[bip/f15] - Upstream patch to fix buffer overflow with too many open fd's (#784301) https://projects.duckcor
Brian C. Lane
bcl at fedoraproject.org
Tue Jan 24 18:40:40 UTC 2012
commit f569c51c4a3c5c7360a6df56ca4456ca72d158d8
Author: Brian C. Lane <bcl at redhat.com>
Date: Tue Jan 24 10:39:19 2012 -0800
- Upstream patch to fix buffer overflow with too many open fd's (#784301)
https://projects.duckcorp.org/issues/269
- Switched spec to use git to apply patches
...atch => 0001-Setup-bip-for-Fedora-s-paths.patch | 24 +++-
...> 0002-Throttle-joins-to-prevent-flooding.patch | 21 +++-
...flow-check-against-the-implicit-size-of-s.patch | 129 ++++++++++++++++++++
bip.spec | 22 +++-
4 files changed, 182 insertions(+), 14 deletions(-)
---
diff --git a/bip-conf.patch b/0001-Setup-bip-for-Fedora-s-paths.patch
similarity index 62%
rename from bip-conf.patch
rename to 0001-Setup-bip-for-Fedora-s-paths.patch
index ef09db1..6a365c6 100644
--- a/bip-conf.patch
+++ b/0001-Setup-bip-for-Fedora-s-paths.patch
@@ -1,6 +1,17 @@
---- samples/bip.conf.orig 2008-05-15 15:45:04.000000000 +0100
-+++ samples/bip.conf 2008-05-15 15:48:43.000000000 +0100
-@@ -9,7 +9,7 @@
+From 0e357353d1c3052f44db7b1e833d569998c99337 Mon Sep 17 00:00:00 2001
+From: Fedora Ninjas <bip-owner at fedoraproject.org>
+Date: Tue, 24 Jan 2012 09:54:31 -0800
+Subject: [PATCH 1/3] Setup bip for Fedora's paths
+
+---
+ samples/bip.conf | 6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/samples/bip.conf b/samples/bip.conf
+index 6761688..7edb36c 100644
+--- a/samples/bip.conf
++++ b/samples/bip.conf
+@@ -9,7 +9,7 @@ ip = "0.0.0.0";
# be sure to set the password to the value
# specified in the network you want to connect to.
# Port is 6667 by default.
@@ -9,7 +20,7 @@
# If you set this to true, you'll only be able to connect to bip
# with a SSL capable IRC client. Be sure to generate a certificate
-@@ -21,7 +21,7 @@
+@@ -21,7 +21,7 @@ client_side_ssl = false;
#client_side_ssl_pem = "/path/to/pemfile";
# Define where the pidfile should be stored. Defaults to <biphome>/bip.pid
@@ -18,7 +29,7 @@
# Uncomment this line to disable logging and backlogging.
#log = false
-@@ -37,7 +37,7 @@
+@@ -37,7 +37,7 @@ log_level = 3;
