.hpp
++++ suphp-0.6.2/src/Application.hpp
+@@ -107,6 +107,14 @@
+ const Configuration& config) const
+ throw (SoftException);
+
++
++ /**
++ * Checks ownership and permissions for parent directories
++ */
++ void checkParentDirectories(const File& file,
++ const UserInfo& owner,
++ const Configuration& config) const
++ throw (SoftException);
+
+ public:
+ /**
+only in patch2:
+unchanged:
+--- suphp-0.6.2.orig/src/Application.cpp
++++ suphp-0.6.2/src/Application.cpp
+@@ -177,6 +177,7 @@
+ throw (SystemException, SoftException) {
+ Logger& logger = API_Helper::getSystemAPI().getSystemLogger();
+ File scriptFile = File(scriptFilename);
++ File realScriptFile = File(scriptFile.getRealPath());
+
+ // Check wheter file exists
+ if (!scriptFile.exists()) {
+@@ -184,11 +185,13 @@
+ logger.logWarning(error);
+ throw SoftException(error, __FILE__, __LINE__);
+ }
+-
+- // Get full path to script file
+-
+- File realScriptFile = File(scriptFile.getRealPath());
+- File directory = realScriptFile.getParentDirectory();
++ if (!realScriptFile.exists()) {
++ std::string error = "File " + realScriptFile.getPath()
++ + " referenced by symlink " +scriptFile.getPath()
++ + " does not exist";
++ logger.logWarning(error);
++ throw SoftException(error, __FILE__, __LINE__);
++ }
+
+ // Check wheter script is in docroot
+ if (realScriptFile.getPath().find(config.getDocroot()) != 0) {
+@@ -213,8 +216,19 @@
+ logger.logWarning(error);
+ throw SoftException(error, __FILE__, __LINE__);
+ }
++ if (config.getCheckVHostDocroot()
++ && scriptFile.getPath().find(environment.getVar("DOCUMENT_ROOT"))
++ != 0) {
++
++ std::string error = "File \"" + scriptFile.getPath()
++ + "\" is not in document root of Vhost \""
++ + environment.getVar("DOCUMENT_ROOT") + "\"";
++ logger.logWarning(error);
++ throw SoftException(error, __FILE__, __LINE__);
++ }
+
+- // Check script and directory permissions
++ // Check script permissions
++ // Directories will be checked later
+ if (!realScriptFile.hasUserReadBit()) {
+ std::string error = "File \"" + realScriptFile.getPath()
+ + "\" not readable";
+@@ -231,14 +245,6 @@
+ throw SoftException(error, __FILE__, __LINE__);
+ }
+
+- if (!config.getAllowDirectoryGroupWriteable()
+- && directory.hasGroupWriteBit()) {
+- std::string error = "Directory \"" + directory.getPath()
+- + "\" is writeable by group";
+- logger.logWarning(error);
+- throw SoftException(error, __FILE__, __LINE__);
+- }
+-
+ if (!config.getAllowFileOthersWriteable()
+ && realScriptFile.hasOthersWriteBit()) {
+ std::string error = "File \"" + realScriptFile.getPath()
+@@ -247,14 +253,6 @@
+ throw SoftException(error, __FILE__, __LINE__);
+ }
+
+- if (!config.getAllowDirectoryOthersWriteable()
+- && directory.hasOthersWriteBit()) {
+- std::string error = "Directory \"" + directory.getPath()
+- + "\" is writeable by others";
+- logger.logWarning(error);
+- throw SoftException(error, __FILE__, __LINE__);
+- }
+-
+ // Check UID/GID of symlink is matching target
+ if (scriptFile.getUser() != realScriptFile.getUser()
+ || scriptFile.getGroup() != realScriptFile.getGroup()) {
+@@ -274,7 +272,8 @@
+ UserInfo targetUser;
+ GroupInfo targetGroup;
+
+- File scriptFile = File(File(scriptFilename).getRealPath());
++ File scriptFile = File(scriptFilename);
++ File realScriptFile = File(scriptFile.getRealPath());
+ API& api = API_Helper::getSystemAPI();
+ Logger& logger = api.getSystemLogger();
+
+@@ -360,7 +359,11 @@
+ throw SoftException(error, __FILE__, __LINE__);
+ }
+ #endif // OPT_USERGROUP_PARANOID
+-
++
++ // Check directory ownership and permissions
++ checkParentDirectories(realScriptFile, targetUser, config);
++ checkParentDirectories(scriptFile, targetUser, config);
++
+ // Common code used for all modes
+
+ // Set new group first, because we still need super-user privileges
+@@ -480,6 +483,43 @@
+ }
+
+
++void suPHP::Application::checkParentDirectories(const File& file,
++ const UserInfo& owner,
