1 #! /bin/sh /usr/share/dpatch/dpatch-run
2 ## CVE-2017-7401.dpatch by Chris Lamb <lamby@debian.org>
3 ##
4 ## All lines beginning with `## DP:' are a description of the patch.
5 ## DP: No description.
7 @DPATCH@
8 diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' collectd-5.1.0~/src/network.c collectd-5.1.0/src/network.c
9 --- collectd-5.1.0~/src/network.c 2012-04-02 10:04:58.000000000 +0200
10 +++ collectd-5.1.0/src/network.c 2017-04-04 17:18:08.901258385 +0200
11 @@ -998,14 +998,6 @@
12 buffer_len = *ret_buffer_len;
13 buffer_offset = 0;
15 - if (se->data.server.userdb == NULL)
16 - {
17 - c_complain (LOG_NOTICE, &complain_no_users,
18 - "network plugin: Received signed network packet but can't verify it "
19 - "because no user DB has been configured. Will accept it.");
20 - return (0);
21 - }
22 -
23 /* Check if the buffer has enough data for this structure. */
24 if (buffer_len <= PART_SIGNATURE_SHA256_SIZE)
25 return (-ENOMEM);
26 @@ -1023,6 +1015,18 @@
27 return (-1);
28 }
30 + if (se->data.server.userdb == NULL)
31 + {
32 + c_complain (LOG_NOTICE, &complain_no_users,
33 + "network plugin: Received signed network packet but can't verify it "
34 + "because no user DB has been configured Will accept it.");
35 +
36 + *ret_buffer = buffer + pss_head_length;
37 + *ret_buffer_len -= pss_head_length;
38 +
39 + return (0);
40 + }
41 +
42 /* Copy the hash. */
43 BUFFER_READ (pss.hash, sizeof (pss.hash));