Browse code
Fix CVE-2017-15908 dns packet loop fix
Change-Id: Iced4b4e76454872ea40fd44af90a7d06c1f025c2
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4261
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Vinay Kulkarni <kulkarniv@vmware.com>
Vinay Kulkarni authored on 2017/11/10 09:03:38Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,36 @@ |
| 0 |
+From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
|
| 2 |
+Date: Wed, 25 Oct 2017 11:19:19 +0200 |
|
| 3 |
+Subject: [PATCH] resolved: fix loop on packets with pseudo dns types |
|
| 4 |
+ |
|
| 5 |
+Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. |
|
| 6 |
+ |
|
| 7 |
+https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 |
|
| 8 |
+--- |
|
| 9 |
+ src/resolve/resolved-dns-packet.c | 6 +----- |
|
| 10 |
+ 1 file changed, 1 insertion(+), 5 deletions(-) |
|
| 11 |
+ |
|
| 12 |
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c |
|
| 13 |
+index e2f227bfc6..35f4d0689b 100644 |
|
| 14 |
+--- a/src/resolve/resolved-dns-packet.c |
|
| 15 |
+@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta |
|
| 16 |
+ |
|
| 17 |
+ found = true; |
|
| 18 |
+ |
|
| 19 |
+- while (bitmask) {
|
|
| 20 |
++ for (; bitmask; bit++, bitmask >>= 1) |
|
| 21 |
+ if (bitmap[i] & bitmask) {
|
|
| 22 |
+ uint16_t n; |
|
| 23 |
+ |
|
| 24 |
+@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta |
|
| 25 |
+ if (r < 0) |
|
| 26 |
+ return r; |
|
| 27 |
+ } |
|
| 28 |
+- |
|
| 29 |
+- bit++; |
|
| 30 |
+- bitmask >>= 1; |
|
| 31 |
+- } |
|
| 32 |
+ } |
|
| 33 |
+ |
|
| 34 |
+ if (!found) |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: Systemd-233 |
| 2 | 2 |
Name: systemd |
| 3 | 3 |
Version: 233 |
| 4 |
-Release: 10%{?dist}
|
|
| 4 |
+Release: 11%{?dist}
|
|
| 5 | 5 |
License: LGPLv2+ and GPLv2+ and MIT |
| 6 | 6 |
URL: http://www.freedesktop.org/wiki/Software/systemd/ |
| 7 | 7 |
Group: System Environment/Security |
| ... | ... |
@@ -27,6 +27,7 @@ Patch9: systemd-233-CVE-2017-1000082-1.patch |
| 27 | 27 |
Patch10: systemd-233-CVE-2017-1000082-2.patch |
| 28 | 28 |
Patch11: systemd-233-ra-improvements.patch |
| 29 | 29 |
Patch12: systemd-233-link-disabled-nullptr-fix.patch |
| 30 |
+Patch13: systemd-228-CVE-2017-15908-dns-pkt-loop-fix.patch |
|
| 30 | 31 |
|
| 31 | 32 |
Requires: Linux-PAM |
| 32 | 33 |
Requires: libcap |
| ... | ... |
@@ -93,6 +94,7 @@ sed -i "/xlocale.h/d" src/basic/parse-util.c |
| 93 | 93 |
%patch10 -p1 |
| 94 | 94 |
%patch11 -p1 |
| 95 | 95 |
%patch12 -p1 |
| 96 |
+%patch13 -p1 |
|
| 96 | 97 |
|
| 97 | 98 |
sed -i "s#\#DefaultTasksMax=512#DefaultTasksMax=infinity#g" src/core/system.conf |
| 98 | 99 |
|
| ... | ... |
@@ -241,6 +243,8 @@ rm -rf %{buildroot}/*
|
| 241 | 241 |
%files lang -f %{name}.lang
|
| 242 | 242 |
|
| 243 | 243 |
%changelog |
| 244 |
+* Thu Nov 09 2017 Vinay Kulkarni <kulkarniv@vmware.com> 233-11 |
|
| 245 |
+- Fix CVE-2017-15908 dns packet loop fix. |
|
| 244 | 246 |
* Tue Nov 07 2017 Vinay Kulkarni <kulkarniv@vmware.com> 233-10 |
| 245 | 247 |
- Fix nullptr access during link disable. |
| 246 | 248 |
* Mon Sep 18 2017 Anish Swaminathan <anishs@vmware.com> 233-9 |