[xinetd/f16] Fix tcpmux security
jsynacek
jsynacek at fedoraproject.org
Thu May 17 06:50:23 UTC 2012
commit b073092c744bb41af14ff5a55cfa195499477802
Author: Jan Synacek <jsynacek at redhat.com>
Date: Thu May 17 08:50:00 2012 +0200
Fix tcpmux security
Resolves: #820318 (CVE-2012-0862)
xinetd-2.3.14-tcpmux-nonmux-security.patch | 49 ++++++++++++++++++++++++++++
xinetd.spec | 9 ++++-
2 files changed, 57 insertions(+), 1 deletions(-)
---
diff --git a/xinetd-2.3.14-tcpmux-nonmux-security.patch b/xinetd-2.3.14-tcpmux-nonmux-security.patch
new file mode 100644
index 0000000..115ae81
--- /dev/null
+++ b/xinetd-2.3.14-tcpmux-nonmux-security.patch
@@ -0,0 +1,49 @@
+--- xinetd-2.3.14/xinetd/builtins.c.old 2012-02-15 16:29:48.263844700 -0600
++++ xinetd-2.3.14/xinetd/builtins.c 2012-02-15 16:37:52.209594438 -0600
+@@ -560,17 +560,16 @@
+ /* Found the pointer. Validate its type.
+ */
+ scp = SVC_CONF( sp );
+-/*
+- if ( ! SVC_IS_MUXCLIENT( sp ) )
++
++ if ( ! SVC_IS_MUXCLIENT( sp ) && ! SVC_IS_MUXPLUSCLIENT( sp ) )
+ {
+ if ( debug.on )
+ {
+ msg(LOG_DEBUG, "tcpmux_handler", "Non-tcpmux service name: %s.",
+ svc_name);
+ }
+- exit(0);
++ continue;
+ }
+-*/
+
+ /* Send the accept string if we're a PLUS (+) client.
+ */
+@@ -597,6 +596,19 @@
+ msg(LOG_DEBUG, "tcpmux_handler", "Service name %s not found.",
+ svc_name);
+ }
++
++ /* If a service was not found, we should say so. */
++ if ( Swrite( descriptor, TCPMUX_NOT_FOUND, sizeof( TCPMUX_NOT_FOUND ) ) !=
++ sizeof ( TCPMUX_NOT_FOUND ) )
++ {
++ msg(LOG_ERR, "tcpmux_handler", "Not found write failed for %s.",
++ svc_name);
++ exit(0);
++ }
++
++ /* Flush and exit, nothing to do */
++ Sflush( descriptor );
++ Sclose( descriptor );
+ exit(0);
+ }
+
+--- xinetd-2.3.14/xinetd/service.h.old 2012-02-15 16:29:34.186942629 -0600
++++ xinetd-2.3.14/xinetd/service.h 2012-02-15 16:30:19.009446694 -0600
+@@ -114,2 +114,3 @@
+ #define TCPMUX_ACK "+Go\r\n"
++#define TCPMUX_NOT_FOUND "-Service name not found\r\n"
+ /*
diff --git a/xinetd.spec b/xinetd.spec
index 01d8b8a..e59609d 100644
--- a/xinetd.spec
+++ b/xinetd.spec
@@ -1,7 +1,7 @@
Summary: A secure replacement for inetd
Name: xinetd
Version: 2.3.14
-Release: 46%{?dist}
+Release: 47%{?dist}
License: xinetd
Group: System Environment/Daemons
Epoch: 2
@@ -57,6 +57,8 @@ Patch24: xinetd-2.3.14-leaking-fds-2a.patch
Patch25: xinetd-2.3.14-instances.patch
# Fix #809272 - Service disabled due to bind failure
Patch26: xinetd-2.3.14-retry-svc-activate-in-cps-restart.patch
+# CVE-2012-0862
+Patch27: xinetd-2.3.14-tcpmux-nonmux-security.patch
BuildRequires: autoconf, automake
BuildRequires: libselinux-devel >= 1.30
@@ -115,6 +117,7 @@ located in the /etc/xinetd.d directory.
%patch24 -p1 -b .leaking-fds-2a
%patch25 -p1 -b .instances
%patch26 -p1 -b .retry-svc-activate
+%patch27 -p1 -b .tcpmux-security
aclocal
autoconf
@@ -184,6 +187,10 @@ fi
%{_mandir}/*/*
%changelog
+* Thu May 17 2012 Jan Synáček <jsynacek at redhat.com> - 2:2.3.14-47
+- Fix tcpmux security
+- Resolves: #820318 (CVE-2012-0862)
+
* Fri Apr 13 2012 Jan Synáček <jsynacek at redhat.com> - 2:2.3.14-46
- Fix: service file: avoid problems when name resolution is not ready
- Resolves: #748931
More information about the scm-commits
mailing list