Change-Id: Iaeb03cb475c372a026f6ccf7c5347c46ddc3b2ce
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4258
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Dheeraj S Shetty <dheerajs@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,36 @@ |
0 |
+From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
|
2 |
+Date: Wed, 25 Oct 2017 11:19:19 +0200 |
|
3 |
+Subject: [PATCH] resolved: fix loop on packets with pseudo dns types |
|
4 |
+ |
|
5 |
+Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. |
|
6 |
+ |
|
7 |
+https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 |
|
8 |
+--- |
|
9 |
+ src/resolve/resolved-dns-packet.c | 6 +----- |
|
10 |
+ 1 file changed, 1 insertion(+), 5 deletions(-) |
|
11 |
+ |
|
12 |
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c |
|
13 |
+index e2f227bfc6..35f4d0689b 100644 |
|
14 |
+--- a/src/resolve/resolved-dns-packet.c |
|
15 |
+@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta |
|
16 |
+ |
|
17 |
+ found = true; |
|
18 |
+ |
|
19 |
+- while (bitmask) { |
|
20 |
++ for (; bitmask; bit++, bitmask >>= 1) |
|
21 |
+ if (bitmap[i] & bitmask) { |
|
22 |
+ uint16_t n; |
|
23 |
+ |
|
24 |
+@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta |
|
25 |
+ if (r < 0) |
|
26 |
+ return r; |
|
27 |
+ } |
|
28 |
+- |
|
29 |
+- bit++; |
|
30 |
+- bitmask >>= 1; |
|
31 |
+- } |
|
32 |
+ } |
|
33 |
+ |
|
34 |
+ if (!found) |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: Systemd-233 |
2 | 2 |
Name: systemd |
3 | 3 |
Version: 233 |
4 |
-Release: 10%{?dist} |
|
4 |
+Release: 11%{?dist} |
|
5 | 5 |
License: LGPLv2+ and GPLv2+ and MIT |
6 | 6 |
URL: http://www.freedesktop.org/wiki/Software/systemd/ |
7 | 7 |
Group: System Environment/Security |
... | ... |
@@ -27,6 +27,7 @@ Patch9: systemd-233-CVE-2017-1000082-1.patch |
27 | 27 |
Patch10: systemd-233-CVE-2017-1000082-2.patch |
28 | 28 |
Patch11: systemd-233-ra-improvements.patch |
29 | 29 |
Patch12: systemd-233-link-disabled-nullptr-fix.patch |
30 |
+Patch13: systemd-228-CVE-2017-15908-dns-pkt-loop-fix.patch |
|
30 | 31 |
|
31 | 32 |
Requires: Linux-PAM |
32 | 33 |
Requires: libcap |
... | ... |
@@ -93,6 +94,7 @@ sed -i "/xlocale.h/d" src/basic/parse-util.c |
93 | 93 |
%patch10 -p1 |
94 | 94 |
%patch11 -p1 |
95 | 95 |
%patch12 -p1 |
96 |
+%patch13 -p1 |
|
96 | 97 |
|
97 | 98 |
sed -i "s#\#DefaultTasksMax=512#DefaultTasksMax=infinity#g" src/core/system.conf |
98 | 99 |
|
... | ... |
@@ -241,6 +243,8 @@ rm -rf %{buildroot}/* |
241 | 241 |
%files lang -f %{name}.lang |
242 | 242 |
|
243 | 243 |
%changelog |
244 |
+* Thu Nov 09 2017 Vinay Kulkarni <kulkarniv@vmware.com> 233-11 |
|
245 |
+- Fix CVE-2017-15908 dns packet loop fix. |
|
244 | 246 |
* Tue Nov 07 2017 Vinay Kulkarni <kulkarniv@vmware.com> 233-10 |
245 | 247 |
- Fix nullptr access during link disable. |
246 | 248 |
* Mon Sep 18 2017 Anish Swaminathan <anishs@vmware.com> 233-9 |