summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/dhcp/dhcp
diff options
context:
space:
mode:
authorYue Tao <Yue.Tao@windriver.com>2018-04-11 08:21:18 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-04-13 16:58:07 +0100
commitf91523b22ffe3e8662d24fcdcd9fdde62b9485c4 (patch)
tree0219010fccbf14de4fcdfe308e630ec2831d55e2 /meta/recipes-connectivity/dhcp/dhcp
parent7ec063a3ad6d89d847a59a319ed222b4960bd0d5 (diff)
downloadpoky-f91523b22ffe3e8662d24fcdcd9fdde62b9485c4.tar.gz
dhcp: Security Advisory - CVE-2017-3144
Fix CVE-2017-3144 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144 https://kb.isc.org/article/AA-01541 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4 (From OE-Core rev: bcbe9025560dee658c0ead566384e1a8647cebf9) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/dhcp/dhcp')
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch74
1 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
new file mode 100644
index 0000000000..2b2688cb2f
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
@@ -0,0 +1,74 @@
1From 8cfdedee369c26d2869b6ec4a64460b5f5a30934 Mon Sep 17 00:00:00 2001
2From: Thomas Markwalder <tmark@isc.org>
3Date: Thu, 7 Dec 2017 11:39:30 -0500
4Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
5
6 Merges in rt46767.
7
8Upstream-Status: Backport
9[https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4]
10
11CVE: CVE-2017-3144
12
13Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
14Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
15---
16 RELNOTES | 7 +++++++
17 omapip/buffer.c | 9 +++++++++
18 omapip/message.c | 2 +-
19 3 files changed, 17 insertions(+), 1 deletion(-)
20
21diff --git a/RELNOTES b/RELNOTES
22index dd40aaf..3741b80 100644
23--- a/RELNOTES
24+++ b/RELNOTES
25@@ -66,6 +66,13 @@ We welcome comments from DHCP users, about this or anything else we do.
26 Email Vicky Risk, Product Manager at vicky@isc.org or discuss on
27 dhcp-users@lists.isc.org.
28
29+- Plugged a socket descriptor leak in OMAPI, that can occur when there is
30+ data pending to be written to an OMAPI connection, when the connection
31+ is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing
32+ this issue to our attention and whose patch helped guide us in the right
33+ direction.
34+ [ISc-Bugs #46767]
35+
36 Changes since 4.3.6b1
37
38 - None
39diff --git a/omapip/buffer.c b/omapip/buffer.c
40index f7fdc32..809034d 100644
41--- a/omapip/buffer.c
42+++ b/omapip/buffer.c
43@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
44 omapi_buffer_dereference (&buffer, MDL);
45 }
46 }
47+
48+ /* If we had data left to write when we're told to disconnect,
49+ * we need recall disconnect, now that we're done writing.
50+ * See rt46767. */
51+ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
52+ omapi_disconnect (h, 1);
53+ return ISC_R_SHUTTINGDOWN;
54+ }
55+
56 return ISC_R_SUCCESS;
57 }
58
59diff --git a/omapip/message.c b/omapip/message.c
60index 59ccdc2..21bcfc3 100644
61--- a/omapip/message.c
62+++ b/omapip/message.c
63@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
64 }
65
66 #ifdef DEBUG_PROTOCOL
67-static const char *omapi_message_op_name(int op) {
68+const char *omapi_message_op_name(int op) {
69 switch (op) {
70 case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN";
71 case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
72--
732.7.4
74