Hello community,
here is the log from the commit of package dhcpv6 for openSUSE:Factory
checked in at Wed Apr 6 11:48:05 CEST 2011.
--------
--- dhcpv6/dhcpv6.changes 2010-04-29 09:36:03.000000000 +0200
+++ /mounts/work_src_done/STABLE/dhcpv6/dhcpv6.changes 2011-04-05
20:56:16.000000000 +0200
@@ -1,0 +2,6 @@
+Wed Mar 30 10:16:31 UTC 2011 - m...@suse.de
+
+- Discard domain names with suspect characters or beeing too long
+ (bnc#675052,CVE-2011-0997).
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
dhcpv6-1.0.22-option-check.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dhcpv6.spec ++++++
--- /var/tmp/diff_new_pack.dsyoqm/_old 2011-04-06 11:44:54.000000000 +0200
+++ /var/tmp/diff_new_pack.dsyoqm/_new 2011-04-06 11:44:54.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package dhcpv6 (Version 1.0.22)
+# spec file for package dhcpv6
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
Group: Productivity/Networking/System
Summary: DHCP Client and Server for IPv6
Version: 1.0.22
-Release: 6
+Release: 16
Source0: %{name}-%{version}.tar.bz2
Patch1: %{name}-%{version}-destdir.patch
Patch2: %{name}-%{version}-cmd.patch
@@ -38,6 +38,7 @@
Patch8: dhcpv6-1.0.22-invalid-request-address-message.diff
Patch9: dhcpv6-1.0.22-remove-released-leases.bnc524687.diff
Patch10: dhcpv6-1.0.22-dhcp5r-pid-directory.diff
+Patch11: dhcpv6-1.0.22-option-check.diff
Provides: dhcp6 = 1.0.11
Obsoletes: dhcp6 < 1.0.11
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -69,6 +70,7 @@
%patch8 -p0
%patch9 -p0
%patch10 -p0
+%patch11 -p0
%build
touch NEWS
++++++ dhcpv6-1.0.22-option-check.diff ++++++
--- src/common.c
+++ src/common.c 2011/03/11 08:30:35
@@ -49,6 +49,8 @@
#include <arpa/nameser.h>
#include <resolv.h>
#include <unistd.h>
+#include <stddef.h>
+#include <ctype.h>
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
@@ -980,6 +982,40 @@ ssize_t gethwid(buf, len, ifname, hwtype
#endif
}
+static int check_domain_name(const char *ptr, size_t len, int dots)
+{
+ const char *p;
+
+ /* not empty or complete length not over 255 characters */
+ if (len == 0 || len >= 256)
+ return -1;
+
+ /* consists of [[:alnum:]-]+ labels separated by [.] */
+ /* a [_] is against RFC but seems to be "widely used"... */
+ for (p=ptr; *p && len-- > 0; p++) {
+ if ( *p == '-' || *p == '_') {
+ /* not allowed at begin or end of a label */
+ if ((p - ptr) == 0 || len == 0 || p[1] == '.')
+ return -1;
+ } else
+ if ( *p == '.') {
+ /* each label has to be 1-63 characters;
+ we allow [.] at the end ('foo.bar.') */
+ ptrdiff_t d = p - ptr;
+ if( d <= 0 || d >= 64)
+ return -1;
+ ptr = p + 1; /* jump to the next label */
+ if(dots > 0 && len > 0)
+ dots--;
+ } else
+ if ( !isalnum((unsigned char)*p)) {
+ /* also numbers at the begin are fine */
+ return -1;
+ }
+ }
+ return dots ? -1 : 0;
+}
+
void dhcp6_init_options(struct dhcp6_optinfo *optinfo) {
memset(optinfo, 0, sizeof(*optinfo));
/* for safety */
@@ -1289,6 +1325,16 @@ int dhcp6_get_options(struct dhcp6opt *p
goto malformed;
else {
val += n;
+ if (dhcp6_mode == DHCP6_MODE_CLIENT) {
+ if(check_domain_name(dname->name,
+ strlen(dname->name), 0)) {
+ dhcpv6_dprintf(LOG_ERR, "suspect characters "
+ "in domain name - discarded");
+ free(dname);
+ dname = NULL;
+ continue;
+ }
+ }
dhcpv6_dprintf(LOG_DEBUG,
"expand domain name %s, size %d",
dname->name,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