++ const Configuration& config) const throw (SoftException) {
++ File directory = file;
++ Logger& logger = API_Helper::getSystemAPI().getSystemLogger();
++ do {
++ directory = directory.getParentDirectory();
++
++ UserInfo directoryOwner = directory.getUser();
++ if (directoryOwner != owner && !directoryOwner.isSuperUser()) {
++ std::string error = "Directory " + directory.getPath()
++ + " is not owned by " + owner.getUsername();
++ logger.logWarning(error);
++ throw SoftException(error, __FILE__, __LINE__);
++ }
++
++ if (!directory.isSymlink()
++ && !config.getAllowDirectoryGroupWriteable()
++ && directory.hasGroupWriteBit()) {
++ std::string error = "Directory \"" + directory.getPath()
++ + "\" is writeable by group";
++ logger.logWarning(error);
++ throw SoftException(error, __FILE__, __LINE__);
++ }
++
++ if (!directory.isSymlink()
++ && !config.getAllowDirectoryOthersWriteable()
++ && directory.hasOthersWriteBit()) {
++ std::string error = "Directory \"" + directory.getPath()
++ + "\" is writeable by others";
++ logger.logWarning(error);
++ throw SoftException(error, __FILE__, __LINE__);
++ }
++ } while (directory.getPath() != "/");
++}
++
++
+ int main(int argc, char **argv) {
+ try {
+ API& api = API_Helper::getSystemAPI();
+only in patch2:
+unchanged:
+--- suphp-0.6.2.orig/src/API_Linux.cpp
++++ suphp-0.6.2/src/API_Linux.cpp
+@@ -225,10 +225,10 @@
+
+ bool suPHP::API_Linux::File_exists(const File& file) const {
+ struct stat dummy;
+- if (::stat(file.getPath().c_str(), &dummy) == 0)
+- return true;
++ if (::lstat(file.getPath().c_str(), &dummy) == 0)
++ return true;
+ else
+- return false;
++ return false;
+ }
+
+ std::string suPHP::API_Linux::File_getRealPath(const File& file) const
+@@ -304,7 +304,7 @@
+ bool suPHP::API_Linux::File_hasPermissionBit(const File& file, FileMode perm)
+ const throw (SystemException) {
+ struct stat temp;
+- if (stat(file.getPath().c_str(), &temp) == -1) {
++ if (lstat(file.getPath().c_str(), &temp) == -1) {
+ throw SystemException(std::string("Could not stat \"")
+ + file.getPath() + "\": "
+ + ::strerror(errno), __FILE__, __LINE__);
+@@ -362,7 +362,7 @@
+ UserInfo suPHP::API_Linux::File_getUser(const File& file) const
+ throw (SystemException) {
+ struct stat temp;
+- if (stat(file.getPath().c_str(), &temp) == -1) {
++ if (lstat(file.getPath().c_str(), &temp) == -1) {
+ throw SystemException(std::string("Could not stat \"")
+ + file.getPath() + "\": "
+ + ::strerror(errno), __FILE__, __LINE__);
+@@ -373,7 +373,7 @@
+ GroupInfo suPHP::API_Linux::File_getGroup(const File& file) const
+ throw (SystemException) {
+ struct stat temp;
+- if (stat(file.getPath().c_str(), &temp) == -1) {
++ if (lstat(file.getPath().c_str(), &temp) == -1) {
+ throw SystemException(std::string("Could not stat \"")
+ + file.getPath() + "\": "
+ + ::strerror(errno), __FILE__, __LINE__);
+@@ -382,6 +382,11 @@
+ }
+
+
++bool suPHP::API_Linux::File_isSymlink(const File& file) const throw (SystemException) {
++ return this->isSymlink(file.getPath());
++}
++
++
+ void suPHP::API_Linux::execute(std::string program, const CommandLine& cline,
+ const Environment& env) const
+ throw (SystemException) {
+only in patch2:
+unchanged:
+--- suphp-0.6.2.orig/src/File.hpp
++++ suphp-0.6.2/src/File.hpp
+@@ -143,7 +143,11 @@
+ * Returns owning group of file
+ */
+ GroupInfo getGroup() const throw (SystemException);
+-
++
++ /**
++ * Checks whether this file is a symlink
++ */
++ bool isSymlink() const throw (SystemException);
+ };
+ };
+
+only in patch2:
+unchanged:
+--- suphp-0.6.2.orig/src/API.hpp
++++ suphp-0.6.2/src/API.hpp
+@@ -157,6 +157,12 @@
+ virtual GroupInfo File_getGroup(const File& file) const
+ throw (SystemException) =0;
+
++ /**
++ * Checks whether a file is a symlink
++ */
++ virtual bool File_isSymlink(const File& file) const
++ throw (SystemException) =0;
++
+ /**
+ * Runs another program (replaces current process)
+ */
projects / manu / suphp.git / blobdiff