[xinetd/f16] Fix: Instances limit in xinetd can be easily bypassed

jsynacek jsynacek at fedoraproject.org
Tue Mar 6 09:23:28 UTC 2012 

commit e6597959ff886613eafa1d4321ce140562354bf9
Author: Jan Synacek <jsynacek at redhat.com>
Date:   Mon Mar 5 15:03:46 2012 +0100

    Fix: Instances limit in xinetd can be easily bypassed
    
    Resolves: #770858

 xinetd-2.3.14-instances.patch |   22 ++++++++++++++++++++++
 xinetd.spec                   |    9 ++++++++-
 2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/xinetd-2.3.14-instances.patch b/xinetd-2.3.14-instances.patch
new file mode 100644
index 0000000..6def242
--- /dev/null
+++ b/xinetd-2.3.14-instances.patch
@@ -0,0 +1,22 @@
+--- xinetd-2.3.14/xinetd/access.c	2005-10-05 19:15:33.000000000 +0200
++++ xinetd-2.3.14-mod/xinetd/access.c	2012-03-05 14:54:30.935416926 +0100
+@@ -73,6 +73,7 @@ static void cps_service_restart(void)
+    unsigned int i;
+    time_t nowtime;
+    const char *func = "cps_service_restart";
++   int rs;
+ 
+    nowtime = time(NULL);
+    for( i=0; i < pset_count( SERVICES(ps) ); i++ ) {
+@@ -84,8 +85,11 @@ static void cps_service_restart(void)
+       if( SVC_STATE(sp) == SVC_DISABLED ) {
+          scp = SVC_CONF( sp );
+          if ( SC_TIME_REENABLE(scp) <= nowtime ) {
++            rs = SVC_RUNNING_SERVERS(sp);
+             /* re-enable the service */
+             if( svc_activate(sp) == OK ) {
++               /* remember running servers after restart */
++               SVC_RUNNING_SERVERS(sp) = rs;
+                msg(LOG_ERR, func,
+                "Activating service %s", SC_NAME(scp));
+             } else {
diff --git a/xinetd.spec b/xinetd.spec
index ca8b834..1e3893d 100644
--- a/xinetd.spec
+++ b/xinetd.spec
@@ -1,7 +1,7 @@
 Summary: A secure replacement for inetd
 Name: xinetd
 Version: 2.3.14
-Release: 43%{?dist}
+Release: 44%{?dist}
 License: xinetd 
 Group: System Environment/Daemons
 Epoch: 2
@@ -53,6 +53,8 @@ Patch22: xinetd-2.3.14-many-services.patch
 Patch23: xinetd-2.3.14-realloc-remove.patch
 # Fix leaking descriptor when starting a service fails
 Patch24: xinetd-2.3.14-leaking-fds-2.patch
+# Fix #770858 - Instances limit in xinetd can be easily bypassed
+Patch25: xinetd-2.3.14-instances.patch
 
 BuildRequires: autoconf, automake
 BuildRequires: libselinux-devel >= 1.30
@@ -109,6 +111,7 @@ located in the /etc/xinetd.d directory.
 %patch22 -p1 -b .many-services
 %patch23 -p1 -b .realloc-remove
 %patch24 -p1 -b .leaking-fds-2
+%patch25 -p1 -b .instances
 
 aclocal
 autoconf
@@ -178,6 +181,10 @@ fi
 %{_mandir}/*/*
 
 %changelog
+* Mon Mar 05 2012 Jan Synáček <jsynacek at redhat.com> - 2:2.3.14-44
+- Fix: Instances limit in xinetd can be easily bypassed
+- Resolves: #770858 
+
 * Mon Mar 05 2012 Jan Synáček <jsynacek at redhat.com> - 2:2.3.14-43
 - Fix xinetd.service permissions
 - Remove useless INSTALL from package documentation

More information about the scm-commits mailing list