[dhcp/f14/master] Fix for CVE-2011-0413 (#672996)
Jiří Popelka
jpopelka at fedoraproject.org
Fri Jan 28 08:35:49 UTC 2011
commit 6a09406a36bb86da29dae8d004e17333a9318c97
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Thu Jan 27 17:38:32 2011 +0100
Fix for CVE-2011-0413 (#672996)
dhcp-4.2.0-P2-CVE-2011-0413.patch | 47 +++++++++++++++++++++++++++++++++++++
dhcp.spec | 9 ++++++-
2 files changed, 55 insertions(+), 1 deletions(-)
---
diff --git a/dhcp-4.2.0-P2-CVE-2011-0413.patch b/dhcp-4.2.0-P2-CVE-2011-0413.patch
new file mode 100644
index 0000000..f054d1f
--- /dev/null
+++ b/dhcp-4.2.0-P2-CVE-2011-0413.patch
@@ -0,0 +1,47 @@
+diff -up dhcp-4.2.0-P2/server/mdb6.c.CVE-2011-0413 dhcp-4.2.0-P2/server/mdb6.c
+--- dhcp-4.2.0-P2/server/mdb6.c.CVE-2011-0413 2010-02-17 21:33:56.000000000 +0100
++++ dhcp-4.2.0-P2/server/mdb6.c 2011-01-27 17:32:39.000000000 +0100
+@@ -1010,7 +1010,7 @@ move_lease_to_active(struct ipv6_pool *p
+ * Renew an lease in the pool.
+ *
+ * To do this, first set the new hard_lifetime_end_time for the resource,
+- * and then invoke renew_lease() on it.
++ * and then invoke renew_lease6() on it.
+ *
+ * WARNING: lease times must only be extended, never reduced!!!
+ */
+@@ -1020,12 +1020,24 @@ renew_lease6(struct ipv6_pool *pool, str
+ * If we're already active, then we can just move our expiration
+ * time down the heap.
+ *
++ * If we're abandoned then we are already on the active list
++ * but we need to retag the lease and move our expiration
++ * from infinite to the current value
++ *
+ * Otherwise, we have to move from the inactive heap to the
+ * active heap.
+ */
+ if (lease->state == FTS_ACTIVE) {
+ isc_heap_decreased(pool->active_timeouts, lease->heap_index);
+ return ISC_R_SUCCESS;
++ } else if (lease->state == FTS_ABANDONED) {
++ char tmp_addr[INET6_ADDRSTRLEN];
++ lease->state = FTS_ACTIVE;
++ isc_heap_increased(pool->active_timeouts, lease->heap_index);
++ log_info("Reclaiming previously abandoned address %s",
++ inet_ntop(AF_INET6, &(lease->addr), tmp_addr,
++ sizeof(tmp_addr)));
++ return ISC_R_SUCCESS;
+ } else {
+ return move_lease_to_active(pool, lease);
+ }
+@@ -1115,7 +1127,8 @@ isc_result_t
+ decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
+ isc_result_t result;
+
+- if (lease->state != FTS_ACTIVE) {
++ if ((lease->state != FTS_ACTIVE) &&
++ (lease->state != FTS_ABANDONED)) {
+ result = move_lease_to_active(pool, lease);
+ if (result != ISC_R_SUCCESS) {
+ return result;
diff --git a/dhcp.spec b/dhcp.spec
index a5ef00f..ceeefd6 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -12,7 +12,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.0
-Release: 18.%{patchver}%{?dist}
+Release: 19.%{patchver}%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -65,6 +65,7 @@ Patch31: dhcp-4.2.0-noprefixavail.patch
Patch32: dhcp-4.2.0-PPP.patch
Patch33: dhcp-4.2.0-P2-omapi.patch
Patch34: dhcp-4.2.0-P2-ldap-configuration.patch
+Patch35: dhcp-4.2.0-P2-CVE-2011-0413.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf
@@ -269,6 +270,9 @@ libdhcpctl and libomapi static libraries are also included in this package.
# Fix loading of configuration when LDAP is used (#668276)
%patch34 -p1 -b .ldap-configuration
+# CVE-2011-0413: Unexpected abort caused by a DHCPv6 decline message (#672996)
+%patch35 -p1 -b .CVE-2011-0413
+
# Copy in the Fedora/RHEL dhclient script
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
%{__install} -p -m 0644 %{SOURCE5} .
@@ -550,6 +554,9 @@ fi
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
%changelog
+* Thu Jan 27 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-19.P2
+- CVE-2011-0413: Unexpected abort caused by a DHCPv6 decline message (#672996)
+
* Thu Jan 13 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-18.P2
- Fix loading of configuration when LDAP is used (#668276)
More information about the scm-commits
mailing list