On Mon, Apr 24, 2017 at 05:05:04PM +0800, Zhixiong Chi wrote: > Incorrect interaction of the parse_packet() and parse_part_sign_sha256() > functions > in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a > denial of service (infinite loop) of a collectd instance (configured with > "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP > packet. > > Backport upstream patch from https://github.com/collectd/collectd/ > commit f6be4f9b49b949b379326c3d7002476e6ce4f211
There is already upgrade to 5.7.1 by khem in master-next: commit e73fa36f014bef43b5036dc90ea0d6835d704473 Author: Khem Raj <[email protected]> Date: Sun Apr 23 22:20:47 2017 -0700 collectd: Upgrade to 5.7.1 > > Signed-off-by: Zhixiong Chi <[email protected]> > --- > .../collectd/collectd/collectd-CVE-2017-7401.patch | 54 > ++++++++++++++++++++++ > .../recipes-extended/collectd/collectd_5.5.0.bb | 1 + > 2 files changed, 55 insertions(+) > create mode 100644 > meta-oe/recipes-extended/collectd/collectd/collectd-CVE-2017-7401.patch > > diff --git > a/meta-oe/recipes-extended/collectd/collectd/collectd-CVE-2017-7401.patch > b/meta-oe/recipes-extended/collectd/collectd/collectd-CVE-2017-7401.patch > new file mode 100644 > index 0000000..9dc975e > --- /dev/null > +++ b/meta-oe/recipes-extended/collectd/collectd/collectd-CVE-2017-7401.patch > @@ -0,0 +1,54 @@ > + > +network plugin: Fix endless loop DOS in parse_packet() > + > +When correct 'Signature part' is received by Collectd, configured without > +AuthFile option, condition for endless loop occurs due to missing increase > +of pointer to next unprocessed part. > + > +This is a forward-port of #2233. > + > +Fixes: CVE-2017-7401 > +Closes: #2174 > + > +CVE: CVE-2017-7401 > + > +Upstream-States: Backport > + > +Signed-off-by: Florian Forster <[email protected]> > + > +diff --git a/src/network.c b/src/network.c > +--- a/src/network.c > ++++ b/src/network.c > +@@ -1050,14 +1050,6 @@ static int parse_part_sign_sha256(sockent_t *se, /* > {{{ */ > + buffer_len = *ret_buffer_len; > + buffer_offset = 0; > + > +- if (se->data.server.userdb == NULL) > +- { > +- c_complain (LOG_NOTICE, &complain_no_users, > +- "network plugin: Received signed network packet but can't verify it > " > +- "because no user DB has been configured. Will accept it."); > +- return (0); > +- } > +- > + /* Check if the buffer has enough data for this structure. */ > + if (buffer_len <= PART_SIGNATURE_SHA256_SIZE) > + return (-ENOMEM); > +@@ -1027,6 +1019,17 @@ static int parse_part_sign_sha256(sockent_t *se, /* > {{{ */ > + return (-1); > + } > + > ++ if (se->data.server.userdb == NULL) { > ++ c_complain(LOG_NOTICE, &complain_no_users, > ++ "network plugin: Received signed network packet but can't verify it > " > ++ "because no user DB has been configured. Will accept it."); > ++ > ++ *ret_buffer = buffer + pss_head_length; > ++ *ret_buffer_len -= pss_head_length; > ++ > ++ return (0); > ++ } > ++ > + /* Copy the hash. */ > + BUFFER_READ(pss.hash, sizeof(pss.hash)); > + > diff --git a/meta-oe/recipes-extended/collectd/collectd_5.5.0.bb > b/meta-oe/recipes-extended/collectd/collectd_5.5.0.bb > index 59732db..e325835 100644 > --- a/meta-oe/recipes-extended/collectd/collectd_5.5.0.bb > +++ b/meta-oe/recipes-extended/collectd/collectd_5.5.0.bb > @@ -15,6 +15,7 @@ SRC_URI = "http://collectd.org/files/collectd-${PV}.tar.bz2 > \ > > file://0001-collectd-replace-deprecated-readdir_r-with-readdir.patch \ > file://CVE-2016-6254.patch \ > file://0001-fix-to-build-with-glibc-2.25.patch \ > + file://collectd-CVE-2017-7401.patch \ > " > SRC_URI[md5sum] = "c39305ef5514b44238b0d31f77e29e6a" > SRC_URI[sha256sum] = > "847684cf5c10de1dc34145078af3fcf6e0d168ba98c14f1343b1062a4b569e88" > -- > 1.9.1 > > -- > _______________________________________________ > Openembedded-devel mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- Martin 'JaMa' Jansa jabber: [email protected]
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
