2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
new file mode 100644
index 0000000000..2b2688cb2f
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
@@ -0,0 +1,74 @@
+From 8cfdedee369c26d2869b6ec4a64460b5f5a30934 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Thu, 7 Dec 2017 11:39:30 -0500
+Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
+        Merges in rt46767.
+Upstream-Status: Backport
+[https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4]
+CVE: CVE-2017-3144
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ RELNOTES         | 7 +++++++
+ omapip/buffer.c  | 9 +++++++++
+ omapip/message.c | 2 +-
+ 3 files changed, 17 insertions(+), 1 deletion(-)
+diff --git a/RELNOTES b/RELNOTES
+index dd40aaf..3741b80 100644
+--- a/RELNOTES
+++ b/RELNOTES
+@@ -66,6 +66,13 @@ We welcome comments from DHCP users, about this or anything else we do.
+ Email Vicky Risk, Product Manager at vicky@isc.org or discuss on 
+ dhcp-users@lists.isc.org.
+ 
+- Plugged a socket descriptor leak in OMAPI, that can occur when there is
+  data pending to be written to an OMAPI connection, when the connection
+  is closed by the reader.  Thanks to Pavel Zhukov at RedHat for bringing
+  this issue to our attention and whose patch helped guide us in the right
+  direction.
+  [ISc-Bugs #46767]
+
+                        Changes since 4.3.6b1
+ 
+ - None
+diff --git a/omapip/buffer.c b/omapip/buffer.c
+index f7fdc32..809034d 100644
+--- a/omapip/buffer.c
+++ b/omapip/buffer.c
+@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
+                        omapi_buffer_dereference (&buffer, MDL);
+                }
+        }
+
+       /* If we had data left to write when we're told to disconnect,
+       * we need recall disconnect, now that we're done writing.
+       * See rt46767. */
+       if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
+               omapi_disconnect (h, 1);
+               return ISC_R_SHUTTINGDOWN;
+       }
+
+        return ISC_R_SUCCESS;
+ }
+ 
+diff --git a/omapip/message.c b/omapip/message.c
+index 59ccdc2..21bcfc3 100644
+--- a/omapip/message.c
+++ b/omapip/message.c
+@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
+ }
+ 
+ #ifdef DEBUG_PROTOCOL
+-static const char *omapi_message_op_name(int op) {
+const char *omapi_message_op_name(int op) {
+        switch (op) {
+        case OMAPI_OP_OPEN:    return "OMAPI_OP_OPEN";
+        case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
+-- 
+2.7.4
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
index 6615ae2555..cc135493e5 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
@@ -12,6 +12,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
            file://0010-build-shared-libs.patch \
            file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \
            file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
+            file://CVE-2017-3144.patch \
           "
 SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc"

diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch new file mode 100644 index 0000000000..2b2688cb2f --- /dev/null +++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
@@ -0,0 +1,74 @@
		1	From 8cfdedee369c26d2869b6ec4a64460b5f5a30934 Mon Sep 17 00:00:00 2001
		2	From: Thomas Markwalder <tmark@isc.org>
		3	Date: Thu, 7 Dec 2017 11:39:30 -0500
		4	Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
		5
		6	Merges in rt46767.
		7
		8	Upstream-Status: Backport
		9	[https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4]
		10
		11	CVE: CVE-2017-3144
		12
		13	Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
		14	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		15	---
		16	RELNOTES \| 7 +++++++
		17	omapip/buffer.c \| 9 +++++++++
		18	omapip/message.c \| 2 +-
		19	3 files changed, 17 insertions(+), 1 deletion(-)
		20
		21	diff --git a/RELNOTES b/RELNOTES
		22	index dd40aaf..3741b80 100644
		23	--- a/RELNOTES
		24	+++ b/RELNOTES
		25	@@ -66,6 +66,13 @@ We welcome comments from DHCP users, about this or anything else we do.
		26	Email Vicky Risk, Product Manager at vicky@isc.org or discuss on
		27	dhcp-users@lists.isc.org.
		28
		29	+- Plugged a socket descriptor leak in OMAPI, that can occur when there is
		30	+ data pending to be written to an OMAPI connection, when the connection
		31	+ is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing
		32	+ this issue to our attention and whose patch helped guide us in the right
		33	+ direction.
		34	+ [ISc-Bugs #46767]
		35	+
		36	Changes since 4.3.6b1
		37
		38	- None
		39	diff --git a/omapip/buffer.c b/omapip/buffer.c
		40	index f7fdc32..809034d 100644
		41	--- a/omapip/buffer.c
		42	+++ b/omapip/buffer.c
		43	@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
		44	omapi_buffer_dereference (&buffer, MDL);
		45	}
		46	}
		47	+
		48	+ /* If we had data left to write when we're told to disconnect,
		49	+ * we need recall disconnect, now that we're done writing.
		50	+ * See rt46767. */
		51	+ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
		52	+ omapi_disconnect (h, 1);
		53	+ return ISC_R_SHUTTINGDOWN;
		54	+ }
		55	+
		56	return ISC_R_SUCCESS;
		57	}
		58
		59	diff --git a/omapip/message.c b/omapip/message.c
		60	index 59ccdc2..21bcfc3 100644
		61	--- a/omapip/message.c
		62	+++ b/omapip/message.c
		63	@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
		64	}
		65
		66	#ifdef DEBUG_PROTOCOL
		67	-static const char *omapi_message_op_name(int op) {
		68	+const char *omapi_message_op_name(int op) {
		69	switch (op) {
		70	case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN";
		71	case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
		72	--
		73	2.7.4
		74


diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb index 6615ae2555..cc135493e5 100644 --- a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb +++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
@@ -12,6 +12,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
12	file://0010-build-shared-libs.patch \	12	file://0010-build-shared-libs.patch \
13	file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \	13	file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \
14	file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \	14	file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
		15	file://CVE-2017-3144.patch \
15	"	16	"
16		17
17	SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc"	18	SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc"