summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
authorYue Tao <Yue.Tao@windriver.com>2018-04-11 08:21:18 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-05-03 09:52:11 +0100
commitcf029db42a6bb96203d2d6bb64a62e6eeec9be8d (patch)
tree387b55315f584893f17925e199f58de04e4439e9 /meta/recipes-connectivity
parent1c8c163bfb736518f66276eca5765c493b8cc787 (diff)
downloadopenembedded-core-cf029db42a6bb96203d2d6bb64a62e6eeec9be8d.tar.gz
openembedded-core-cf029db42a6bb96203d2d6bb64a62e6eeec9be8d.tar.bz2
openembedded-core-cf029db42a6bb96203d2d6bb64a62e6eeec9be8d.zip
dhcp: Security Advisory - CVE-2017-3144
Fix CVE-2017-3144 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144 https://kb.isc.org/article/AA-01541 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4 (From OE-Core rev: bcbe9025560dee658c0ead566384e1a8647cebf9) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch74
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb1
2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
new file mode 100644
index 0000000000..2b2688cb2f
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
@@ -0,0 +1,74 @@
+From 8cfdedee369c26d2869b6ec4a64460b5f5a30934 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Thu, 7 Dec 2017 11:39:30 -0500
+Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
+
+ Merges in rt46767.
+
+Upstream-Status: Backport
+[https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4]
+
+CVE: CVE-2017-3144
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ RELNOTES | 7 +++++++
+ omapip/buffer.c | 9 +++++++++
+ omapip/message.c | 2 +-
+ 3 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/RELNOTES b/RELNOTES
+index dd40aaf..3741b80 100644
+--- a/RELNOTES
++++ b/RELNOTES
+@@ -66,6 +66,13 @@ We welcome comments from DHCP users, about this or anything else we do.
+ Email Vicky Risk, Product Manager at vicky@isc.org or discuss on
+ dhcp-users@lists.isc.org.
+
++- Plugged a socket descriptor leak in OMAPI, that can occur when there is
++ data pending to be written to an OMAPI connection, when the connection
++ is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing
++ this issue to our attention and whose patch helped guide us in the right
++ direction.
++ [ISc-Bugs #46767]
++
+ Changes since 4.3.6b1
+
+ - None
+diff --git a/omapip/buffer.c b/omapip/buffer.c
+index f7fdc32..809034d 100644
+--- a/omapip/buffer.c
++++ b/omapip/buffer.c
+@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
+ omapi_buffer_dereference (&buffer, MDL);
+ }
+ }
++
++ /* If we had data left to write when we're told to disconnect,
++ * we need recall disconnect, now that we're done writing.
++ * See rt46767. */
++ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
++ omapi_disconnect (h, 1);
++ return ISC_R_SHUTTINGDOWN;
++ }
++
+ return ISC_R_SUCCESS;
+ }
+
+diff --git a/omapip/message.c b/omapip/message.c
+index 59ccdc2..21bcfc3 100644
+--- a/omapip/message.c
++++ b/omapip/message.c
+@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
+ }
+
+ #ifdef DEBUG_PROTOCOL
+-static const char *omapi_message_op_name(int op) {
++const char *omapi_message_op_name(int op) {
+ switch (op) {
+ case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN";
+ case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
+--
+2.7.4
+
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
index 6615ae2555..cc135493e5 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
@@ -12,6 +12,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
file://0010-build-shared-libs.patch \
file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \
file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
+ file://CVE-2017-3144.patch \
"
SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc"