- bnc#927841, CVE-2015-3310: Fix buffer overflow in radius

plug-in's rc_mksid(). OBS-URL: https://build.opensuse.org/package/show/network/ppp?expand=0&rev=32
2015-11-13 15:39:47 +00:00 · 2015-11-13 15:39:47 +00:00 · ae7ba71314
commit ae7ba71314
parent eec413c3c3
3 changed files with 21 additions and 0 deletions
--- a/ppp-CVE-2015-3310.patch
+++ b/ppp-CVE-2015-3310.patch
@ -0,0 +1,13 @@
+--- pppd/plugins/radius/util.c
+++ pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+   static unsigned short int cnt = 0;
+   sprintf (buf, "%08lX%04X%02hX",
+ 	   (unsigned long int) time (NULL),
+-	   (unsigned int) getpid (),
+	   (unsigned int) getpid () % 65535,
+ 	   cnt & 0xFF);
+   cnt++;
+   return buf;
+
+
--- a/ppp.changes
+++ b/ppp.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Nov 13 15:26:03 UTC 2015 - max@suse.com
+
+- bnc#927841, CVE-2015-3310: Fix buffer overflow in radius
+  plug-in's rc_mksid().
+
 -------------------------------------------------------------------
 Wed Nov 19 03:11:00 UTC 2014 - Led <ledest@gmail.com>

--- a/ppp.spec
+++ b/ppp.spec
@ -69,6 +69,7 @@ Patch19:        ppp-2.4.4-strncatfix.patch
 Patch21:        ppp-2.4.6-lib64.patch
 Patch22:        ppp-2.4.4-var_run_resolv_conf.patch
 Patch23:        ppp-send-padt.patch
+Patch24:        ppp-CVE-2015-3310.patch

 %description
 The ppp package contains the PPP (Point-to-Point Protocol) daemon,
@ -109,6 +110,7 @@ plugins for the pppd.
 %endif
 %patch22
 %patch23 -p1
+%patch24
 sed -i -e '1s/local\///' scripts/secure-card
 find scripts -type f | xargs chmod a-x
 find -type f -name '*.orig' | xargs rm -f