diff options
Diffstat (limited to 'meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605_1.patch')
-rw-r--r-- | meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605_1.patch | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605_1.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605_1.patch new file mode 100644 index 0000000000..aa93c5e123 --- /dev/null +++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605_1.patch @@ -0,0 +1,131 @@ +This patch is needed in order to apply the patch for CVE-2015-8605. + +Upstream-Status: Backport (4.3.2+) + +From: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=0ce1aa94454ce9b50d592c08d7e0c559d38d3bc5 + +Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> +--- +From 0ce1aa94454ce9b50d592c08d7e0c559d38d3bc5 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder <tmark@isc.org> +Date: Mon, 8 Sep 2014 09:31:32 -0400 +Subject: [PATCH] [master] Corrected error in UDP bad packet logging + + Merges in rt36897 +--- + common/packet.c | 55 +++++++++++++++++++++++++++++++++++-------------------- + 1 file changed, 35 insertions(+), 20 deletions(-) + +diff --git a/common/packet.c b/common/packet.c +index 45e96e8..7460f3d 100644 +--- a/common/packet.c ++++ b/common/packet.c +@@ -3,7 +3,7 @@ + Packet assembly code, originally contributed by Archie Cobbs. */ + + /* +- * Copyright (c) 2009,2012 by Internet Systems Consortium, Inc. ("ISC") ++ * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 2004,2005,2007 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1996-2003 by Internet Software Consortium + * +@@ -234,12 +234,12 @@ decode_udp_ip_header(struct interface_info *interface, + unsigned char *upp, *endbuf; + u_int32_t ip_len, ulen, pkt_len; + u_int32_t sum, usum; +- static int ip_packets_seen; +- static int ip_packets_bad_checksum; +- static int udp_packets_seen; +- static int udp_packets_bad_checksum; +- static int udp_packets_length_checked; +- static int udp_packets_length_overflow; ++ static unsigned int ip_packets_seen = 0; ++ static unsigned int ip_packets_bad_checksum = 0; ++ static unsigned int udp_packets_seen = 0; ++ static unsigned int udp_packets_bad_checksum = 0; ++ static unsigned int udp_packets_length_checked = 0; ++ static unsigned int udp_packets_length_overflow = 0; + unsigned len; + + /* Designate the end of the input buffer for bounds checks. */ +@@ -287,10 +287,10 @@ decode_udp_ip_header(struct interface_info *interface, + udp_packets_length_checked++; + if ((upp + ulen) > endbuf) { + udp_packets_length_overflow++; +- if ((udp_packets_length_checked > 4) && +- ((udp_packets_length_checked / +- udp_packets_length_overflow) < 2)) { +- log_info("%d udp packets in %d too long - dropped", ++ if (((udp_packets_length_checked > 4) && ++ (udp_packets_length_overflow != 0)) && ++ ((udp_packets_length_checked / udp_packets_length_overflow) < 2)) { ++ log_info("%u udp packets in %u too long - dropped", + udp_packets_length_overflow, + udp_packets_length_checked); + udp_packets_length_overflow = 0; +@@ -299,22 +299,31 @@ decode_udp_ip_header(struct interface_info *interface, + return -1; + } + +- if ((ulen < sizeof(udp)) || ((upp + ulen) > endbuf)) +- return -1; ++ /* If at least 5 with less than 50% bad, start over */ ++ if (udp_packets_length_checked > 4) { ++ udp_packets_length_overflow = 0; ++ udp_packets_length_checked = 0; ++ } + + /* Check the IP header checksum - it should be zero. */ +- ++ip_packets_seen; ++ ip_packets_seen++; + if (wrapsum (checksum (buf + bufix, ip_len, 0))) { + ++ip_packets_bad_checksum; +- if (ip_packets_seen > 4 && +- (ip_packets_seen / ip_packets_bad_checksum) < 2) { +- log_info ("%d bad IP checksums seen in %d packets", ++ if (((ip_packets_seen > 4) && (ip_packets_bad_checksum != 0)) && ++ ((ip_packets_seen / ip_packets_bad_checksum) < 2)) { ++ log_info ("%u bad IP checksums seen in %u packets", + ip_packets_bad_checksum, ip_packets_seen); + ip_packets_seen = ip_packets_bad_checksum = 0; + } + return -1; + } + ++ /* If at least 5 with less than 50% bad, start over */ ++ if (ip_packets_seen > 4) { ++ ip_packets_bad_checksum = 0; ++ ip_packets_seen = 0; ++ } ++ + /* Copy out the IP source address... */ + memcpy(&from->sin_addr, &ip.ip_src, 4); + +@@ -339,15 +348,21 @@ decode_udp_ip_header(struct interface_info *interface, + udp_packets_seen++; + if (usum && usum != sum) { + udp_packets_bad_checksum++; +- if (udp_packets_seen > 4 && +- (udp_packets_seen / udp_packets_bad_checksum) < 2) { +- log_info ("%d bad udp checksums in %d packets", ++ if (((udp_packets_seen > 4) && (udp_packets_bad_checksum != 0)) && ++ ((udp_packets_seen / udp_packets_bad_checksum) < 2)) { ++ log_info ("%u bad udp checksums in %u packets", + udp_packets_bad_checksum, udp_packets_seen); + udp_packets_seen = udp_packets_bad_checksum = 0; + } + return -1; + } + ++ /* If at least 5 with less than 50% bad, start over */ ++ if (udp_packets_seen > 4) { ++ udp_packets_bad_checksum = 0; ++ udp_packets_seen = 0; ++ } ++ + /* Copy out the port... */ + memcpy (&from -> sin_port, &udp.uh_sport, sizeof udp.uh_sport); + +-- +2.6.2 + |