1. photon
  2. Commit af1791bb4364c5e7ac5a7a66441b8b55fc012eaf
Browse code

Fix CVE-2017-15908 dns packet loop fix

Change-Id: Iaeb03cb475c372a026f6ccf7c5347c46ddc3b2ce
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4258
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Dheeraj S Shetty <dheerajs@vmware.com>

Vinay Kulkarni authored on 2017/11/10 09:03:38
Showing 2 changed files
SPECS/systemd/systemd-228-CVE-2017-15908-dns-pkt-loop-fix.patch
History View file @ af1791b
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,36 @@
0 
+From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
1 
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
2 
+Date: Wed, 25 Oct 2017 11:19:19 +0200
3 
+Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
4 
+
5 
+Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
6 
+
7 
+https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
8 
+---
9 
+ src/resolve/resolved-dns-packet.c | 6 +-----
10 
+ 1 file changed, 1 insertion(+), 5 deletions(-)
11 
+
12 
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
13 
+index e2f227bfc6..35f4d0689b 100644
14 
+--- a/src/resolve/resolved-dns-packet.c
15 
+@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
16 
+
17 
+                 found = true;
18 
+
19 
+-                while (bitmask) {
20 
++                for (; bitmask; bit++, bitmask >>= 1)
21 
+                         if (bitmap[i] & bitmask) {
22 
+                                 uint16_t n;
23 
+
24 
+@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
25 
+                                 if (r < 0)
26 
+                                         return r;
27 
+                         }
28 
+-
29 
+-                        bit++;
30 
+-                        bitmask >>= 1;
31 
+-                }
32 
+         }
33 
+
34 
+         if (!found)
SPECS/systemd/systemd.spec
History View file @ af1791b
... ... 
@@ -1,7 +1,7 @@
1 1 
 Summary:          Systemd-233
2 2 
 Name:             systemd
3 3 
 Version:          233
4 
-Release:          10%{?dist}
4 
+Release:          11%{?dist}
5 5 
 License:          LGPLv2+ and GPLv2+ and MIT
6 6 
 URL:              http://www.freedesktop.org/wiki/Software/systemd/
7 7 
 Group:            System Environment/Security
... ... 
@@ -27,6 +27,7 @@ Patch9:           systemd-233-CVE-2017-1000082-1.patch
27 27 
 Patch10:          systemd-233-CVE-2017-1000082-2.patch
28 28 
 Patch11:          systemd-233-ra-improvements.patch
29 29 
 Patch12:          systemd-233-link-disabled-nullptr-fix.patch
30 
+Patch13:          systemd-228-CVE-2017-15908-dns-pkt-loop-fix.patch
30 31
31 32 
 Requires:         Linux-PAM
32 33 
 Requires:         libcap
... ... 
@@ -93,6 +94,7 @@ sed -i "/xlocale.h/d" src/basic/parse-util.c
93 93 
 %patch10 -p1
94 94 
 %patch11 -p1
95 95 
 %patch12 -p1
96 
+%patch13 -p1
96 97
97 98 
 sed -i "s#\#DefaultTasksMax=512#DefaultTasksMax=infinity#g" src/core/system.conf
98 99
... ... 
@@ -241,6 +243,8 @@ rm -rf %{buildroot}/*
241 241 
 %files lang -f %{name}.lang
242 242
243 243 
 %changelog
244 
+*    Thu Nov 09 2017 Vinay Kulkarni <kulkarniv@vmware.com>  233-11
245 
+-    Fix CVE-2017-15908 dns packet loop fix.
244 246 
 *    Tue Nov 07 2017 Vinay Kulkarni <kulkarniv@vmware.com>  233-10
245 247 
 -    Fix nullptr access during link disable.
246 248 
 *    Mon Sep 18 2017 Anish Swaminathan <anishs@vmware.com>  233-9