From d4c70c763965553597ecefb9b5c612bdc71903fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Thu, 28 Nov 2024 13:56:06 +0100 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 libndp revision 53b0446310035f18c7c19e468357df97 --- .gitattributes | 23 +++++++++++ libndp-1.8.tar.gz | 3 ++ libndp-CVE-2024-5564.patch | 47 +++++++++++++++++++++ libndp.changes | 76 ++++++++++++++++++++++++++++++++++ libndp.spec | 83 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 232 insertions(+) create mode 100644 .gitattributes create mode 100644 libndp-1.8.tar.gz create mode 100644 libndp-CVE-2024-5564.patch create mode 100644 libndp.changes create mode 100644 libndp.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/libndp-1.8.tar.gz b/libndp-1.8.tar.gz new file mode 100644 index 0000000..a9e24ac --- /dev/null +++ b/libndp-1.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:88ffb66ee2eb527f146f5c02f5ccbc38ba97d2b0d57eb46bfba488821ab0c02b +size 364669 diff --git a/libndp-CVE-2024-5564.patch b/libndp-CVE-2024-5564.patch new file mode 100644 index 0000000..0959554 --- /dev/null +++ b/libndp-CVE-2024-5564.patch @@ -0,0 +1,47 @@ +From 05e4ba7b0d126eea4c04387dcf40596059ee24af Mon Sep 17 00:00:00 2001 +From: Hangbin Liu +Date: Wed, 5 Jun 2024 11:57:43 +0800 +Subject: [PATCH] libndp: valid route information option length + +RFC 4191 specifies that the Route Information Option Length should be 1, 2, +or 3, depending on the Prefix Length. A malicious node could potentially +trigger a buffer overflow and crash the tool by sending an IPv6 router +advertisement message containing the "Route Information" option with a +"Length" field larger than 3. + +To address this, add a check on the length field. + +Fixes: 8296a5bf0755 ("add support for Route Information Option (rfc4191)") +Reported-by: Evgeny Vereshchagin +Suggested-by: Felix Maurer +Signed-off-by: Hangbin Liu +Signed-off-by: Jiri Pirko +--- + libndp/libndp.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/libndp/libndp.c b/libndp/libndp.c +index 6314717..72ec92e 100644 +--- a/libndp/libndp.c ++++ b/libndp/libndp.c +@@ -1231,6 +1231,17 @@ static bool ndp_msg_opt_route_check_valid(void *opt_data) + */ + if (((ri->nd_opt_ri_prf_reserved >> 3) & 3) == 2) + return false; ++ ++ /* The Length field is 1, 2, or 3 depending on the Prefix Length. ++ * If Prefix Length is greater than 64, then Length must be 3. ++ * If Prefix Length is greater than 0, then Length must be 2 or 3. ++ * If Prefix Length is zero, then Length must be 1, 2, or 3. ++ */ ++ if (ri->nd_opt_ri_len > 3 || ++ (ri->nd_opt_ri_prefix_len > 64 && ri->nd_opt_ri_len != 3) || ++ (ri->nd_opt_ri_prefix_len > 0 && ri->nd_opt_ri_len == 1)) ++ return false; ++ + return true; + } + +-- +2.45.0 + diff --git a/libndp.changes b/libndp.changes new file mode 100644 index 0000000..507bd4d --- /dev/null +++ b/libndp.changes @@ -0,0 +1,76 @@ +------------------------------------------------------------------- +Thu Jun 27 20:52:57 UTC 2024 - Michael Gorse + +- Add libndp-CVE-2024-5564.patch: add a check on the route + information option length field (bsc#1225771 CVE-2024-5564). + +------------------------------------------------------------------- +Tue Jan 4 22:49:20 UTC 2022 - Dirk Müller + +- update to 1.8: + * libndp,ndptool: use poll() instead of select() + * ndptool: avoid static buffer for string in ndptool + * libndp: avoid static buffer for debug string in ndp_sock_recv() + * libndp: use thread local variables for static return arguments + * ndptool: fix printing dnssl lifetime in ndptool + * ndptool: fix potential memory leak caused by strdup + * libndp: close sockfd after using to avoid handle leak + +------------------------------------------------------------------- +Wed Oct 24 14:05:56 UTC 2018 - sean@suspend.net + +- Update to version 1.7 + * fix socket fd missing for O_CLOEXEC + * Fix issue where not