summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
authorCatalin Enache <catalin.enache@windriver.com>2016-04-18 15:52:16 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-04-18 16:28:22 +0100
commit4946ecfb42d71c35c1421061479731a4ea88f762 (patch)
tree5c3c1d546213d47381ad37240b2cdbb8fa5c11ef /meta/recipes-connectivity
parentc219c6d5826b6f1002f5486eceeb1cc8990d7c28 (diff)
downloadpoky-4946ecfb42d71c35c1421061479731a4ea88f762.tar.gz
dhcp: CVE-2016-2774
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2774 (From OE-Core rev: 2fc84114c6323bf1e3d3598af52dd1523168c9fc) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch65
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb1
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
new file mode 100644
index 0000000000..4836dbc2ac
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
@@ -0,0 +1,65 @@
1From b9f56d578ebfd649b5d829960540859ac6ca931c Mon Sep 17 00:00:00 2001
2From: Catalin Enache <catalin.enache@windriver.com>
3Date: Tue, 12 Apr 2016 18:23:31 +0300
4Subject: [PATCH] Add patch to limit the value of an fd we accept for a
5 connection.
6
7By limiting the highest value we accept for an fd we limit the number
8of connections.
9
10Upstream-Status: Backport
11CVE: CVE-2016-2774
12
13Author: Shawn Routhier <sar@isc.org>
14Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
15---
16 includes/site.h | 6 ++++++
17 omapip/listener.c | 9 +++++++--
18 3 files changed, 18 insertions(+), 2 deletions(-)
19
20diff --git a/includes/site.h b/includes/site.h
21index 9c33de3..df020c8 100644
22--- a/includes/site.h
23+++ b/includes/site.h
24@@ -290,6 +290,12 @@
25 this option will be removed at some time. */
26 /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */
27
28+/* Limit the value of a file descriptor the serve will use
29+ when accepting a connecting request. This can be used to
30+ limit the number of TCP connections that the server will
31+ allow at one time. A value of 0 means there is no limit.*/
32+#define MAX_FD_VALUE 200
33+
34 /* Include definitions for various options. In general these
35 should be left as is, but if you have already defined one
36 of these and prefer your definition you can comment the
37diff --git a/omapip/listener.c b/omapip/listener.c
38index 8bdcdbd..61473cf 100644
39--- a/omapip/listener.c
40+++ b/omapip/listener.c
41@@ -3,7 +3,7 @@
42 Subroutines that support the generic listener object. */
43
44 /*
45- * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
46+ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
47 * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
48 * Copyright (c) 1999-2003 by Internet Software Consortium
49 *
50@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h)
51 return ISC_R_NORESOURCES;
52 return ISC_R_UNEXPECTED;
53 }
54-
55+
56+ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
57+ close(socket);
58+ return (ISC_R_NORESOURCES);
59+ }
60+
61 #if defined (TRACING)
62 /* If we're recording a trace, remember the connection. */
63 if (trace_record ()) {
64--
652.7.4
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
index 970617ff92..4e8cd272b8 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
8 file://replace-ifconfig-route.patch \ 8 file://replace-ifconfig-route.patch \
9 file://CVE-2015-8605.patch \ 9 file://CVE-2015-8605.patch \
10 file://0001-site.h-enable-gentle-shutdown.patch \ 10 file://0001-site.h-enable-gentle-shutdown.patch \
11 file://CVE-2016-2774.patch \
11 " 12 "
12 13
13SRC_URI[md5sum] = "c5577b09c9017cdd319a11ff6364268e" 14SRC_URI[md5sum] = "c5577b09c9017cdd319a11ff6364268e"