cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-29 06:58:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

collectd: upstream fix for vulnerabity in network plugin

Browse Source 
Backport an upstream fix for a DDoS vulnerability in the
network plugin: CVE-2017-7401

The patch has been adapted from the fix for 5.6 branch,
as 5.5 is already EoL in practice.

Run-tested with R7800/ipq806x.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This commit is contained in:
Hannu Nyman
2017-04-19 12:20:53 +03:00
parent e13ff8c85c
commit 938db71418
2 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
utils/collectd/Makefile
+2 -2
View File
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=collectd
PKG_VERSION:=5.5.3
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://collectd.org/files/
@@ -17,7 +17,7 @@ PKG_MD5SUM:=6f10633d0f73f99ef61472a8e377d4a058de161e80f3353b4b17d394c68f2f44
PKG_FIXUP:=autoreconf
PKG_REMOVE_FILES:=aclocal.m4 libltdl/aclocal.m4
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>, Hannu Nyman <hannu.nyman@iki.fi>
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
utils/collectd/patches/050-upstream-fix-for-network-plugin-ddos.patch
+50
View File
@@ -0,0 +1,50 @@
From f6be4f9b49b949b379326c3d7002476e6ce4f211 Mon Sep 17 00:00:00 2001
From: Pavel Rochnyack <pavel2000@ngs.ru>
Date: Mon, 3 Apr 2017 11:57:09 +0600
Subject: [PATCH] network plugin: Fix endless loop DOS in parse_packet()
When correct 'Signature part' is received by Collectd, configured without
AuthFile option, condition for endless loop occurs due to missing increase
of pointer to next unprocessed part.
Fixes: CVE-2017-7401
Signed-off-by: Florian Forster <octo@collectd.org>
--- a/src/network.c
+++ b/src/network.c
@@ -1066,14 +1066,6 @@ static int parse_part_sign_sha256 (socke
buffer_len = *ret_buffer_len;
buffer_offset = 0;
- if (se->data.server.userdb == NULL)
- {
- c_complain (LOG_NOTICE, &complain_no_users,
- "network plugin: Received signed network packet but can't verify it "
- "because no user DB has been configured. Will accept it.");
- return (0);
- }
-
/* Check if the buffer has enough data for this structure. */
if (buffer_len <= PART_SIGNATURE_SHA256_SIZE)
return (-ENOMEM);
@@ -1091,6 +1083,18 @@ static int parse_part_sign_sha256 (socke
return (-1);
}
+ if (se->data.server.userdb == NULL) {
+ c_complain(
+ LOG_NOTICE, &complain_no_users,
+ "network plugin: Received signed network packet but can't verify it "
+ "because no user DB has been configured. Will accept it.");
+
+ *ret_buffer = buffer + pss_head_length;
+ *ret_buffer_len -= pss_head_length;
+
+ return (0);
+ }
+
/* Copy the hash. */
BUFFER_READ (pss.hash, sizeof (pss.hash));