diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2021-07-28 23:27:52 -0700 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2021-07-31 14:11:02 +0800 |
commit | 5dcd5071d61fac240ff95672778ba1eed1312a03 (patch) | |
tree | 3a74cd7255ebc1bae5c19770e4f37b1da1d6f3fc /meta/recipes-core/systemd/systemd/0003-sd-dhcp-client-logs-when-dhcp-client-unexpectedly-ga.patch | |
parent | db6dc9aa669d1f41fb52685754c07fe5c9feec86 (diff) | |
download | openembedded-core-contrib-5dcd5071d61fac240ff95672778ba1eed1312a03.tar.gz |
systemd: fix CVE-2020-13529
Backport patches to fix CVE-2020-13529.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-core/systemd/systemd/0003-sd-dhcp-client-logs-when-dhcp-client-unexpectedly-ga.patch')
-rw-r--r-- | meta/recipes-core/systemd/systemd/0003-sd-dhcp-client-logs-when-dhcp-client-unexpectedly-ga.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/0003-sd-dhcp-client-logs-when-dhcp-client-unexpectedly-ga.patch b/meta/recipes-core/systemd/systemd/0003-sd-dhcp-client-logs-when-dhcp-client-unexpectedly-ga.patch new file mode 100644 index 0000000000..07c7da8c21 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0003-sd-dhcp-client-logs-when-dhcp-client-unexpectedly-ga.patch @@ -0,0 +1,69 @@ +From 0ad3b0fffe622bffbe9f380c3e4cb99b0961bef5 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 24 Jun 2021 01:14:12 +0900 +Subject: [PATCH] sd-dhcp-client: logs when dhcp client unexpectedly gains a + new lease + +Previously, such situation is handled silently. + +Upstream-Status: Backport +CVE: CVE-2020-13529 +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/libsystemd-network/sd-dhcp-client.c | 23 ++++++++++++----------- + 1 file changed, 12 insertions(+), 11 deletions(-) + +diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c +index ef3a7d2c6b..04a75c6966 100644 +--- a/src/libsystemd-network/sd-dhcp-client.c ++++ b/src/libsystemd-network/sd-dhcp-client.c +@@ -1760,7 +1760,7 @@ static int client_set_lease_timeouts(sd_dhcp_client *client) { + static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, int len) { + DHCP_CLIENT_DONT_DESTROY(client); + char time_string[FORMAT_TIMESPAN_MAX]; +- int r, notify_event = 0; ++ int r, notify_event; + + assert(client); + assert(client->event); +@@ -1815,16 +1815,16 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i + if (r < 0) + goto error; + ++ if (IN_SET(client->state, DHCP_STATE_REQUESTING, DHCP_STATE_REBOOTING)) ++ notify_event = SD_DHCP_CLIENT_EVENT_IP_ACQUIRE; ++ else ++ notify_event = r; ++ + client->start_delay = 0; + (void) event_source_disable(client->timeout_resend); + client->receive_message = sd_event_source_unref(client->receive_message); + client->fd = safe_close(client->fd); + +- if (IN_SET(client->state, DHCP_STATE_REQUESTING, DHCP_STATE_REBOOTING)) +- notify_event = SD_DHCP_CLIENT_EVENT_IP_ACQUIRE; +- else if (r != SD_DHCP_CLIENT_EVENT_IP_ACQUIRE) +- notify_event = r; +- + client->state = DHCP_STATE_BOUND; + client->attempt = 0; + +@@ -1846,12 +1846,13 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i + + client_initialize_io_events(client, client_receive_message_udp); + +- if (notify_event) { ++ if (IN_SET(client->state, DHCP_STATE_RENEWING, DHCP_STATE_REBINDING) && ++ notify_event == SD_DHCP_CLIENT_EVENT_IP_ACQUIRE) ++ /* FIXME: hmm, maybe this is a bug... */ ++ log_dhcp_client(client, "client_handle_ack() returned SD_DHCP_CLIENT_EVENT_IP_ACQUIRE while DHCP client is %s the address, skipping callback.", ++ client->state == DHCP_STATE_RENEWING ? "renewing" : "rebinding"); ++ else + client_notify(client, notify_event); +- if (client->state == DHCP_STATE_STOPPED) +- return 0; +- } +- + break; + + case DHCP_STATE_BOUND: |