[xinetd/f19] xinetd segfaults when connecting to tcpmux service
jsynacek
jsynacek at fedoraproject.org
Tue Dec 3 11:30:31 UTC 2013
commit 342c9956d6f6167478d47384d9dbc78307f66a6f
Author: Jan Synacek <jsynacek at redhat.com>
Date: Tue Dec 3 10:51:46 2013 +0100
xinetd segfaults when connecting to tcpmux service
Resolves: #1033528
...-2.3.15-tcpmux-nameinargs-disable-service.patch | 37 ++++++++++++++++++++
xinetd.spec | 9 ++++-
2 files changed, 45 insertions(+), 1 deletions(-)
---
diff --git a/xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch b/xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch
new file mode 100644
index 0000000..351cad0
--- /dev/null
+++ b/xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch
@@ -0,0 +1,37 @@
+Xinetd parses and applies its configuration line by line. If a user wants to
+specify NAMEINARGS as a flag, it has to be *before* specifying 'server_args'.
+
+Author: Jan Synacek <jsynacek at redhat.com>
+Resolves: #1033528
+
+--- a/xinetd/parse.c 2013-11-21 10:51:25.025436376 +0100
++++ b/xinetd/parse.c 2013-11-21 14:45:44.374121057 +0100
+@@ -631,6 +631,16 @@ static status_e identify_attribute( entr
+ return OK;
+ }
+
++ /* If flags contain NAMEINARGS and server_args is already set, disable the service.
++ Server args are already set incorrectly. */
++ if ( strcmp( ap->a_name, "flags" ) == 0 &&
++ SC_SERVER_ARGV( scp ) )
++ {
++ parsemsg( LOG_ERR, func,
++ "NAMEINARGS flag is set after server_args - DISABLING SERVICE" ) ;
++ SC_DISABLE( scp );
++ }
++
+ if ( (*ap->a_parser)( attr_values, scp, op ) == OK )
+ { /* This is the normal path. */
+ SC_SPECIFY( scp, ap->a_id ) ;
+--- a/xinetd/xinetd.conf.man 2013-12-03 10:06:35.717977075 +0100
++++ b/xinetd/xinetd.conf.man 2013-12-03 10:41:14.779089430 +0100
+@@ -106,7 +106,8 @@
+ This will cause the first argument in "server_args" to be argv[0] when
+ executing the server, as specified in "server". This allows you to use
+ tcpd by putting tcpd in "server" and the name of the server in "server_args"
+-like in normal inetd.
++like in normal inetd. This flag has to be specified before "server_args",
++otherwise is not taken into account.
+ .TP
+ .B NODELAY
+ If the service is a tcp service and the NODELAY flag is set, then the
diff --git a/xinetd.spec b/xinetd.spec
index 991ac88..5172c6d 100644
--- a/xinetd.spec
+++ b/xinetd.spec
@@ -1,7 +1,7 @@
Summary: A secure replacement for inetd
Name: xinetd
Version: 2.3.15
-Release: 8%{?dist}
+Release: 9%{?dist}
License: xinetd
Group: System Environment/Daemons
Epoch: 2
@@ -56,6 +56,8 @@ Patch27: xinetd-2.3.15-bad-port-check.patch
# Fix #977873 - Use full path to server when checking selinux context
Patch28: xinetd-2.3.15-context-exepath.patch
Patch29: xinetd-2.3.15-creds.patch
+# Fix #1033528 - xinetd segfaults when connecting to tcpmux service
+Patch30: xinetd-2.3.15-tcpmux-nameinargs-disable-service.patch
BuildRequires: autoconf, automake
BuildRequires: libselinux-devel >= 1.30
@@ -112,6 +114,7 @@ located in the /etc/xinetd.d directory.
%patch27 -p1 -b .bad-port-check
%patch28 -p1 -b .context-exepath
%patch29 -p1 -b .creds
+%patch30 -p1
aclocal
autoconf
@@ -159,6 +162,10 @@ install -m 600 %SOURCE3 $RPM_BUILD_ROOT/etc/sysconfig/xinetd
%{_mandir}/*/*
%changelog
+* Tue Dec 3 2013 Jan Synáček <jsynacek at redhat.com> - 2:2.3.15-9
+- xinetd segfaults when connecting to tcpmux service
+- Resolves: #1033528
+
* Thu Oct 3 2013 Jan Synáček <jsynacek at redhat.com> - 2:2.3.15-8
- Honor user and group directives
- Resolves: CVE-2013-4342
More information about the scm-commits
mailing list