Re: Update to collectd-5.7.2

Sat, 10 Jun 2017 16:56:17 -0700 

On Thu, 8 Jun 2017 21:54:22 -0400, Daniel Jakots <[email protected]>
wrote:

> > Network plugin: A potential endless-loop has been fixed. This can be
> > triggered remotely by sending a signed network packet to a server
> > which is not set up to check signatures. Thanks to Marcin Kozlowski
> > and @rpv-tomsk. #2174, #2233, CVE-2017-7401  
> 
> I'm cooking a patch for -stable.


Index: Makefile
===================================================================
RCS file: /cvs/ports/sysutils/collectd/Makefile,v
retrieving revision 1.46
diff -u -p -r1.46 Makefile
--- Makefile    18 Feb 2017 17:33:51 -0000      1.46
+++ Makefile    10 Jun 2017 23:45:50 -0000
@@ -11,7 +11,7 @@ COMMENT-memcachec =   collectd memcachec p
 COMMENT-nut =          collectd nut plugin
 COMMENT-riemann =      collectd riemann plugin
 
-REVISION-main =                2
+REVISION-main =                3
 V =                    5.6.2
 DISTNAME =             collectd-$V
 PKGNAME-main =         collectd-$V
Index: patches/patch-src_network_c
===================================================================
RCS file: patches/patch-src_network_c
diff -N patches/patch-src_network_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_network_c 10 Jun 2017 23:45:50 -0000
@@ -0,0 +1,40 @@
+$OpenBSD$
+
+Backport f6be4f9b49b949b379326c3d7002476e6ce4f211, fixes CVE-2017-7401
+
+--- src/network.c.orig Wed Nov 30 03:52:01 2016
++++ src/network.c      Sat Jun 10 19:37:21 2017
+@@ -1003,14 +1003,6 @@ static int parse_part_sign_sha256(sockent_t *se, /* {{
+   buffer_len = *ret_buffer_len;
+   buffer_offset = 0;
+ 
+-  if (se->data.server.userdb == NULL) {
+-    c_complain(
+-        LOG_NOTICE, &complain_no_users,
+-        "network plugin: Received signed network packet but can't verify it "
+-        "because no user DB has been configured. Will accept it.");
+-    return (0);
+-  }
+-
+   /* Check if the buffer has enough data for this structure. */
+   if (buffer_len <= PART_SIGNATURE_SHA256_SIZE)
+     return (-ENOMEM);
+@@ -1025,6 +1017,18 @@ static int parse_part_sign_sha256(sockent_t *se, /* {{
+       (pss_head_length > buffer_len)) {
+     ERROR("network plugin: HMAC-SHA-256 with invalid length received.");
+     return (-1);
++  }
++
++  if (se->data.server.userdb == NULL) {
++    c_complain(
++        LOG_NOTICE, &complain_no_users,
++        "network plugin: Received signed network packet but can't verify it "
++        "because no user DB has been configured. Will accept it.");
++
++    *ret_buffer = buffer + pss_head_length;
++    *ret_buffer_len -= pss_head_length;
++
++    return (0);
+   }
+ 
+   /* Copy the hash. */

Reply via email to