- Applied security fix for unexpected abort caused by a DHCPv6
decline message (CVE-2011-0413, VU#686084, bnc#667655). - Fixed dhclient.conf to request the domain-search option. OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=53
This commit is contained in:
Git OBS Bridge
parent
3937129549
commit
3e8864fa10
@ -35,7 +35,7 @@ option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
|
||||
# Request several well known/usefull dhcp options.
|
||||
request subnet-mask, broadcast-address, routers,
|
||||
rfc3442-classless-static-routes,
|
||||
interface-mtu, host-name, domain-name,
|
||||
interface-mtu, host-name, domain-name, domain-search,
|
||||
domain-name-servers, nis-domain, nis-servers,
|
||||
nds-context, nds-servers, nds-tree-name,
|
||||
netbios-name-servers, netbios-dd-server,
|
||||
|
||||
76
dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff
Normal file
76
dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff
Normal file
@ -0,0 +1,76 @@
|
||||
From d995f772e6b957c7569a640d024daa3e58c08f56 Mon Sep 17 00:00:00 2001
|
||||
From: Marius Tomaschewski <mt@suse.de>
|
||||
Date: Wed, 2 Feb 2011 09:18:39 +0100
|
||||
Subject: [PATCH] Unexpected abort caused by a DHCPv6 decline
|
||||
|
||||
! When processing a request in the DHCPv6 server code that specifies
|
||||
an address that is tagged as abandoned (meaning we received a
|
||||
decline request for it previously) don't attempt to move it from
|
||||
the inactive to active pool as doing so can result in the server
|
||||
crshing on an assert failure. Also retag the lease as active
|
||||
and reset it's timeout value.
|
||||
[ISC-Bugs #21921] (CVE-2011-0413, VU#686084)
|
||||
|
||||
Signed-off-by: Marius Tomaschewski <mt@suse.de>
|
||||
---
|
||||
server/mdb6.c | 19 ++++++++++++++++---
|
||||
1 files changed, 16 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/server/mdb6.c b/server/mdb6.c
|
||||
index 87bd152..9d410f5 100644
|
||||
--- a/server/mdb6.c
|
||||
+++ b/server/mdb6.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (C) 2007-2010 by Internet Systems Consortium, Inc. ("ISC")
|
||||
+ * Copyright (C) 2007-2011 by Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@@ -1010,7 +1010,7 @@ move_lease_to_active(struct ipv6_pool *pool, struct iasubopt *lease) {
|
||||
* Renew an lease in the pool.
|
||||
*
|
||||
* To do this, first set the new hard_lifetime_end_time for the resource,
|
||||
- * and then invoke renew_lease() on it.
|
||||
+ * and then invoke renew_lease6() on it.
|
||||
*
|
||||
* WARNING: lease times must only be extended, never reduced!!!
|
||||
*/
|
||||
@@ -1020,12 +1020,24 @@ renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
|
||||
* If we're already active, then we can just move our expiration
|
||||
* time down the heap.
|
||||
*
|
||||
+ * If we're abandoned then we are already on the active list
|
||||
+ * but we need to retag the lease and move our expiration
|
||||
+ * from infinite to the current value
|
||||
+ *
|
||||
* Otherwise, we have to move from the inactive heap to the
|
||||
* active heap.
|
||||
*/
|
||||
if (lease->state == FTS_ACTIVE) {
|
||||
isc_heap_decreased(pool->active_timeouts, lease->heap_index);
|
||||
return ISC_R_SUCCESS;
|
||||
+ } else if (lease->state == FTS_ABANDONED) {
|
||||
+ char tmp_addr[INET6_ADDRSTRLEN];
|
||||
+ lease->state = FTS_ACTIVE;
|
||||
+ isc_heap_increased(pool->active_timeouts, lease->heap_index);
|
||||
+ log_info("Reclaiming previously abandoned address %s",
|
||||
+ inet_ntop(AF_INET6, &(lease->addr), tmp_addr,
|
||||
+ sizeof(tmp_addr)));
|
||||
+ return ISC_R_SUCCESS;
|
||||
} else {
|
||||
return move_lease_to_active(pool, lease);
|
||||
}
|
||||
@@ -1115,7 +1127,8 @@ isc_result_t
|
||||
decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
|
||||
isc_result_t result;
|
||||
|
||||
- if (lease->state != FTS_ACTIVE) {
|
||||
+ if ((lease->state != FTS_ACTIVE) &&
|
||||
+ (lease->state != FTS_ABANDONED)) {
|
||||
result = move_lease_to_active(pool, lease);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
return result;
|
||||
--
|
||||
1.7.1
|
||||
|
||||
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 2 09:02:18 UTC 2011 - mt@suse.de
|
||||
|
||||
- Applied security fix for unexpected abort caused by a DHCPv6
|
||||
decline message (CVE-2011-0413, VU#686084, bnc#667655).
|
||||
- Fixed dhclient.conf to request the domain-search option.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 13 08:51:59 UTC 2010 - mt@suse.de
|
||||
|
||||
|
||||
@ -83,6 +83,7 @@ Patch39: dhcp-4.2.0-P1-no-libcrypto.diff
|
||||
Patch40: dhcp-4.1.1-P1-lpf-bind-msg-fix.diff
|
||||
Patch41: dhcp-4.1.1-P1-relay-no-ip-on-interface.diff
|
||||
Patch42: dhcp-4.1.1-P1-optional-value-infinite-loop.diff
|
||||
Patch43: dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff
|
||||
##
|
||||
PreReq: /bin/touch /sbin/chkconfig sysconfig
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
@ -208,6 +209,7 @@ Authors:
|
||||
%patch40 -p1
|
||||
%patch41 -p1
|
||||
%patch42 -p1
|
||||
%patch43 -p1
|
||||
##
|
||||
find . -type f -name \*.cat\* -exec rm -f {} \;
|
||||
dos2unix contrib/ms2isc/*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user