File namazu-2.0.18-CVE-2011-4345-XSS.patch of Package namazu.import5528
Index: namazu-2.0.18/nmz/codeconv.c
===================================================================
--- namazu-2.0.18.orig/nmz/codeconv.c
+++ namazu-2.0.18/nmz/codeconv.c
@@ -400,6 +400,71 @@ zen2han(char *str)
*(s + q) = '\0';
}
+static void
+check_eucjp(uchar *s)
+{
+ int i;
+ size_t num;
+
+ num = strlen((char *)s);
+ i = 0;
+ while (i < num) {
+ if (s[i] >= 0x20 && s[i] <= 0x7e) {
+ i++;
+ }
+ else if (s[i] >= 0xa1 && s[i] <= 0xfe) {
+ if (i + 1 < num) {
+ if (s[i + 1] >= 0xa1 && s[i + 1] <= 0xfe) {
+ i += 2;
+ }
+ else {
+ s[i++] = ' ';
+ s[i++] = ' ';
+ }
+ }
+ else {
+ s[i++] = ' ';
+ }
+ }
+ else if (s[i] == 0x8e) {
+ if (i + 1 < num) {
+ if (s[i + 1] >= 0xa1 && s[i + 1] <= 0xdf) {
+ i += 2;
+ }
+ else {
+ s[i++] = ' ';
+ s[i++] = ' ';
+ }
+ }
+ else {
+ s[i++] = ' ';
+ }
+ }
+ else if (s[i] == 0x8f) {
+ if (i + 2 < num) {
+ if (s[i + 1] >= 0xa1 && s[i + 1] <= 0xfe
+ && s[i + 2] >= 0xa1 && s[i + 2] <= 0xfe) {
+ i += 3;
+ }
+ else {
+ s[i++] = ' ';
+ s[i++] = ' ';
+ s[i++] = ' ';
+ }
+ }
+ else if (i + 1 < num) {
+ s[i++] = ' ';
+ s[i++] = ' ';
+ }
+ else {
+ s[i++] = ' ';
+ }
+ }
+ else {
+ s[i++] = ' ';
+ }
+ }
+}
/*
*
@@ -422,17 +486,24 @@ nmz_codeconv_internal(char *s)
in = (uchar *)s;
if (!nmz_is_lang_ja()) { /* Lang != ja */
+ for (i = 0; i < strlen(s); i++) {
+ if (s[i] < 0x20 || s[i] >= 0x7f) {
+ s[i] = ' ';
+ }
+ }
return 0;
}
for (i = 0, m = 0, n = 0, f = 0; *(in + i); i++) {
if (*(in + i) == ESC) {
jistoeuc(in);
+ check_eucjp(in);
return 1;
}
if (*(in + i) > (uchar) '\x80')
m++, f = f ? 0 : 1;
else if (f) {
sjistoeuc(in);
+ check_eucjp(in);
return 1;
}
if (*(in + i) > (uchar) '\xa0')
@@ -440,10 +511,14 @@ nmz_codeconv_internal(char *s)
}
if (m != n) {
sjistoeuc(in);
+ check_eucjp(in);
return 1;
}
- if (n)
+ if (n) {
+ check_eucjp(in);
return 1;
+ }
+ check_eucjp(in);
return 0;
}
Index: namazu-2.0.18/pltests/alltests.pl.in
===================================================================
--- namazu-2.0.18.orig/pltests/alltests.pl.in
+++ namazu-2.0.18/pltests/alltests.pl.in
@@ -44,6 +44,7 @@ my @TESTS = (
'namazu-cgi-7.pl', 'namazu-cgi-8.pl',
'namazu-cgi-9.pl', 'namazu-cgi-10.pl',
'namazu-cgi-12.pl',
+ 'ja-namazu-cgi-3.pl',
'chasen-1.pl', 'chasen-2.pl', 'chasen-3.pl',
'mecab-1.pl', 'mecab-2.pl', 'mecab-3.pl',
'kakasi-1.pl', 'kakasi-2.pl', 'kakasi-3.pl',
Index: namazu-2.0.18/pltests/Makefile.am
===================================================================
--- namazu-2.0.18.orig/pltests/Makefile.am
