1 files changed, 56 insertions, 0 deletions
diff --git a/recipes-core/systemd/systemd/CVE-2017-9445.patch b/recipes-core/systemd/systemd/CVE-2017-9445.patch
new file mode 100644
index 0000000..031901d
--- /dev/null
+++ b/recipes-core/systemd/systemd/CVE-2017-9445.patch
@@ -0,0 +1,56 @@
+From db848813bae4d28c524b3b6a7dad135e426659ce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 18 Jun 2017 16:07:57 -0400
+Subject: [PATCH] resolved: simplify alloc size calculation
+The allocation size was calculated in a complicated way, and for values
+close to the page size we would actually allocate less than requested.
+Reported by Chris Coulson <chris.coulson@canonical.com>.
+CVE-2017-9445
+CVE: CVE-2017-8872
+Upstream-Status: Backport
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ src/resolve/resolved-dns-packet.c | 8 +-------
+ src/resolve/resolved-dns-packet.h | 2 --
+ 2 files changed, 1 insertion(+), 9 deletions(-)
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index 240ee44..821b66e 100644
+--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
+@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+ 
+         assert(ret);
+ 
+-        if (mtu <= UDP_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_SIZE_START;
+-        else
+-                a = mtu - UDP_PACKET_HEADER_SIZE;
+-
+-        if (a < DNS_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_HEADER_SIZE;
+        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ 
+         /* round up to next page size */
+         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
+diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
+index 2c92392..3abcaf8 100644
+--- a/src/resolve/resolved-dns-packet.h
+++ b/src/resolve/resolved-dns-packet.h
+@@ -66,8 +66,6 @@ struct DnsPacketHeader {
+ /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
+ #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
+ 
+-#define DNS_PACKET_SIZE_START 512
+-
+ struct DnsPacket {
+         int n_ref;
+         DnsProtocol protocol;
+-- 
+1.9.1

diff --git a/recipes-core/systemd/systemd/CVE-2017-9445.patch b/recipes-core/systemd/systemd/CVE-2017-9445.patch new file mode 100644 index 0000000..031901d --- /dev/null +++ b/recipes-core/systemd/systemd/CVE-2017-9445.patch
@@ -0,0 +1,56 @@
	1	From db848813bae4d28c524b3b6a7dad135e426659ce Mon Sep 17 00:00:00 2001
	2	From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
	3	Date: Sun, 18 Jun 2017 16:07:57 -0400
	4	Subject: [PATCH] resolved: simplify alloc size calculation
	5
	6	The allocation size was calculated in a complicated way, and for values
	7	close to the page size we would actually allocate less than requested.
	8
	9	Reported by Chris Coulson <chris.coulson@canonical.com>.
	10
	11	CVE-2017-9445
	12
	13	CVE: CVE-2017-8872
	14	Upstream-Status: Backport
	15
	16	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	17	---
	18	src/resolve/resolved-dns-packet.c \| 8 +-------
	19	src/resolve/resolved-dns-packet.h \| 2 --
	20	2 files changed, 1 insertion(+), 9 deletions(-)
	21
	22	diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
	23	index 240ee44..821b66e 100644
	24	--- a/src/resolve/resolved-dns-packet.c
	25	+++ b/src/resolve/resolved-dns-packet.c
	26	@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
	27
	28	assert(ret);
	29
	30	- if (mtu <= UDP_PACKET_HEADER_SIZE)
	31	- a = DNS_PACKET_SIZE_START;
	32	- else
	33	- a = mtu - UDP_PACKET_HEADER_SIZE;
	34	-
	35	- if (a < DNS_PACKET_HEADER_SIZE)
	36	- a = DNS_PACKET_HEADER_SIZE;
	37	+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
	38
	39	/* round up to next page size */
	40	a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
	41	diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
	42	index 2c92392..3abcaf8 100644
	43	--- a/src/resolve/resolved-dns-packet.h
	44	+++ b/src/resolve/resolved-dns-packet.h
	45	@@ -66,8 +66,6 @@ struct DnsPacketHeader {
	46	/* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
	47	#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
	48
	49	-#define DNS_PACKET_SIZE_START 512
	50	-
	51	struct DnsPacket {
	52	int n_ref;
	53	DnsProtocol protocol;
	54	--
	55	1.9.1
	56