Added upstream patch debian/patches/bts428780-validate-row-count.

Validate the RRA row count in rrdcreate. This closes #428780.

diff --git a/debian/changelog b/debian/changelog
index 64f2a44893685565297aef5a90cc2b9f52afe16d..9b1c2a48a3d2b7f43df3438e37937beb904e76fe 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,9 @@ rrdtool (1.2.28-1) UNRELEASED; urgency=low
     - Fixes a buffer overflow in librrd's error handling (Closes: #450578).
   * debian/control:
     - Updated standards-version to 3.8.0 - no changes.
+  * debian/patches:
+    - Added backported upstream patch bts428780-validate-row-count to validate
+      the RRA row count in rrdcreate (Closes: #428780).
 
   [ Bernd Zeimetz ]
   * debian/rules:
@@ -14,7 +17,7 @@ rrdtool (1.2.28-1) UNRELEASED; urgency=low
   * debian/patches/implicit-decl-fix:
     - Patching the implicit declaration in rrd_update.c in a nicer way.
 
- -- Sebastian Harl <sh@tokkee.org>  Wed, 23 Jul 2008 20:14:19 +0200
+ -- Sebastian Harl <sh@tokkee.org>  Wed, 23 Jul 2008 20:18:38 +0200
 
 rrdtool (1.2.27-2) unstable; urgency=low
 

diff --git a/debian/patches/bts428780-validate-row-count b/debian/patches/bts428780-validate-row-count
new file mode 100644 (file)
index 0000000..e72bbb1
--- /dev/null
+++ b/debian/patches/bts428780-validate-row-count
@@ -0,0 +1,46 @@
+diff a/doc/rrdcreate.pod b/doc/rrdcreate.pod
+--- a/doc/rrdcreate.pod
++++ b/doc/rrdcreate.pod
+@@ -184,6 +184,7 @@ I<steps> defines how many of these I<primary data points> are used to build
+ a I<consolidated data point> which then goes into the archive.
+ 
+ I<rows> defines how many generations of data values are kept in an B<RRA>.
++Obviously, this has to be greater than zero.
+ 
+ =back
+ 
+diff a/src/rrd_create.c b/src/rrd_create.c
+--- a/src/rrd_create.c
++++ b/src/rrd_create.c
+@@ -207,6 +207,7 @@ rrd_create_r(const char *filename,
+             char *argvcopy;
+           char *tokptr;
+           size_t old_size = sizeof(rra_def_t)*(rrd.stat_head->rra_cnt);
++          int row_cnt;
+           if((rrd.rra_def = rrd_realloc(rrd.rra_def,
+                                           old_size+sizeof(rra_def_t)))==NULL)
+           {
+@@ -269,7 +270,10 @@ rrd_create_r(const char *filename,
+                     case CF_SEASONAL:
+                     case CF_DEVPREDICT:
+                     case CF_FAILURES:
+-                        rrd.rra_def[rrd.stat_head->rra_cnt].row_cnt = atoi(token);
++                        row_cnt = atoi(token);
++                        if (row_cnt <= 0)
++                            rrd_set_error("Invalid row count: %i", row_cnt);
++                        rrd.rra_def[rrd.stat_head->rra_cnt].row_cnt = row_cnt;
+                         break;
+                     default:
+                         rrd.rra_def[rrd.stat_head->rra_cnt].par[RRA_cdp_xff_val].u_val = atof(token);
+@@ -350,7 +354,10 @@ rrd_create_r(const char *filename,
+                         rrd_set_error("Unexpected extra argument for consolidation function DEVPREDICT");
+                         break;
+                     default:
+-                        rrd.rra_def[rrd.stat_head->rra_cnt].row_cnt = atoi(token);
++                        row_cnt = atoi(token);
++                        if (row_cnt <= 0)
++                            rrd_set_error("Invalid row count: %i", row_cnt);
++                        rrd.rra_def[rrd.stat_head->rra_cnt].row_cnt = row_cnt;
+                         break;
+                     }
+                     break;

diff --git a/debian/patches/series b/debian/patches/series
index 2591de2c20cd3197c11a1ab34279c566b957d435..8e50c2ad9f1ee2e50301e3fbea81c52ed53ebc07 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,5 @@
 bts428778-floating-point-exception
+bts428780-validate-row-count
 setup.py-module-name
 no-rpath-for-ruby
 no-rpath-for-perl