[jabberd/f17] included patch for "Vulnerability in XMPP Server Dialback Implementations"
Adrian Reber
adrian at fedoraproject.org
Wed Aug 22 06:46:34 UTC 2012
commit 350382b3a64f27ce649b4289ec050ed9a210f563
Author: Adrian Reber <adrian at lisas.de>
Date: Wed Aug 22 08:46:28 2012 +0200
included patch for "Vulnerability in XMPP Server Dialback Implementations"
http://xmpp.org/resources/security-notices/server-dialback/
aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch | 34 ++++++++++++++++++++++++
jabberd.spec | 10 ++++++-
2 files changed, 43 insertions(+), 1 deletions(-)
---
diff --git a/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch b/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
new file mode 100644
index 0000000..bc8f1fb
--- /dev/null
+++ b/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
@@ -0,0 +1,34 @@
+From aabcffae560d5fd00cd1d2ffce5d760353cf0a4d Mon Sep 17 00:00:00 2001
+From: Tomasz Sterna <tomek at xiaoka.com>
+Date: Mon, 6 Aug 2012 20:41:23 +0200
+Subject: [PATCH] Fixed possibility of Unsolicited Dialback Attacks
+
+---
+ s2s/out.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/s2s/out.c b/s2s/out.c
+index 0ed9b30..7b9f44f 100644
+--- a/s2s/out.c
++++ b/s2s/out.c
+@@ -1661,7 +1661,7 @@ static void _out_result(conn_t out, nad_t nad) {
+ rkeylen = strlen(rkey);
+
+ /* key is valid */
+- if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
++ if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
+ log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", out->s->compressed ? ", ZLIB compression enabled" : "");
+
+ xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID); /* !!! small leak here */
+@@ -1749,7 +1749,7 @@ static void _out_verify(conn_t out, nad_t nad) {
+ rkey = s2s_route_key(NULL, to->domain, from->domain);
+
+ attr = nad_find_attr(nad, 0, -1, "type", "valid");
+- if(attr >= 0) {
++ if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
+ xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
+ log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", in->s->compressed ? ", ZLIB compression enabled" : "");
+ valid = 1;
+--
+1.7.10
+
diff --git a/jabberd.spec b/jabberd.spec
index 7a329d3..f92cefa 100644
--- a/jabberd.spec
+++ b/jabberd.spec
@@ -1,13 +1,16 @@
Summary: OpenSource server implementation of the Jabber protocols
Name: jabberd
Version: 2.2.14
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Daemons
Source0: http://ftp.xiaoka.com/jabberd2/releases/jabberd-%{version}.tar.bz2
Source1: jabberd.init
Source2: jabberd.sysconfig
Source3: jabberd.pam
+# http://xmpp.org/resources/security-notices/server-dialback/
+# Vulnerability in XMPP Server Dialback Implementations
+Patch0: https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.patch
URL: http://codex.xiaoka.com/wiki/jabberd2:start
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openssl-devel libidn-devel expat-devel
@@ -40,6 +43,7 @@ This package defaults to use pam and sqlite.
%prep
%setup -q
+%patch0 -p1
%build
export CFLAGS="%{optflags}"
@@ -201,6 +205,10 @@ fi
%attr(700, jabber, jabber) %{_var}/lib/%{name}
%changelog
+* Wed Aug 22 2012 Adrian Reber <adrian at lisas.de> - 2.2.14-4
+- included patch for "Vulnerability in XMPP Server Dialback Implementations"
+ http://xmpp.org/resources/security-notices/server-dialback/
+
* Tue Jul 24 2012 Adrian Reber <adrian at lisas.de> - 2.2.14-3
- fixes "service jabberd restart fails on stopping s2s" (#730967)
More information about the scm-commits
mailing list