+++ namazu-2.0.18/pltests/Makefile.am
@@ -23,6 +23,7 @@ PROGRAM = alltests.pl pltests.pl \
namazu-cgi-7.pl namazu-cgi-8.pl \
namazu-cgi-9.pl namazu-cgi-10.pl \
namazu-cgi-12.pl \
+ ja-namazu-cgi-3.pl \
chasen-1.pl chasen-2.pl chasen-3.pl \
mecab-1.pl mecab-2.pl mecab-3.pl \
kakasi-1.pl kakasi-2.pl kakasi-3.pl
@@ -48,6 +49,7 @@ EXTRA_DIST = pltests.pl.in \
namazu-cgi-7.pl.in namazu-cgi-8.pl.in \
namazu-cgi-9.pl.in namazu-cgi-10.pl.in \
namazu-cgi-12.pl.in \
+ ja-namazu-cgi-3.pl.in \
chasen-1.pl.in chasen-2.pl.in chasen-3.pl.in \
mecab-1.pl.in mecab-2.pl.in mecab-3.pl.in \
kakasi-1.pl.in kakasi-2.pl.in kakasi-3.pl.in
@@ -283,6 +285,11 @@ namazu-cgi-12.pl: namazu-cgi-12.pl.in pl
sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
mv $@.tmp $@
chmod +x $@
+
+ja-namazu-cgi-3.pl: ja-namazu-cgi-3.pl.in pltests.pl.in Makefile
+ sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
+ mv $@.tmp $@
+ chmod +x $@
chasen-1.pl: chasen-1.pl.in pltests.pl.in Makefile
sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
Index: namazu-2.0.18/pltests/Makefile.in
===================================================================
--- namazu-2.0.18.orig/pltests/Makefile.in
+++ namazu-2.0.18/pltests/Makefile.in
@@ -158,6 +158,7 @@ PROGRAM = alltests.pl pltests.pl \
namazu-cgi-7.pl namazu-cgi-8.pl \
namazu-cgi-9.pl namazu-cgi-10.pl \
namazu-cgi-12.pl \
+ ja-namazu-cgi-3.pl \
chasen-1.pl chasen-2.pl chasen-3.pl \
mecab-1.pl mecab-2.pl mecab-3.pl \
kakasi-1.pl kakasi-2.pl kakasi-3.pl
@@ -184,6 +185,7 @@ EXTRA_DIST = pltests.pl.in \
namazu-cgi-7.pl.in namazu-cgi-8.pl.in \
namazu-cgi-9.pl.in namazu-cgi-10.pl.in \
namazu-cgi-12.pl.in \
+ ja-namazu-cgi-3.pl.in \
chasen-1.pl.in chasen-2.pl.in chasen-3.pl.in \
mecab-1.pl.in mecab-2.pl.in mecab-3.pl.in \
kakasi-1.pl.in kakasi-2.pl.in kakasi-3.pl.in
@@ -590,6 +592,11 @@ namazu-cgi-12.pl: namazu-cgi-12.pl.in pl
sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
mv $@.tmp $@
chmod +x $@
+
+ja-namazu-cgi-3.pl: ja-namazu-cgi-3.pl.in pltests.pl.in Makefile
+ sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
+ mv $@.tmp $@
+ chmod +x $@
chasen-1.pl: chasen-1.pl.in pltests.pl.in Makefile
sed -e 's!%PERL%!$(PERL)!g' $(srcdir)/$@.in > $@.tmp
Index: namazu-2.0.18/tests/Makefile.am
===================================================================
--- namazu-2.0.18.orig/tests/Makefile.am
+++ namazu-2.0.18/tests/Makefile.am
@@ -17,7 +17,10 @@ TESTS = mknmz-1 mknmz-2 mknmz-3 mknmz-4
namazu-cgi-1 namazu-cgi-2 namazu-cgi-3 namazu-cgi-4 \
namazu-cgi-5 namazu-cgi-6 namazu-cgi-7 namazu-cgi-8 \