sending all IPs to an interface + * typo in ndptool.c fixed + +------------------------------------------------------------------- +Wed Feb 28 16:35:41 UTC 2018 - dimstar@opensuse.org + +- Modernize spec-file by calling spec-cleaner + +------------------------------------------------------------------- +Sun May 22 12:31:47 UTC 2016 - mpluskal@suse.com + +- Update to version 1.6 (bsc#979645 CVE-2016-3698): + * libndp: reject redirect and router advertisements from + non-link-local + * libndp: validate the IPv6 hop limit +- Changes for version 1.5: + * ndptool: validate the IPv6 hop limit +- Small spec file adjustement: + * Used spec-cleaner + * Make building more verbose + * Update describtion of subpackages + * Use correct cathegory for subpackage + +------------------------------------------------------------------- +Mon Jan 5 14:35:54 UTC 2015 - dimstar@opensuse.org + +- Update to version 1.4: + + libndp: fix buffer overflow in ndp_msg_opt_dnssl_domain(). + +------------------------------------------------------------------- +Wed Jul 9 22:24:37 UTC 2014 - dimstar@opensuse.org + +- Update to version 1.3: + + libndp: fix [cppcheck] Undefined behavior: Variable 'buf' is + used as parameter and destination in s[n]printf(). +- No longer bootstrap: the tarball is complete. +- Remove libtool, automake and autoconf BuildRequires: no longer + needed. + +------------------------------------------------------------------- +Wed Jul 9 14:47:29 UTC 2014 - dimstar@opensuse.org + +- Minor cleanups for inclusion into Factory: + + Shared Library packages must only contain libraries (move + binary file and man page to main package). + + Adjust RPM Groups: Productivity/Networking/Other for the main + package and System/Libraries for the shared library package. + +------------------------------------------------------------------- +Sat Feb 8 10:51:36 UTC 2014 - meissner@suse.com + +- library for neighbour discovery, for later use by NetworkManager + diff --git a/libndp.spec b/libndp.spec new file mode 100644 index 0000000..78c1a19 --- /dev/null +++ b/libndp.spec @@ -0,0 +1,83 @@ +# +# spec file for package libndp +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: libndp +Version: 1.8 +Release: 0 +Summary: Library for Neighbor Discovery Protocol +License: LGPL-2.1-or-later +Group: Productivity/Networking/Other +URL: http://libndp.org/ +Source: http://libndp.org/files/libndp-%{version}.tar.gz +# PATCH-FIX-UPSTREAM libndp-CVE-2024-5564.patch bsc#1225771 mgorse@suse.com -- add a check on the route information option length field. +Patch0: libndp-CVE-2024-5564.patch +BuildRequires: pkgconfig + +%description +This package contains a library which provides a wrapper for IPv6 Neighbor +Discovery Protocol. It also provides a tool named ndptool for sending and +receiving NDP messages. + +%package -n libndp0 +Summary: Libraries and header files for libndp development +Group: System/Libraries + +%description -n libndp0 +This package contains a library which provides a wrapper for IPv6 Neighbor +Discovery Protocol. + +%package devel +Summary: Libraries and header files for libndp development +Group: Development/Libraries/C and C++ +Requires: libndp0 = %{version} + +%description devel +The libndp-devel package contains the header files necessary for developing +programs using libndp. + +%prep +%autosetup -p1 + +%build +%configure \ + --disable-static +%make_build + +%install +make install DESTDIR=%{buildroot} INSTALL="install -p" +find %{buildroot} -type f -name "*.la" -delete -print + +%post -n libndp0 -p /sbin/ldconfig +%postun -n libndp0 -p /sbin/ldconfig + +%files +%license COPYING +%{_bindir}/ndptool +%{_mandir}/man8/ndptool.8%{?ext_man} + +%files -n libndp0 +%license COPYING +%{_libdir}/libndp.so.* + +%files devel +%license COPYING +%{_includedir}/ndp.h +%{_libdir}/libndp.so +%{_libdir}/pkgconfig/libndp.pc + +%changelog