pool/hyper-v
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Netlink source address validation allows DoS

Browse Source 
bugfix for recvfrom check from bnc#761200

OBS-URL: https://build.opensuse.org/package/show/Virtualization/hyper-v?expand=0&rev=37
This commit is contained in:
Olaf Hering 2012-11-08 13:34:35 +00:00 committed by Git OBS Bridge
parent c88432d5de
commit 2c3d70cfcb
3 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hyper-v.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Nov 8 14:30:05 CET 2012 - ohering@suse.de
- Netlink source address validation allows DoS
bugfix for recvfrom check from bnc#761200
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Oct 26 17:13:40 CEST 2012 - ohering@suse.de Fri Oct 26 17:13:40 CEST 2012 - ohering@suse.de

2
hyper-v.spec
View File

@ -55,6 +55,7 @@ Source21: hyper-v.tools.hv.hv_get_dns_info.sh
Source22: hyper-v.tools.hv.hv_set_ifconfig.sh Source22: hyper-v.tools.hv.hv_set_ifconfig.sh
Patch0: full-kernel-version.patch Patch0: full-kernel-version.patch
Patch1: no-loopback.patch Patch1: no-loopback.patch
Patch2: hyper-v.tools.hv.hv_kvp_daemon.netlink-spoof-DoS.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with_kmp} %if %{with_kmp}
@ -91,6 +92,7 @@ cp -vL %{S:9} %{hv_kvp_daemon}.h
cp -vL %{S:10} %{hv_kvp_daemon}.c cp -vL %{S:10} %{hv_kvp_daemon}.c
%patch0 -p3 %patch0 -p3
%patch1 -p3 %patch1 -p3
%patch2 -p3
%build %build
sed -i~ '/#include <linux.hyperv.h>/d' %{hv_kvp_daemon}.c sed -i~ '/#include <linux.hyperv.h>/d' %{hv_kvp_daemon}.c

43
hyper-v.tools.hv.hv_kvp_daemon.netlink-spoof-DoS.patch Normal file
View File

@ -0,0 +1,43 @@
From: Tomas Hozza <thozza@redhat.com>
Subject: [PATCH] tools: hv: Netlink source address validation allows DoS
Date: Thu, 8 Nov 2012 10:53:29 +0100
Message-Id: <1352368409-18809-1-git-send-email-thozza@redhat.com>
The source code without this patch caused hypervkvpd to exit when it processed
a spoofed Netlink packet which has been sent from an untrusted local user.
Now Netlink messages with a non-zero nl_pid source address are ignored
and a warning is printed into the syslog.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
tools/hv/hv_kvp_daemon.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 13c2a14..c1d9102 100755
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -1486,13 +1486,19 @@ int main(void)
len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
addr_p, &addr_l);
- if (len < 0 || addr.nl_pid) {
+ if (len < 0) {
syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
addr.nl_pid, errno, strerror(errno));
close(fd);
return -1;
}
+ if (addr.nl_pid) {
+ syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
+ addr.nl_pid);
+ continue;
+ }
+
incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg);
hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;
--
1.7.11.7