From 5b69ee5f15657e6db7a9de44799aeb1636edcd7b Mon Sep 17 00:00:00 2001
From: Abhijith PA <abhijith@disroot.org>
Date: Fri, 16 Nov 2018 15:10:39 +0530
Subject: [PATCH] keepalived patches

---
 keepalived_deb8u1.debdiff | 71 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 keepalived_deb8u1.debdiff

diff --git a/keepalived_deb8u1.debdiff b/keepalived_deb8u1.debdiff
new file mode 100644
index 0000000..420ec79
--- /dev/null
+++ b/keepalived_deb8u1.debdiff
@@ -0,0 +1,71 @@
+diff -Nru keepalived-1.2.13/debian/changelog keepalived-1.2.13/debian/changelog
+--- keepalived-1.2.13/debian/changelog	2014-05-28 09:01:40.000000000 +0200
++++ keepalived-1.2.13/debian/changelog	2018-11-14 18:42:02.000000000 +0100
+@@ -1,3 +1,11 @@
++keepalived (1:1.2.13-1+deb8u1) jessie-security; urgency=medium
++
++  * Non-maintainer upload by the Debian LTS Team.
++  * Fix CVE-2018-19115: heap-based buffer overflow when parsing HTTP
++    status codes
++
++ -- Abhijith PA <abhijith@disroot.org>  Wed, 14 Nov 2018 23:12:02 +0530
++
+ keepalived (1:1.2.13-1) unstable; urgency=medium
+ 
+   * [1e9c32b] Imported Upstream version 1.2.11
+diff -Nru keepalived-1.2.13/debian/patches/CVE-2018-19115.patch keepalived-1.2.13/debian/patches/CVE-2018-19115.patch
+--- keepalived-1.2.13/debian/patches/CVE-2018-19115.patch	1970-01-01 01:00:00.000000000 +0100
++++ keepalived-1.2.13/debian/patches/CVE-2018-19115.patch	2018-11-14 18:42:02.000000000 +0100
+@@ -0,0 +1,47 @@
++Description: CVE-2018-19115
++ a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or
++ possibly unspecified other impact, because extract_status_code in lib/html.c
++ has no validation of the status code and instead writes an unlimited amount of
++ data to the heap.
++
++Author: Abhijith PA <abhijith@disroot.org>
++Origin: https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9
++Bug: https://bugzilla.suse.com/show_bug.cgi?id=1015141
++Last-Update: 2018-11-14
++
++--- keepalived-1.2.13.orig/lib/html.c
+++++ keepalived-1.2.13/lib/html.c
++@@ -60,23 +60,19 @@ int extract_content_length(char *buffer,
++  */
++ int extract_status_code(char *buffer, int size)
++ {
++-	char *buf_code;
++-	char *begin;
++ 	char *end = buffer + size;
++-	int inc = 0;
++-
++-	/* Allocate the room */
++-	buf_code = (char *)MALLOC(10);
+++	unsigned long code;
++ 
++ 	/* Status-Code extraction */
++-	while (buffer < end && *buffer++ != ' ') ;
++-	begin = buffer;
++-	while (buffer < end && *buffer++ != ' ')
++-		inc++;
++-	strncat(buf_code, begin, inc);
++-	inc = atoi(buf_code);
++-	FREE(buf_code);
++-	return inc;
+++	while (buffer < end && *buffer != ' ' && *buffer != '\r')
+++		buffer++;
+++	buffer++;
+++	if (buffer + 3 >= end || *buffer == ' ' || buffer[3] != ' ')
+++		return 0;
+++	code = strtoul(buffer, &end, 10);
+++	if (buffer + 3 != end)
+++		return 0;
+++	return code;
++ }
++ 
++ /* simple function returning a pointer to the html buffer begin */
+diff -Nru keepalived-1.2.13/debian/patches/series keepalived-1.2.13/debian/patches/series
+--- keepalived-1.2.13/debian/patches/series	2014-05-28 08:23:59.000000000 +0200
++++ keepalived-1.2.13/debian/patches/series	2018-11-14 18:42:02.000000000 +0100
+@@ -0,0 +1 @@
++CVE-2018-19115.patch
-- 
GitLab