[dhcp/f16] isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)
Jiří Popelka
jpopelka at fedoraproject.org
Fri Jul 27 08:16:39 UTC 2012
commit 9a312e3cd914da2b6f32651c94d1d1d4fb0bf359
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Fri Jul 27 10:00:49 2012 +0200
isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)
dhcp-interval.patch | 25 +++++++++++++++++++++++++
dhcp.spec | 9 ++++++++-
2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/dhcp-interval.patch b/dhcp-interval.patch
new file mode 100644
index 0000000..e8e89c1
--- /dev/null
+++ b/dhcp-interval.patch
@@ -0,0 +1,25 @@
+diff -up dhcp-4.2.4/common/dispatch.c.foo dhcp-4.2.4/common/dispatch.c
+--- dhcp-4.2.4/common/dispatch.c.foo 2012-07-26 21:31:43.875349675 -0500
++++ dhcp-4.2.4/common/dispatch.c 2012-07-26 21:39:14.961710319 -0500
+@@ -324,7 +324,20 @@ void add_timeout (when, where, what, ref
+ q->next = timeouts;
+ timeouts = q;
+
+- isc_interval_set(&interval, sec & DHCP_SEC_MAX, usec * 1000);
++ /* isc_time_nowplusinterval() is not safe with 64-bit time_t and will
++ * return an error for sufficiently large intervals. We have to limit
++ * the interval to INT_MAX or less to ensure the interval doesn't
++ * overflow 32 bits, since the returned isc_time_t fields are
++ * 32-bit unsigned ints.
++ *
++ * HACK: The 9 is a magic number of seconds, since some time may have
++ * gone by since the last call to gettimeofday() and the one in
++ * isc_time_nowplusinterval().
++ */
++ if (sec > TIME_MAX)
++ sec = TIME_MAX - 9;
++
++ isc_interval_set(&interval, sec, usec * 1000);
+ status = isc_time_nowplusinterval(&expires, &interval);
+ if (status != ISC_R_SUCCESS) {
+ /*
diff --git a/dhcp.spec b/dhcp.spec
index 1e53681..28e87b8 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -19,7 +19,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.3
-Release: 10.%{patchver}%{?dist}
+Release: 11.%{patchver}%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -71,6 +71,7 @@ Patch31: dhcp-4.2.0-PPP.patch
Patch32: dhcp-4.2.3-paranoia.patch
Patch33: dhcp-4.2.3-P2-log_perror.patch
Patch34: dhcp-4.2.4-CVE-2012-3570-3571-3954.patch
+Patch35: dhcp-interval.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -317,6 +318,9 @@ rm bind/bind.tar.gz
# 4.2.4-P1: fix for CVE-2012-3570 CVE-2012-3571 and CVE-2012-3954 (#842892)
%patch34 -p1 -b .CVE-2012-3570-3571-3954
+# isc_time_nowplusinterval() is not safe with 64-bit time_t
+%patch35 -p1 -b .interval
+
# Copy in the Fedora/RHEL dhclient script
%{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
%{__install} -p -m 0644 %{SOURCE5} .
@@ -650,6 +654,9 @@ fi
%{_initddir}/dhcrelay
%changelog
+* Fri Jul 27 2012 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.3-11.P2
+- isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)
+
* Wed Jul 25 2012 Tomas Hozza <thozza at redhat.com> - 12:4.2.3-10.P2
- 4.2.4-P1: fix for CVE-2012-3570 CVE-2012-3571 and CVE-2012-3954 (#842892)
More information about the scm-commits
mailing list