[dhcp/f13/master] Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)

Jiří Popelka jpopelka at fedoraproject.org
Wed Apr 6 18:51:21 UTC 2011 

commit 6785a398ded3f142749760e88c4ca906c4a9c447
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Wed Apr 6 20:51:12 2011 +0200

    Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)

 dhcp-4.1-ESV-CVE-2011-0997.patch |   16 ++++++++++++++++
 dhcp.spec                        |    9 ++++++++-
 2 files changed, 24 insertions(+), 1 deletions(-)
---
diff --git a/dhcp-4.1-ESV-CVE-2011-0997.patch b/dhcp-4.1-ESV-CVE-2011-0997.patch
new file mode 100644
index 0000000..11c74ca
--- /dev/null
+++ b/dhcp-4.1-ESV-CVE-2011-0997.patch
@@ -0,0 +1,16 @@
+diff -up dhcp-4.1-ESV-R2/client/dhclient.c.CVE-2011-0997 dhcp-4.1-ESV-R2/client/dhclient.c
+--- dhcp-4.1-ESV-R2/client/dhclient.c.CVE-2011-0997	2011-04-06 20:44:17.000000000 +0200
++++ dhcp-4.1-ESV-R2/client/dhclient.c	2011-04-06 20:44:17.000000000 +0200
+@@ -4348,11 +4348,11 @@ static int check_option_values(struct un
+ 	if ((universe == NULL) || (universe == &dhcp_universe)) {
+ 		switch(opt) {
+ 		      case DHO_HOST_NAME:
+-		      case DHO_DOMAIN_NAME:
+ 		      case DHO_NIS_DOMAIN:
+ 		      case DHO_NETBIOS_SCOPE:
+ 			return check_domain_name(ptr, len, 0);
+ 			break;
++		      case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
+ 		      case DHO_DOMAIN_SEARCH:
+ 			return check_domain_name_list(ptr, len, 0);
+ 			break;
diff --git a/dhcp.spec b/dhcp.spec
index 065d351..7e76424 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -15,7 +15,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.1.2
-Release:  3.ESV.%{patchver}%{?dist}
+Release:  4.ESV.%{patchver}%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -61,6 +61,7 @@ Patch23:  %{name}-4.1-ESV-retransmission.patch
 Patch24:  %{name}-4.1.1-initialization-delay.patch
 Patch25:  %{name}-4.1.1-P1-PIE-RELRO.patch
 Patch26:  %{name}-4.1.1-P1-noprefixavail.patch
+Patch27:  %{name}-4.1-ESV-CVE-2011-0997.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf
@@ -243,6 +244,9 @@ libdhcpctl and libomapi static libraries are also included in this package.
 #    prefix in IA_PD (as a preference) and this prefix was not in any of server's pools.
 %patch26 -p1 -b .noprefixavail
 
+# Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
+%patch27 -p1 -b .CVE-2011-0997
+
 # Copy in documentation and example scripts for LDAP patch to dhcpd
 %{__install} -p -m 0755 ldap-for-dhcp-%{ldappatchver}/dhcpd-conf-to-ldap contrib/
 
@@ -528,6 +532,9 @@ fi
 %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
 
 %changelog
+* Wed Apr 06 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.2-4.ESV.R2
+- Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
+
 * Wed Apr 06 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.2-3.ESV.R2
 - 4.1-ESV-R2: fix for CVE-2011-0997 (#694005)

More information about the scm-commits mailing list