# This is where logs go. Channel and private messages will use that
# configuration value as a prefix, and then log_format to determine
# full log filename.
@@ -27,3 +38,6 @@
# Uncomment this line to disable bip's internal messages logging.
# This is not recommended, a better option is to reduce log_level.
+--
+1.7.6.5
+
diff --git a/bip-fn-ircd7.patch b/0002-Throttle-joins-to-prevent-flooding.patch
similarity index 65%
rename from bip-fn-ircd7.patch
rename to 0002-Throttle-joins-to-prevent-flooding.patch
index 272cdbb..39f1208 100644
--- a/bip-fn-ircd7.patch
+++ b/0002-Throttle-joins-to-prevent-flooding.patch
@@ -1,5 +1,15 @@
+From eb5a5e987969282ab7c1414e058ca17838d39b45 Mon Sep 17 00:00:00 2001
+From: Fedora Ninjas <bip-owner at fedoraproject.org>
+Date: Tue, 24 Jan 2012 09:56:56 -0800
+Subject: [PATCH 2/3] Throttle joins to prevent flooding
+
+---
+ src/irc.c | 6 +++++-
+ src/irc.h | 1 +
+ 2 files changed, 6 insertions(+), 1 deletions(-)
+
diff --git a/src/irc.c b/src/irc.c
-index 556bf97..a5cc039 100644
+index c890ed6..631af6f 100644
--- a/src/irc.c
+++ b/src/irc.c
@@ -16,6 +16,7 @@
@@ -10,7 +20,7 @@ index 556bf97..a5cc039 100644
#include "util.h"
#include "irc.h"
#include "bip.h"
-@@ -206,6 +207,8 @@ static void irc_server_join(struct link_server *s)
+@@ -213,6 +214,8 @@ static void irc_server_join(struct link_server *s)
WRITE_LINE1(CONN(s), NULL, "JOIN", ci->name);
else
WRITE_LINE2(CONN(s), NULL, "JOIN", ci->name, ci->key);
@@ -19,7 +29,7 @@ index 556bf97..a5cc039 100644
}
}
-@@ -944,7 +947,8 @@ static int irc_cli_mode(struct link_client *ic, struct line *line)
+@@ -951,7 +954,8 @@ static int irc_cli_mode(struct link_client *ic, struct line *line)
/* This is a wild guess and that sucks. */
if (!irc_line_elem_equals(line, 0, "MODE") ||
@@ -30,7 +40,7 @@ index 556bf97..a5cc039 100644
++ic->who_count;
diff --git a/src/irc.h b/src/irc.h
-index c0c3373..f474b25 100644
+index 006aa08..a4964ef 100644
--- a/src/irc.h
+++ b/src/irc.h
@@ -28,6 +28,7 @@
@@ -41,3 +51,6 @@ index c0c3373..f474b25 100644
struct server {
char *host;
+--
+1.7.6.5
+
diff --git a/0003-Buffer-Overflow-check-against-the-implicit-size-of-s.patch b/0003-Buffer-Overflow-check-against-the-implicit-size-of-s.patch
new file mode 100644
index 0000000..25ad10f
--- /dev/null
+++ b/0003-Buffer-Overflow-check-against-the-implicit-size-of-s.patch
@@ -0,0 +1,129 @@
+From a26cf2be67971b752c120fd3bbee9e7211159184 Mon Sep 17 00:00:00 2001
+From: Pierre-Louis Bonicoli <pierre-louis.bonicoli at gmx.fr>
+Date: Sat, 7 Jan 2012 11:41:02 +0100
+Subject: [PATCH 3/3] Buffer Overflow: check against the implicit size of
+ select() arrays
+
+Reported by Julien Tinnes (Fix #269)
+exit is called when the listening socket can not be created
+---
+ src/bip.c | 2 +-
+ src/connection.c | 46 ++++++++++++++++++++++++++++++++++++++--------
+ src/irc.c | 7 ++++---
+ 3 files changed, 43 insertions(+), 12 deletions(-)
+
+diff --git a/src/bip.c b/src/bip.c
+index a361847..4c37570 100644
+--- a/src/bip.c
++++ b/src/bip.c
+@@ -1312,7 +1312,7 @@ int main(int argc, char **argv)
+ close(fd);
+
+ bip.listener = listen_new(conf_ip, conf_port, conf_css);
+- if (!bip.listener)
++ if (!bip.listener || bip.listener->connected == CONN_ERROR)
+ fatal("Could not create listening socket");
+
+ for (;;) {
+diff --git a/src/connection.c b/src/connection.c
+index c793e18..cb8d976 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -124,6 +124,18 @@ static void connect_trynext(connection_t *cn)
+ continue;
+ }
+
++ if (cn->handle >= FD_SETSIZE) {
++ mylog(LOG_WARN, "too many fd used, close socket %d",
++ cn->handle);
++
++ if (close(cn->handle) == -1)
++ mylog(LOG_WARN, "Error on socket close: %s",
++ strerror(errno));
++
++ cn->handle = -1;
++ break;
++ }
++
+ socket_set_nonblock(cn->handle);
+
+ if (cn->connecting_data->src) {
+@@ -789,13 +801,8 @@ list_t *wait_event(list_t *cn_list, int *msec, int *nc)
+ /*
+ * This shouldn't happen ! just in case...
