summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrej Valek <andrej.valek@siemens.com>2017-04-06 09:07:37 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-05-18 13:07:33 +0100
commit094b64ea8b68c640590242a0fb062e587485a0b6 (patch)
tree3a4329a5c73fe61df8f7cffb6a95912b0a9be605
parent254336d09ba20d9139bbd0ef5720b43ac52fa671 (diff)
downloadpoky-094b64ea8b68c640590242a0fb062e587485a0b6.tar.gz
busybox: Security fix CVE-2016-6301
ntpd: NTP server denial of service flaw CVE: CVE-2016-6301 (From OE-Core rev: dafbf8a9e9ed068ecbf22cc816f9a6a3a2da7aa9) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 301dc9df16cce1f4649f90af47159bc21be0de59) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2016-6301.patch37
-rw-r--r--meta/recipes-core/busybox/busybox_1.24.1.bb1
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
new file mode 100644
index 0000000000..851bc20f79
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
@@ -0,0 +1,37 @@
1busybox1.24.1: Fix CVE-2016-6301
2
3[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710
4
5ntpd: NTP server denial of service flaw
6
7The busybox NTP implementation doesn't check the NTP mode of packets
8received on the server port and responds to any packet with the right
9size. This includes responses from another NTP server. An attacker can
10send a packet with a spoofed source address in order to create an
11infinite loop of responses between two busybox NTP servers. Adding
12more packets to the loop increases the traffic between the servers
13until one of them has a fully loaded CPU and/or network.
14
15Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71]
16CVE: CVE-2016-6301
17Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
18Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
19
20diff --git a/networking/ntpd.c b/networking/ntpd.c
21index 9732c9b..0f6a55f 100644
22--- a/networking/ntpd.c
23+++ b/networking/ntpd.c
24@@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /*int fd*/)
25 goto bail;
26 }
27
28+ /* Respond only to client and symmetric active packets */
29+ if ((msg.m_status & MODE_MASK) != MODE_CLIENT
30+ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
31+ ) {
32+ goto bail;
33+ }
34+
35 query_status = msg.m_status;
36 query_xmttime = msg.m_xmttime;
37
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb
index f6c759584f..cb4568854c 100644
--- a/meta/recipes-core/busybox/busybox_1.24.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.24.1.bb
@@ -47,6 +47,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
47 file://CVE-2016-2148.patch \ 47 file://CVE-2016-2148.patch \
48 file://CVE-2016-2147.patch \ 48 file://CVE-2016-2147.patch \
49 file://CVE-2016-2147_2.patch \ 49 file://CVE-2016-2147_2.patch \
50 file://CVE-2016-6301.patch \
50 file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \ 51 file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \
51 file://makefile-fix-backport.patch \ 52 file://makefile-fix-backport.patch \
52 file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \ 53 file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \