1. photon
  2. Commit f094fbb0ed89963d0be359e4f329bb3f3010517a
Browse code

Fix CVE-2017-15908 DNS packet processing loop fix

Change-Id: I5e50b17cbe9658a9d2b1a29a2f20045b45c0318a
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4259
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Dheeraj S Shetty <dheerajs@vmware.com>

Vinay Kulkarni authored on 2017/11/10 09:06:14
Showing 2 changed files
SPECS/systemd/systemd-228-CVE-2017-15908-dns-pkt-loop-fix.patch
History View file @ f094fbb
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,22 @@
0 
+diff -uNr systemd-228/src/resolve/resolved-dns-packet.c systemd-228-fix/src/resolve/resolved-dns-packet.c
1 
+--- systemd-228/src/resolve/resolved-dns-packet.c	2017-11-09 23:34:27.498138291 +0000
2 
+@@ -1207,7 +1207,7 @@
3 
+
4 
+                 found = true;
5 
+
6 
+-                while (bitmask) {
7 
++                for (; bitmask; bit++, bitmask >>= 1) {
8 
+                         if (bitmap[i] & bitmask) {
9 
+                                 uint16_t n;
10 
+
11 
+@@ -1221,9 +1221,6 @@
12 
+                                 if (r < 0)
13 
+                                         goto fail;
14 
+                         }
15 
+-
16 
+-                        bit ++;
17 
+-                        bitmask >>= 1;
18 
+                 }
19 
+         }
20 
+
SPECS/systemd/systemd.spec
History View file @ f094fbb
... ... 
@@ -1,7 +1,7 @@
1 1 
 Summary:          Systemd-228
2 2 
 Name:             systemd
3 3 
 Version:          228
4 
-Release:          42%{?dist}
4 
+Release:          43%{?dist}
5 5 
 License:          LGPLv2+ and GPLv2+ and MIT
6 6 
 URL:              http://www.freedesktop.org/wiki/Software/systemd/
7 7 
 Group:            System Environment/Security
... ... 
@@ -42,6 +42,7 @@ Patch25:          systemd-228-logind-disconnect.patch
42 42 
 Patch26:          systemd-228-CVE-2015-7510-long-machinename.patch
43 43 
 Patch27:          systemd-228-resolved-null-deferencing-fix.patch
44 44 
 Patch28:          systemd-228-link-disabled-nullptr-fix.patch
45 
+Patch29:          systemd-228-CVE-2017-15908-dns-pkt-loop-fix.patch
45 46 
 Requires:         Linux-PAM
46 47 
 Requires:         libcap
47 48 
 Requires:         xz
... ... 
@@ -104,6 +105,7 @@ sed -i "s:blkid/::" $(grep -rl "blkid/blkid.h")
104 104 
 %patch26 -p1
105 105 
 %patch27 -p1
106 106 
 %patch28 -p1
107 
+%patch29 -p1
107 108 
 sed -i "s#\#DefaultTasksMax=512#DefaultTasksMax=infinity#g" src/core/system.conf
108 109
109 110 
 %build
... ... 
@@ -243,11 +245,13 @@ rm -rf %{buildroot}/*
243 243
244 244
245 245 
 %changelog
246 
+*    Thu Nov 09 2017 Vinay Kulkarni <kulkarniv@vmware.com>  228-43
247 
+-    Fix CVE-2017-15908 dns packet loop fix.
246 248 
 *    Tue Nov 07 2017 Vinay Kulkarni <kulkarniv@vmware.com>  228-42
247 249 
 -    Fix nullptr access during link disable.
248 
-*    Thu Nov 03 2017 Anish Swaminathan <anishs@vmware.com> 228-41
250 
+*    Fri Nov 03 2017 Anish Swaminathan <anishs@vmware.com> 228-41
249 251 
 -    Fix null pointer dereferencing in resolved - CVE-2017-9217
250 
-*    Thu Nov 03 2017 Vinay Kulkarni <kulkarniv@vmware.com>  228-40
252 
+*    Fri Nov 03 2017 Vinay Kulkarni <kulkarniv@vmware.com>  228-40
251 253 
 -    Fix CVE-2015-7510.
252 254 
 *    Thu Oct 19 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 228-39
253 255 
 -    add filesystem.conf in tmpfiles.d