forked from pool/freeradius-server
Accepting request 224384 from network
- fix for CVE-2014-2015 (bnc#864576) * denial of service in rlm_pap hash processing * added freeradius-server-CVE-2014-2015.patch - remove the old 3.0.0 sources (forwarded request 224192 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/224384 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=50
This commit is contained in:
commit
23476d93fd
49
freeradius-server-CVE-2014-2015.patch
Normal file
49
freeradius-server-CVE-2014-2015.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001
|
||||
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
|
||||
Date: Thu, 13 Feb 2014 13:49:54 +0000
|
||||
Subject: [PATCH] Fix potential crash with SSHA and salts > 44bytes
|
||||
|
||||
---
|
||||
src/modules/rlm_pap/rlm_pap.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
|
||||
index 689acf0..1bf6d4e 100644
|
||||
--- a/src/modules/rlm_pap/rlm_pap.c
|
||||
+++ b/src/modules/rlm_pap/rlm_pap.c
|
||||
@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
|
||||
static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
|
||||
{
|
||||
|
||||
- uint8_t buffer[64];
|
||||
+ uint8_t buffer[256];
|
||||
|
||||
if (min_length >= sizeof(buffer)) return; /* paranoia */
|
||||
|
||||
@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
|
||||
*/
|
||||
if (vp->length >= (2 * min_length)) {
|
||||
size_t decoded;
|
||||
- decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1);
|
||||
+ decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer));
|
||||
if (decoded == (vp->length >> 1)) {
|
||||
- RDEBUG2("Normalizing %s from hex encoding", vp->da->name);
|
||||
+ RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes",
|
||||
+ vp->da->name, vp->length, decoded);
|
||||
pairmemcpy(vp, buffer, decoded);
|
||||
return;
|
||||
}
|
||||
@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
|
||||
sizeof(buffer));
|
||||
if (decoded < 0) return;
|
||||
if (decoded >= (ssize_t) min_length) {
|
||||
- RDEBUG2("Normalizing %s from base64 encoding", vp->da->name);
|
||||
+ RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes",
|
||||
+ vp->da->name, vp->length, decoded);
|
||||
pairmemcpy(vp, buffer, decoded);
|
||||
return;
|
||||
}
|
||||
--
|
||||
1.8.5.5
|
||||
|
||||
|
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 28 09:04:08 UTC 2014 - vcizek@suse.com
|
||||
|
||||
- fix for CVE-2014-2015 (bnc#864576)
|
||||
* denial of service in rlm_pap hash processing
|
||||
* added freeradius-server-CVE-2014-2015.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 29 13:53:30 UTC 2014 - vcizek@suse.com
|
||||
|
||||
- remove the old 3.0.0 sources
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jan 25 14:44:31 UTC 2014 - mardnh@gmx.de
|
||||
|
||||
|
@ -40,6 +40,7 @@ Patch8: freeradius-server-initscript-pidfile.patch
|
||||
Patch9: freeradius-server-radius-reload-logrotate.patch
|
||||
# PATCH-FIX-SUSE use 'su' logrotate option (bnc#677335)
|
||||
Patch12: freeradius-server-2.1.1-logrotate_su.patch
|
||||
Patch13: freeradius-server-CVE-2014-2015.patch
|
||||
BuildRequires: apache2-devel
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: db-devel
|
||||
@ -224,6 +225,7 @@ This plugin provides the SQLite support for the FreeRADIUS server project.
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
|
||||
%build
|
||||
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")"
|
||||
|
Loading…
Reference in New Issue
Block a user