namazu-cgi-9 namazu-cgi-10 namazu-cgi-11 \
- ja-mknmz-1 ja-namazu-cgi-1 ja-namazu-1
+ ja-mknmz-1 ja-namazu-cgi-1 \
+ ja-namazu-cgi-3 ja-namazu-1
+
+distclean: clean-local
clean-local:
rm -rf test-log tmp-data tmp.* idx[0-9]* ja-idx[0-9]*
Index: namazu-2.0.18/tests/Makefile.in
===================================================================
--- namazu-2.0.18.orig/tests/Makefile.in
+++ namazu-2.0.18/tests/Makefile.in
@@ -152,7 +152,8 @@ TESTS = mknmz-1 mknmz-2 mknmz-3 mknmz-4
namazu-cgi-1 namazu-cgi-2 namazu-cgi-3 namazu-cgi-4 \
namazu-cgi-5 namazu-cgi-6 namazu-cgi-7 namazu-cgi-8 \
namazu-cgi-9 namazu-cgi-10 namazu-cgi-11 \
- ja-mknmz-1 ja-namazu-cgi-1 ja-namazu-1
+ ja-mknmz-1 ja-namazu-cgi-1 \
+ ja-namazu-cgi-3 ja-namazu-1
EXTRA_DIST = $(TESTS) select-data commonfuncs
@@ -465,6 +466,8 @@ uninstall-info: uninstall-info-recursive
uninstall-info-recursive uninstall-recursive
+distclean: clean-local
+
clean-local:
rm -rf test-log tmp-data tmp.* idx[0-9]* ja-idx[0-9]*
# Tell versions [3.59,3.63) of GNU make to not export all variables.
Index: namazu-2.0.18/pltests/ja-namazu-cgi-3.pl.in
===================================================================
--- /dev/null
+++ namazu-2.0.18/pltests/ja-namazu-cgi-3.pl.in
@@ -0,0 +1,90 @@
+#!%PERL% -w
+#
+# $Id: ja-namazu-cgi-3.pl.in,v 1.1.2.1 2011-07-18 13:32:49 opengl2772 Exp $
+# Copyright (C) 2007 Tadamasa Teranishi
+# 2007,2011 Namazu Project All rights reserved.
+# This is free software with ABSOLUTELY NO WARRANTY.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either versions 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+# 02111-1307, USA
+#
+# This file must be encoded in EUC-JP encoding
+#
+
+#
+# Test for cross-site scripting vulnerability with IE6,IE7 and wrong EUC-JP chracter code.
+#
+
+use strict;
+require Cwd;
+use File::Copy;
+require 'pltests.pl';
+
+my $cwd = Cwd::cwd();
+my $LOG = "$cwd/test-log";
+my $INDEX = "$cwd/idx1";
+my $NAMAZU = pltests::binpath('namazu.cgi');
+my $RC = pltests::binpath('.namazurc');
+
+my @cmd;
+
+$ENV{'SCRIPT_NAME'} = 'namazu.cgi';
+$ENV{'QUERY_STRING'} = 'query=%8F%EF%9C/%20%8F%EF%9E%20%8F%EF%9C/';
+
+pltests::putline($LOG, " *** starting $0");
+
+if ($English::OSNAME eq "MSWin32" || $English::OSNAME eq "os2") {
+ pltests::putline($LOG, "Skipping because of MSWin32 or os2: $0");
+ exit 77;
+}
+
+if (pltests::get_lang() !~ /^ja/) {
+ pltests::putline($LOG, "Skipping because of LANG does not begin with ja: $0");
+ exit 77;
+}
+
+if (-f $RC) {
+ unlink("$RC");
+}
