[Buildroot] [git commit] dhcp: add upstream security fix

* [Buildroot] [git commit] dhcp: add upstream security fix
@ 2017-12-13 13:04 Thomas Petazzoni
  0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2017-12-13 13:04 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=a4c6ac59e6e056e43c899d0e6c59a7e6139bfd52
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Fixes socket leak that might cause denial of serivce.

https://bugzilla.redhat.com/show_bug.cgi?id=1523547

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 ...3-Plugs-a-socket-descriptor-leak-in-OMAPI.patch | 51 ++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/package/dhcp/0002-v4_3-Plugs-a-socket-descriptor-leak-in-OMAPI.patch b/package/dhcp/0002-v4_3-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
new file mode 100644
index 0000000..df29465
--- /dev/null
+++ b/package/dhcp/0002-v4_3-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
@@ -0,0 +1,51 @@
+From 5097bc0559f592683faac1f67bf350e1bddf6ed4 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Thu, 7 Dec 2017 11:39:30 -0500
+Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
+
+        Merges in rt46767.
+
+[baruch: drop RELNOTES hunk]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit 5097bc0559f
+
+ omapip/buffer.c  | 9 +++++++++
+ omapip/message.c | 2 +-
+
+diff --git a/omapip/buffer.c b/omapip/buffer.c
+index f7fdc3250e82..809034d1317b 100644
+--- a/omapip/buffer.c
++++ b/omapip/buffer.c
+@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
+ 			omapi_buffer_dereference (&buffer, MDL);
+ 		}
+ 	}
++
++	/* If we had data left to write when we're told to disconnect,
++	* we need recall disconnect, now that we're done writing.
++	* See rt46767. */
++	if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
++		omapi_disconnect (h, 1);
++		return ISC_R_SHUTTINGDOWN;
++	}
++
+ 	return ISC_R_SUCCESS;
+ }
+ 
+diff --git a/omapip/message.c b/omapip/message.c
+index 59ccdc2c05cf..21bcfc3822e7 100644
+--- a/omapip/message.c
++++ b/omapip/message.c
+@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
+ }
+ 
+ #ifdef DEBUG_PROTOCOL
+-static const char *omapi_message_op_name(int op) {
++const char *omapi_message_op_name(int op) {
+ 	switch (op) {
+ 	case OMAPI_OP_OPEN:    return "OMAPI_OP_OPEN";
+ 	case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
+-- 
+2.15.1
+

^ permalink raw reply related	[flat|nested] only message in thread