+ */
+- if (cn->handle < 0) {
+- mylog(LOG_WARN, "wait_event invalid socket %d",
+- cn->handle);
+- if (cn_is_connected(cn))
+- cn->connected = CONN_ERROR;
+- continue;
+- }
++ if (cn->handle < 0 || cn->handle >= FD_SETSIZE)
++ fatal("wait_event invalid socket %d", cn->handle);
+
+ /* exceptions are OOB and disconnections */
+ FD_SET(cn->handle, &fds_except);
+@@ -966,6 +973,18 @@ static void create_listening_socket(char *hostname, char *port,
+ continue;
+ }
+
++ if (cn->handle >= FD_SETSIZE) {
++ mylog(LOG_WARN, "too many fd used, close listening socket %d",
++ cn->handle);
++
++ if (close(cn->handle) == -1)
++ mylog(LOG_WARN, "Error on socket close: %s",
++ strerror(errno));
++
++ cn->handle = -1;
++ break;
++ }
++
+ if (setsockopt(cn->handle, SOL_SOCKET, SO_REUSEADDR,
+ (char *)&multi_client,
+ sizeof(multi_client)) < 0) {
+@@ -1113,10 +1132,21 @@ connection_t *accept_new(connection_t *cn)
+
+ mylog(LOG_DEBUG, "Trying to accept new client on %d", cn->handle);
+ err = accept(cn->handle, &sa, &sa_len);
++
+ if (err < 0) {
+- mylog(LOG_ERROR, "accept failed: %s", strerror(errno));
++ fatal("accept failed: %s", strerror(errno));
++ }
++
++ if (err >= FD_SETSIZE) {
++ mylog(LOG_WARN, "too many client connected, close %d", err);
++
++ if (close(err) == -1)
++ mylog(LOG_WARN, "Error on socket close: %s",
++ strerror(errno));
++
+ return NULL;
+ }
++
+ socket_set_nonblock(err);
+
+ conn = connection_init(cn->anti_flood, cn->ssl, cn->timeout, 0);
+diff --git a/src/irc.c b/src/irc.c
+index 631af6f..0b7726a 100644
+--- a/src/irc.c
++++ b/src/irc.c
+@@ -2448,9 +2448,10 @@ void bip_on_event(bip_t *bip, connection_t *conn)
+
+ if (conn == bip->listener) {
+ struct link_client *n = irc_accept_new(conn);
+- assert(n);
+- list_add_last(&bip->conn_list, CONN(n));
+- list_add_last(&bip->connecting_client_list, n);
++ if (n) {
++ list_add_last(&bip->conn_list, CONN(n));
++ list_add_last(&bip->connecting_client_list, n);
++ }
+ return;
+ }
+
+--
+1.7.6.5
+
diff --git a/bip.spec b/bip.spec
index b67e736..0f2c807 100644
--- a/bip.spec
+++ b/bip.spec
@@ -1,6 +1,6 @@
Name: bip
Version: 0.8.8
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: IRC Bouncer
Group: Applications/Internet
License: GPLv2+
@@ -11,8 +11,9 @@ Source1: bip.init
# Fedora 15+ - ensure that /var/run/bip is created on system start
# http://bugzilla.redhat.com/show_bug.cgi?id=707294
Source2: bip-tmpfs.conf
-Patch0: bip-conf.patch
-Patch1: bip-fn-ircd7.patch
+Patch0: 0001-Setup-bip-for-Fedora-s-paths.patch
+Patch1: 0002-Throttle-joins-to-prevent-flooding.patch
+Patch2: 0003-Buffer-Overflow-check-against-the-implicit-size-of-s.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -21,6 +22,7 @@ BuildRequires: byacc
BuildRequires: flex
BuildRequires: m4
BuildRequires: openssl-devel
+BuildRequires: git
%description
Bip is an IRC proxy, which means it keeps connected to your preferred IRC
@@ -33,8 +35,13 @@ while you were away.
%prep
%setup -q
-%patch0 -p0
-%patch1 -p1
+git init
+git config user.email "bip-owner at fedoraproject.org"
+git config user.name "Fedora Ninjas"
+git add .
+git commit -a -q -m "%{version} baseline."
+git am %{patches}
+
iconv -f iso-8859-1 -t utf-8 -o ChangeLog{.utf8,}
mv ChangeLog{.utf8,}
@@ -103,6 +110,11 @@ fi
%attr(-,bip,bip) %dir %{_localstatedir}/log/bip
%changelog
+* Tue Jan 24 2012 Brian C. Lane <bcl at redhat.com> - 0.8.8-2
+- Upstream patch to fix buffer overflow with too many open fd's (#784301)
+ https://projects.duckcorp.org/issues/269
+- Switched spec to use git to apply patches
+
* Thu Nov 17 2011 Brian C. Lane <bcl at redhat.com> - 0.8.8-1
- Update to upstream version 0.8.8
- Call systemd-tmpfiles to create the pid directory
More information about the scm-commits
mailing list