Hello community, here is the log from the commit of package dhcpv6 for openSUSE:11.2 checked in at Wed Apr 6 10:52:49 CEST 2011.
-------- --- old-versions/11.2/all/dhcpv6/dhcpv6.changes 2008-10-28 20:59:04.000000000 +0100 +++ 11.2/dhcpv6/dhcpv6.changes 2011-04-06 10:36:29.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Mar 30 10:16:31 UTC 2011 - [email protected] + +- Discard domain names with suspect characters or beeing too long + (bnc#675052, CVE-2011-0997). + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.2/all/dhcpv6 Destination is old-versions/11.2/UPDATES/all/dhcpv6 calling whatdependson for 11.2-i586 New: ---- dhcpv6-1.0.22-option-check.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dhcpv6.spec ++++++ --- /var/tmp/diff_new_pack.G7xf2e/_old 2011-04-06 10:52:36.000000000 +0200 +++ /var/tmp/diff_new_pack.G7xf2e/_new 2011-04-06 10:52:36.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package dhcpv6 (Version 1.0.22) +# spec file for package dhcpv6 # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,16 +22,17 @@ BuildRequires: bison flex libnl-devel linux-kernel-headers openssl-devel pkg-config Url: http://dcantrel.fedorapeople.org/dhcpv6/ %define prefix /usr -License: BSD 3-Clause; LGPL v2.1 or later +License: BSD3c ; LGPLv2.1+ Group: Productivity/Networking/System Summary: DHCP Client and Server for IPv6 Version: 1.0.22 -Release: 3 +Release: 4.<RELEASE3> Source0: %{name}-%{version}.tar.bz2 Patch1: %{name}-%{version}-destdir.patch Patch2: %{name}-%{version}-cmd.patch Patch3: %{name}-%{version}-netconfig.dif Patch4: dhcp6c-move_new_link-sles11beta3.patch +Patch5: dhcpv6-1.0.22-option-check.diff Provides: dhcp6 = 1.0.11 Obsoletes: dhcp6 <= 1.0.11 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -53,7 +54,7 @@ and more %package -n libdhcp6client-1_0-2 -License: BSD 3-Clause; LGPL v2.1 or later +License: BSD3c ; LGPLv2.1+ Summary: DHCP Client library for IPv6 Group: Productivity/Networking/System @@ -74,7 +75,7 @@ and more %package -n libdhcp6client-devel -License: BSD 3-Clause; LGPL v2.1 or later +License: BSD3c ; LGPLv2.1+ Requires: libdhcp6client-1_0-2 = %{version} glibc-devel Summary: Development files for libdhcp6client Group: Development/Libraries/C and C++ @@ -102,6 +103,7 @@ %patch2 -p1 %patch3 %patch4 -p1 +%patch5 -p0 %build touch NEWS ++++++ dhcpv6-1.0.22-option-check.diff ++++++ --- src/common.c +++ src/common.c 2011/03/11 08:30:35 @@ -49,6 +49,8 @@ #include <arpa/nameser.h> #include <resolv.h> #include <unistd.h> +#include <stddef.h> +#include <ctype.h> #ifdef TIME_WITH_SYS_TIME # include <sys/time.h> @@ -980,6 +982,40 @@ ssize_t gethwid(buf, len, ifname, hwtype #endif } +static int check_domain_name(const char *ptr, size_t len, int dots) +{ + const char *p; + + /* not empty or complete length not over 255 characters */ + if (len == 0 || len >= 256) + return -1; + + /* consists of [[:alnum:]-]+ labels separated by [.] */ + /* a [_] is against RFC but seems to be "widely used"... */ + for (p=ptr; *p && len-- > 0; p++) { + if ( *p == '-' || *p == '_') { + /* not allowed at begin or end of a label */ + if ((p - ptr) == 0 || len == 0 || p[1] == '.') + return -1; + } else + if ( *p == '.') { + /* each label has to be 1-63 characters; + we allow [.] at the end ('foo.bar.') */ + ptrdiff_t d = p - ptr; + if( d <= 0 || d >= 64) + return -1; + ptr = p + 1; /* jump to the next label */ + if(dots > 0 && len > 0) + dots--; + } else + if ( !isalnum((unsigned char)*p)) { + /* also numbers at the begin are fine */ + return -1; + } + } + return dots ? -1 : 0; +} + void dhcp6_init_options(struct dhcp6_optinfo *optinfo) { memset(optinfo, 0, sizeof(*optinfo)); /* for safety */ @@ -1289,6 +1325,16 @@ int dhcp6_get_options(struct dhcp6opt *p goto malformed; else { val += n; + if (dhcp6_mode == DHCP6_MODE_CLIENT) { + if(check_domain_name(dname->name, + strlen(dname->name), 0)) { + dhcpv6_dprintf(LOG_ERR, "suspect characters " + "in domain name - discarded"); + free(dname); + dname = NULL; + continue; + } + } dhcpv6_dprintf(LOG_DEBUG, "expand domain name %s, size %d", dname->name, ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
