Hello community, here is the log from the commit of package dhcpv6 for openSUSE:Factory checked in at Wed Apr 6 11:48:05 CEST 2011.
-------- --- dhcpv6/dhcpv6.changes 2010-04-29 09:36:03.000000000 +0200 +++ /mounts/work_src_done/STABLE/dhcpv6/dhcpv6.changes 2011-04-05 20:56:16.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Mar 30 10:16:31 UTC 2011 - m...@suse.de + +- Discard domain names with suspect characters or beeing too long + (bnc#675052,CVE-2011-0997). + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- dhcpv6-1.0.22-option-check.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dhcpv6.spec ++++++ --- /var/tmp/diff_new_pack.dsyoqm/_old 2011-04-06 11:44:54.000000000 +0200 +++ /var/tmp/diff_new_pack.dsyoqm/_new 2011-04-06 11:44:54.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package dhcpv6 (Version 1.0.22) +# spec file for package dhcpv6 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Group: Productivity/Networking/System Summary: DHCP Client and Server for IPv6 Version: 1.0.22 -Release: 6 +Release: 16 Source0: %{name}-%{version}.tar.bz2 Patch1: %{name}-%{version}-destdir.patch Patch2: %{name}-%{version}-cmd.patch @@ -38,6 +38,7 @@ Patch8: dhcpv6-1.0.22-invalid-request-address-message.diff Patch9: dhcpv6-1.0.22-remove-released-leases.bnc524687.diff Patch10: dhcpv6-1.0.22-dhcp5r-pid-directory.diff +Patch11: dhcpv6-1.0.22-option-check.diff Provides: dhcp6 = 1.0.11 Obsoletes: dhcp6 < 1.0.11 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -69,6 +70,7 @@ %patch8 -p0 %patch9 -p0 %patch10 -p0 +%patch11 -p0 %build touch NEWS ++++++ dhcpv6-1.0.22-option-check.diff ++++++ --- src/common.c +++ src/common.c 2011/03/11 08:30:35 @@ -49,6 +49,8 @@ #include <arpa/nameser.h> #include <resolv.h> #include <unistd.h> +#include <stddef.h> +#include <ctype.h> #ifdef TIME_WITH_SYS_TIME # include <sys/time.h> @@ -980,6 +982,40 @@ ssize_t gethwid(buf, len, ifname, hwtype #endif } +static int check_domain_name(const char *ptr, size_t len, int dots) +{ + const char *p; + + /* not empty or complete length not over 255 characters */ + if (len == 0 || len >= 256) + return -1; + + /* consists of [[:alnum:]-]+ labels separated by [.] */ + /* a [_] is against RFC but seems to be "widely used"... */ + for (p=ptr; *p && len-- > 0; p++) { + if ( *p == '-' || *p == '_') { + /* not allowed at begin or end of a label */ + if ((p - ptr) == 0 || len == 0 || p[1] == '.') + return -1; + } else + if ( *p == '.') { + /* each label has to be 1-63 characters; + we allow [.] at the end ('foo.bar.') */ + ptrdiff_t d = p - ptr; + if( d <= 0 || d >= 64) + return -1; + ptr = p + 1; /* jump to the next label */ + if(dots > 0 && len > 0) + dots--; + } else + if ( !isalnum((unsigned char)*p)) { + /* also numbers at the begin are fine */ + return -1; + } + } + return dots ? -1 : 0; +} + void dhcp6_init_options(struct dhcp6_optinfo *optinfo) { memset(optinfo, 0, sizeof(*optinfo)); /* for safety */ @@ -1289,6 +1325,16 @@ int dhcp6_get_options(struct dhcp6opt *p goto malformed; else { val += n; + if (dhcp6_mode == DHCP6_MODE_CLIENT) { + if(check_domain_name(dname->name, + strlen(dname->name), 0)) { + dhcpv6_dprintf(LOG_ERR, "suspect characters " + "in domain name - discarded"); + free(dname); + dname = NULL; + continue; + } + } dhcpv6_dprintf(LOG_DEBUG, "expand domain name %s, size %d", dname->name, ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org