+pltests::putline($RC, "Index $INDEX");
+pltests::duprcs($RC);
+
+my $ascii = '[\x00-\x7F]';
+my $twoBytes = '(?:[\x8E\xA1-\xFE][\xA1-\xFE])';
+my $threeBytes = '(?:\x8F[\xA1-\xFE][xA1-\xFE])';
+my $character = "(?:$ascii|$twoBytes|$threeBytes)";
+
+@cmd = ("$NAMAZU");
+my ($staus, $result, $conts_err) = pltests::ezsyscmd(\@cmd);
+$result =~ s/$character//g;
+$result =~ s/[\n\r]//g;
+pltests::putline($LOG, "\"$result\"");
+exit 1 if $result;
+
+$ENV{'QUERY_STRING'} = 'query=%8F%AF%82%20';
+@cmd = ("$NAMAZU");
+($staus, $result, $conts_err) = pltests::ezsyscmd(\@cmd);
+$result =~ s/$character//g;
+$result =~ s/[\n\r]//g;
+pltests::putline($LOG, "\"$result\"");
+exit 1 if $result;
+
+exit 0;
+
+END {
+ if (-f $RC) {
+ unlink("$RC");
+ }
+}
Index: namazu-2.0.18/tests/ja-namazu-cgi-3
===================================================================
--- /dev/null
+++ namazu-2.0.18/tests/ja-namazu-cgi-3
@@ -0,0 +1,80 @@
+#! /bin/sh
+#
+# Test for cross-site scripting vulnerability with IE6,IE7 and wrong EUC-JP chracter code.
+#
+LOG=`pwd`/test-log
+echo ' *** starting ' $0 >>$LOG
+. ${srcdir}/commonfuncs
+
+EXEC=no
+
+lc_all=$LC_ALL
+lc_ctype=$LC_CTYPE
+lang=$LANG
+
+for ctype in "$lc_all" "$lc_ctype" "$lang"; do
+ if test -n "$ctype" -a "$ctype" = "C"; then
+ ctype="en"
+ break
+ fi
+ cand=`echo "$ctype" | LC_ALL="C" perl -nle 'print $1 if /^(..)/'`
+ if test -n "$cand"; then
+ ctype=$cand
+ break
+ fi
+done
+
+case $ctype in
+ ja*)
+ EXEC=yes
+ ;;
+esac
+if [ $EXEC = 'no' ]
+then
+ echo "Skipping because of LANG does not begin with ja: $0" >> $LOG
+ exit 77
+fi
+
+unset LANGUAGE
+unset LC_ALL
+unset LC_MESSAGES
+unset LC_CTYPE
+unset LANG
+
+
+pwd=`pwd`
+tmprc="$pwd/../src/.namazurc"
+echo "Index ../tests/idx1" > $tmprc
+echo "Lang ja" >> $tmprc
+duprcs
+cd ../src
+
+perl << 'TEST' >> $LOG
+ my $query = 'query=%8F%EF%9C/%8F%EF%9E%20%8F%EF%9C';
+ $ENV{'SCRIPT_NAME'} = 'namazu.cgi';
+ $ENV{'QUERY_STRING'} = $query;
+ my $cmd = "./namazu.cgi";
+ my $result = `$cmd 2>&1`;
+
+ my $ascii = '[\x00-\x7F]';
+ my $twoBytes = '(?:[\x8E\xA1-\xFE][\xA1-\xFE])';
+ my $threeBytes = '(?:\x8F[\xA1-\xFE][xA1-\xFE])';
+ my $character = "(?:$ascii|$twoBytes|$threeBytes)";
+ $result =~ s/$character//g;
+ $result =~ s/[\n\r]//g;
+ print "\"$result\"\n";
+ exit 1 if $result;
+
+ $query = 'query=%8F%AF%82%20';
+ $ENV{'QUERY_STRING'} = $query;
+ $result = `$cmd 2>&1`;
+ $result =~ s/$character//g;
+ $result =~ s/[\n\r]//g;
+ print "\"$result\"\n";
+ exit 1 if $result;
+
+ exit 0;
+TEST
+result=$?
+rm -f $tmprc
+exit $result
