yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch - stefanberger/openbmc - Gitiles

 From b9f56d578ebfd649b5d829960540859ac6ca931c Mon Sep 17 00:00:00 2001
 From: Catalin Enache <catalin.enache@windriver.com>
 Date: Tue, 12 Apr 2016 18:23:31 +0300
 Subject: [PATCH] Add patch to limit the value of an fd we accept for a
  connection.

 By limiting the highest value we accept for an fd we limit the number
 of connections.

 Upstream-Status: Backport
 CVE: CVE-2016-2774

 Author: Shawn Routhier <sar@isc.org>
 Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
 ---
  includes/site.h   | 6 ++++++
  omapip/listener.c | 9 +++++++--
  3 files changed, 18 insertions(+), 2 deletions(-)

 diff --git a/includes/site.h b/includes/site.h
 index 9c33de3..df020c8 100644
 --- a/includes/site.h
 +++ b/includes/site.h
 @@ -290,6 +290,12 @@
     this option will be removed at some time. */
  /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */

 +/* Limit the value of a file descriptor the serve will use
 +   when accepting a connecting request.  This can be used to
 +   limit the number of TCP connections that the server will
 +   allow at one time.  A value of 0 means there is no limit.*/
 +#define MAX_FD_VALUE 200
 +
  /* Include definitions for various options.  In general these
     should be left as is, but if you have already defined one
     of these and prefer your definition you can comment the
 diff --git a/omapip/listener.c b/omapip/listener.c
 index 8bdcdbd..61473cf 100644
 --- a/omapip/listener.c
 +++ b/omapip/listener.c
 @@ -3,7 +3,7 @@
     Subroutines that support the generic listener object. */

  /*
 - * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
 + * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
   * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
   * Copyright (c) 1999-2003 by Internet Software Consortium
   *
 @@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h)
  			return ISC_R_NORESOURCES;
  		return ISC_R_UNEXPECTED;
  	}
 -
 +
 +	if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
 +		close(socket);
 +		return (ISC_R_NORESOURCES);
 +	}
 +
  #if defined (TRACING)
  	/* If we're recording a trace, remember the connection. */
  	if (trace_record ()) {
 --
 2.7.4
	From b9f56d578ebfd649b5d829960540859ac6ca931c Mon Sep 17 00:00:00 2001
	From: Catalin Enache <catalin.enache@windriver.com>
	Date: Tue, 12 Apr 2016 18:23:31 +0300
	Subject: [PATCH] Add patch to limit the value of an fd we accept for a
	connection.

	By limiting the highest value we accept for an fd we limit the number
	of connections.

	Upstream-Status: Backport
	CVE: CVE-2016-2774

	Author: Shawn Routhier <sar@isc.org>
	Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
	---
	includes/site.h \| 6 ++++++
	omapip/listener.c \| 9 +++++++--
	3 files changed, 18 insertions(+), 2 deletions(-)

	diff --git a/includes/site.h b/includes/site.h
	index 9c33de3..df020c8 100644
	--- a/includes/site.h
	+++ b/includes/site.h
	@@ -290,6 +290,12 @@
	this option will be removed at some time. */
	/* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */

	+/* Limit the value of a file descriptor the serve will use
	+ when accepting a connecting request. This can be used to
	+ limit the number of TCP connections that the server will
	+ allow at one time. A value of 0 means there is no limit.*/
	+#define MAX_FD_VALUE 200
	+
	/* Include definitions for various options. In general these
	should be left as is, but if you have already defined one
	of these and prefer your definition you can comment the
	diff --git a/omapip/listener.c b/omapip/listener.c
	index 8bdcdbd..61473cf 100644
	--- a/omapip/listener.c
	+++ b/omapip/listener.c
	@@ -3,7 +3,7 @@
	Subroutines that support the generic listener object. */

	/*
	- * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
	+ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
	* Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
	* Copyright (c) 1999-2003 by Internet Software Consortium
	*
	@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h)
	return ISC_R_NORESOURCES;
	return ISC_R_UNEXPECTED;
	}
	-
	+
	+ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
	+ close(socket);
	+ return (ISC_R_NORESOURCES);
	+ }
	+
	#if defined (TRACING)
	/* If we're recording a trace, remember the connection. */
	if (trace_record ()) {
	--
	2.7.4