diff options
Diffstat (limited to 'meta/recipes-core/systemd/systemd/CVE-2020-13529.patch')
-rw-r--r-- | meta/recipes-core/systemd/systemd/CVE-2020-13529.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/CVE-2020-13529.patch b/meta/recipes-core/systemd/systemd/CVE-2020-13529.patch new file mode 100644 index 0000000000..6b499efbd8 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2020-13529.patch | |||
@@ -0,0 +1,42 @@ | |||
1 | From 38e980a6a5a3442c2f48b1f827284388096d8ca5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yu Watanabe <watanabe.yu+github@gmail.com> | ||
3 | Date: Thu, 24 Jun 2021 01:22:07 +0900 | ||
4 | Subject: [PATCH] sd-dhcp-client: tentatively ignore FORCERENEW command | ||
5 | |||
6 | This makes DHCP client ignore FORCERENEW requests, as unauthenticated | ||
7 | FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). | ||
8 | |||
9 | Let's re-enable this after RFC3118 (Authentication for DHCP Messages) | ||
10 | and/or RFC6704 (Forcerenew Nonce Authentication) are implemented. | ||
11 | |||
12 | Fixes #16774. | ||
13 | |||
14 | Upstream-Status: Backport [https://github.com/systemd/systemd/commit/38e980a6a5a3442c2f48b1f827284388096d8ca5] | ||
15 | CVE: CVE-2020-13529 | ||
16 | |||
17 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
18 | |||
19 | --- | ||
20 | src/libsystemd-network/sd-dhcp-client.c | 8 ++++++++ | ||
21 | 1 file changed, 8 insertions(+) | ||
22 | |||
23 | --- a/src/libsystemd-network/sd-dhcp-client.c | ||
24 | +++ b/src/libsystemd-network/sd-dhcp-client.c | ||
25 | @@ -1392,9 +1392,17 @@ static int client_handle_forcerenew(sd_dhcp_client *client, DHCPMessage *force, | ||
26 | if (r != DHCP_FORCERENEW) | ||
27 | return -ENOMSG; | ||
28 | |||
29 | +#if 0 | ||
30 | log_dhcp_client(client, "FORCERENEW"); | ||
31 | |||
32 | return 0; | ||
33 | +#else | ||
34 | + /* FIXME: Ignore FORCERENEW requests until we implement RFC3118 (Authentication for DHCP | ||
35 | + * Messages) and/or RFC6704 (Forcerenew Nonce Authentication), as unauthenticated FORCERENEW | ||
36 | + * requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). */ | ||
37 | + log_dhcp_client(client, "Received FORCERENEW, ignoring."); | ||
38 | + return -ENOMSG; | ||
39 | +#endif | ||
40 | } | ||
41 | |||
42 | static bool lease_equal(const sd_dhcp_lease *a, const sd_dhcp_lease *b) { | ||