1 #! /bin/sh /usr/share/dpatch/dpatch-run
2 ## bts559801_plugin_find_fix.dpatch by Sebastian Harl <sh@tokkee.org>
3 ##
4 ## DP: plugin: Use strcasecmp rather than strncasecmp to find a plugin.
5 ## DP:
6 ## DP: This makes collectd resistant against vulnerable copies of libltdl
7 ## DP: (CVE-2009-3736).
8 ## DP: See <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559801#15>
9 ## DP: for details.
11 @DPATCH@
13 diff a/src/plugin.c b/src/plugin.c
14 --- a/src/plugin.c
15 +++ b/src/plugin.c
16 @@ -592,7 +592,6 @@
17 const char *dir;
18 char filename[BUFSIZE] = "";
19 char typename[BUFSIZE];
20 - int typename_len;
21 int ret;
22 struct stat statbuf;
23 struct dirent *de;
24 @@ -611,7 +610,6 @@
25 WARNING ("snprintf: truncated: `%s.so'", type);
26 return (-1);
27 }
28 - typename_len = strlen (typename);
30 if ((dh = opendir (dir)) == NULL)
31 {
32 @@ -623,7 +621,7 @@
34 while ((de = readdir (dh)) != NULL)
35 {
36 - if (strncasecmp (de->d_name, typename, typename_len))
37 + if (strcasecmp (de->d_name, typename))
38 continue;
40 status = ssnprintf (filename, sizeof (filename),