commit 285d8b286300b58af3e42b459f9aada4df02e3bb Author: Jacek Konieczny <jaj...@jajcus.net> Date: Sat Oct 1 11:37:13 2016 +0200
Patch for local DOS vulnerability https://github.com/systemd/systemd/issues/4234 Reproducible in PLD with: while : ; do NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" ; done Patch based on upstream commits: https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020 https://github.com/systemd/systemd/commit/9987750e7a4c62e0eb8473603150596ba7c3a015 https://github.com/systemd/systemd/commit/8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4 https://github.com/systemd/systemd/commit/a86b76753d7868c2d05f046f601bc7dc89fc2203 Release: 14 empty_notify_dos.patch | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++ systemd.spec | 4 ++- 2 files changed, 98 insertions(+), 1 deletion(-) --- diff --git a/systemd.spec b/systemd.spec index 89f7b87..a106634 100644 --- a/systemd.spec +++ b/systemd.spec @@ -28,7 +28,7 @@ Summary(pl.UTF-8): systemd - zarządca systemu i usług dla Linuksa Name: systemd # Verify ChangeLog and NEWS when updating (since there are incompatible/breaking changes very often) Version: 221 -Release: 13 +Release: 14 Epoch: 1 License: GPL v2+ (udev), LGPL v2.1+ (the rest) Group: Base @@ -78,6 +78,7 @@ Patch11: optional-tmp-on-tmpfs.patch Patch12: uids_gids.patch Patch13: sysctl.patch Patch14: journal-gatewayd-fdopen.patch +Patch15: empty_notify_dos.patch URL: http://www.freedesktop.org/wiki/Software/systemd BuildRequires: acl-devel %{?with_audit:BuildRequires: audit-libs-devel} @@ -674,6 +675,7 @@ Uzupełnianie parametrów w zsh dla poleceń udev. %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 cp -p %{SOURCE2} src/systemd_booted.c %build diff --git a/empty_notify_dos.patch b/empty_notify_dos.patch new file mode 100644 index 0000000..afbbbc0 --- /dev/null +++ b/empty_notify_dos.patch @@ -0,0 +1,95 @@ +diff -dur -x '*~' systemd-221.orig/src/core/manager.c systemd-221/src/core/manager.c +--- systemd-221.orig/src/core/manager.c 2015-06-17 20:28:29.557344895 +0200 ++++ systemd-221/src/core/manager.c 2016-10-01 11:33:10.138847360 +0200 +@@ -1478,13 +1478,12 @@ + return n; + } + +-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, char *buf, size_t n, FDSet *fds) { ++static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, char *buf, FDSet *fds) { + _cleanup_strv_free_ char **tags = NULL; + + assert(m); + assert(u); + assert(buf); +- assert(n > 0); + + tags = strv_split(buf, "\n\r"); + if (!tags) { +@@ -1494,8 +1493,14 @@ + + if (UNIT_VTABLE(u)->notify_message) + UNIT_VTABLE(u)->notify_message(u, pid, tags, fds); +- else +- log_unit_debug(u, "Got notification message for unit. Ignoring."); ++ else if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) { ++ _cleanup_free_ char *x = NULL, *y = NULL; ++ ++ x = cescape(buf); ++ if (x) ++ y = ellipsize(x, 20, 90); ++ log_unit_debug(u, "Got notification message \"%s\", ignoring.", strnull(y)); ++ } + } + + static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) { +@@ -1538,10 +1543,13 @@ + + n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); + if (n < 0) { +- if (errno == EAGAIN || errno == EINTR) +- break; +- +- return -errno; ++ if (!IN_SET(errno, EAGAIN, EINTR)) ++ log_error("Failed to receive notification message: %m"); ++ /* It's not an option to return an error here since it ++ * would disable the notification handler entirely. Services ++ * wouldn't be able to send the WATCHDOG message for ++ * example... */ ++ return 0; + } + + CMSG_FOREACH(cmsg, &msghdr) { +@@ -1564,7 +1572,8 @@ + r = fdset_new_array(&fds, fd_array, n_fds); + if (r < 0) { + close_many(fd_array, n_fds); +- return log_oom(); ++ log_oom(); ++ return 0; + } + } + +@@ -1578,25 +1587,27 @@ + continue; + } + ++ /* The message should be a string. Here we make sure it's NUL-terminated, ++ * but only the part until first NUL will be used anyway. */ + buf[n] = 0; + + /* Notify every unit that might be interested, but try + * to avoid notifying the same one multiple times. */ + u1 = manager_get_unit_by_pid(m, ucred->pid); + if (u1) { +- manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds); ++ manager_invoke_notify_message(m, u1, ucred->pid, buf, fds); + found = true; + } + + u2 = hashmap_get(m->watch_pids1, LONG_TO_PTR(ucred->pid)); + if (u2 && u2 != u1) { +- manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds); ++ manager_invoke_notify_message(m, u2, ucred->pid, buf, fds); + found = true; + } + + u3 = hashmap_get(m->watch_pids2, LONG_TO_PTR(ucred->pid)); + if (u3 && u3 != u2 && u3 != u1) { +- manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds); ++ manager_invoke_notify_message(m, u3, ucred->pid, buf, fds); + found = true; + } + +Only in systemd-221/src/core: manager.c.orig ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/systemd.git/commitdiff/285d8b286300b58af3e42b459f9aada4df02e3bb _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit