[pkgsrc/pkgsrc-2008Q1]: pkgsrc/chat/licq-core pullup ticket #2372 - requested...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/chat/licq-core pullup ticket #2372 - requested...
From: rtr <rtr%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 05:56:51 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/fc55bd3d5ad5
branches:  pkgsrc-2008Q1
changeset: 540329:fc55bd3d5ad5
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Mon May 12 10:47:37 2008 +0000

description:
pullup ticket #2372 - requested by tonnerre
licq-core: fix for DoS vulnerability

revisions pulled up:
- pkgsrc/chat/licq-core/Makefile                1.11
- pkgsrc/chat/licq-core/distinfo                1.13
- pkgsrc/chat/licq-core/patches/patch-aa        1.2
- pkgsrc/chat/licq-core/patches/patch-ab        1.3
- pkgsrc/chat/licq-core/patches/patch-ac        1.3
- pkgsrc/chat/licq-core/patches/patch-ag        1.5

   Module Name: pkgsrc
   Committed By:        tonnerre
   Date:                Sun May 11 04:12:34 UTC 2008

   Modified Files:
        pkgsrc/chat/licq-core: Makefile distinfo
        pkgsrc/chat/licq-core/patches: patch-aa
   Added Files:
        pkgsrc/chat/licq-core/patches: patch-ab patch-ac patch-ag

   Log Message:
   Fix multiple connection handling Denial of Service vulnerability in licq
   (CVE-2008-1996). Before this, the application would crash if too many
   TCP connections are opened.

diffstat:

 chat/licq-core/Makefile         |   3 +-
 chat/licq-core/distinfo         |   7 ++++-
 chat/licq-core/patches/patch-aa |  12 ++++++++-
 chat/licq-core/patches/patch-ab |  47 +++++++++++++++++++++++++++++++++++++++++
 chat/licq-core/patches/patch-ac |  36 +++++++++++++++++++++++++++++++
 chat/licq-core/patches/patch-ag |  26 ++++++++++++++++++++++
 6 files changed, 126 insertions(+), 5 deletions(-)

diffs (180 lines):

diff -r e69f47188bb9 -r fc55bd3d5ad5 chat/licq-core/Makefile
--- a/chat/licq-core/Makefile   Sun May 11 09:44:20 2008 +0000
+++ b/chat/licq-core/Makefile   Mon May 12 10:47:37 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.10 2007/12/22 22:34:22 jdolecek Exp $
+# $NetBSD: Makefile,v 1.10.4.1 2008/05/12 10:47:37 rtr Exp $
 #
 
 DISTNAME=      licq-1.3.5
 PKGNAME=       ${DISTNAME:C/-/-core-/}
+PKGREVISION=   1
 CATEGORIES=    chat
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=licq/}
 EXTRACT_SUFX=  .tar.bz2
diff -r e69f47188bb9 -r fc55bd3d5ad5 chat/licq-core/distinfo
--- a/chat/licq-core/distinfo   Sun May 11 09:44:20 2008 +0000
+++ b/chat/licq-core/distinfo   Mon May 12 10:47:37 2008 +0000
@@ -1,12 +1,15 @@
-$NetBSD: distinfo,v 1.12 2008/01/05 21:00:18 rillig Exp $
+$NetBSD: distinfo,v 1.12.2.1 2008/05/12 10:47:37 rtr Exp $
 
 SHA1 (licq-1.3.5.tar.bz2) = a1059173f36694e6e5ec9ba62ced6e9738807916
 RMD160 (licq-1.3.5.tar.bz2) = 4442f6cb3630d8300e5f128617a522bd2cb863dc
 Size (licq-1.3.5.tar.bz2) = 3260471 bytes
-SHA1 (patch-aa) = 974a65e3483b3438fb3c6c9aaf96aa67e4c60fa6
+SHA1 (patch-aa) = 643c4a7ac8abada0a60eb16f66e845fbb8e8a0e2
+SHA1 (patch-ab) = f6cefc63ebff977300b85eeee4c69694f27a1b04
+SHA1 (patch-ac) = 8bd085b41c37df19b45e772d3b7c2eef9f45490a
 SHA1 (patch-ad) = d53a300e08852c9ad09ec900b46feb2c37129d76
 SHA1 (patch-ae) = cf0ad230f4dcaca9ed1d3f92a4c5e6e131029d68
 SHA1 (patch-af) = 86a99ad96c56f0e53547025a7c5536a01fd2a8b8
+SHA1 (patch-ag) = 57f07955f7710b4ff2d7e453518eb1bdee45a4b5
 SHA1 (patch-ai) = f8cebb4e821a1b648e69135db5dd232a9459773a
 SHA1 (patch-ca) = 36475ac0642e8908a2ae6a8913efa25ba09af1c3
 SHA1 (patch-cb) = 3a4f3f35825207693dc87112899a3e6bb3ec71a0
diff -r e69f47188bb9 -r fc55bd3d5ad5 chat/licq-core/patches/patch-aa
--- a/chat/licq-core/patches/patch-aa   Sun May 11 09:44:20 2008 +0000
+++ b/chat/licq-core/patches/patch-aa   Mon May 12 10:47:37 2008 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-aa,v 1.1 2005/10/31 18:58:38 tv Exp $
+$NetBSD: patch-aa,v 1.1.20.1 2008/05/12 10:47:37 rtr Exp $
 
---- include/licq_socket.h.orig 2002-03-20 11:00:54.000000000 -0500
+--- include/licq_socket.h.orig 2006-10-18 10:59:12.000000000 +0200
 +++ include/licq_socket.h
 @@ -6,6 +6,7 @@
  #endif
@@ -10,3 +10,11 @@
  #include <sys/socket.h>
  #include <netinet/in.h>
  #include <arpa/inet.h>
+@@ -250,6 +251,7 @@ public:
+ 
+   fd_set SocketSet()   {  return m_sSockets.SocketSet(); }
+   int LargestSocket()  {  return m_sSockets.Largest(); }
++  unsigned short Num() {  return m_sSockets.Num(); }
+ 
+ protected:
+   CSocketSet m_sSockets;
diff -r e69f47188bb9 -r fc55bd3d5ad5 chat/licq-core/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/licq-core/patches/patch-ab   Mon May 12 10:47:37 2008 +0000
@@ -0,0 +1,47 @@
+$NetBSD: patch-ab,v 1.2.4.1 2008/05/12 10:47:37 rtr Exp $
+
+--- src/icqd-chat.cpp.orig     2007-09-09 14:05:24.000000000 +0200
++++ src/icqd-chat.cpp
+@@ -23,6 +23,7 @@
+ // Localization
+ #include "gettext.h"
+ 
++#define MAX_CONNECTS  256
+ #define DEBUG_THREADS(x)
+ 
+ 
+@@ -2383,16 +2384,24 @@ void *ChatManager_tep(void *arg)
+         // Connection on the server port ---------------------------------------
+         else if (nCurrentSocket == chatman->chatServer.Descriptor())
+         {
+-          CChatUser *u = new CChatUser;
+-          u->m_pClient = new CChatClient;
+-
+-          chatman->chatServer.RecvConnection(u->sock);
+-          chatman->sockman.AddSocket(&u->sock);
+-          chatman->sockman.DropSocket(&u->sock);
+-
+-          u->state = CHAT_STATE_HANDSHAKE;
+-          chatman->chatUsers.push_back(u);
+-          gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++        if (chatman->sockman.Num() >= MAX_CONNECTS)
++        {
++          // Too many sockets, drop this one
++          gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR);
++        }
++        else
++        {
++            CChatUser *u = new CChatUser;
++            u->m_pClient = new CChatClient;
++
++            chatman->chatServer.RecvConnection(u->sock);
++            chatman->sockman.AddSocket(&u->sock);
++            chatman->sockman.DropSocket(&u->sock);
++
++            u->state = CHAT_STATE_HANDSHAKE;
++            chatman->chatUsers.push_back(u);
++            gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++        }
+         }
+ 
+         // Message from connected socket----------------------------------------
diff -r e69f47188bb9 -r fc55bd3d5ad5 chat/licq-core/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/licq-core/patches/patch-ac   Mon May 12 10:47:37 2008 +0000
@@ -0,0 +1,36 @@
+$NetBSD: patch-ac,v 1.4.4.1 2008/05/12 10:47:37 rtr Exp $
+
+--- src/icqd-threads.cpp.orig  2007-09-28 22:11:35.000000000 +0200
++++ src/icqd-threads.cpp
+@@ -23,6 +23,7 @@
+ // Localization
+ #include "gettext.h"
+ 
++#define MAX_CONNECTS  256
+ #define DEBUG_THREADS(x)
+ //#define DEBUG_THREADS(x) gLog.Info(x)
+ 
+@@ -780,8 +781,21 @@ void *MonitorSockets_tep(void *p)
+               TCPSocket *newSocket = new TCPSocket(0);
+               tcp->RecvConnection(*newSocket);
+               gSocketManager.DropSocket(tcp);
+-              gSocketManager.AddSocket(newSocket);
+-              gSocketManager.DropSocket(newSocket);
++
++            // Make sure we can handle another socket before accepting it
++            if (gSocketManager.Num() > MAX_CONNECTS)
++            {
++              // Too many sockets, drop this one
++              char remoteIp[32];
++              gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"),
++                      L_WARNxSTR, newSocket->RemoteIpStr(remoteIp));
++              delete newSocket;
++            }
++            else
++            {
++                gSocketManager.AddSocket(newSocket);
++                gSocketManager.DropSocket(newSocket);
++            }
+             }
+           }
+ 
diff -r e69f47188bb9 -r fc55bd3d5ad5 chat/licq-core/patches/patch-ag
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/licq-core/patches/patch-ag   Mon May 12 10:47:37 2008 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-ag,v 1.2.4.1 2008/05/12 10:47:37 rtr Exp $
+
+--- src/socket.cpp.orig        2007-10-15 20:11:50.000000000 +0200
++++ src/socket.cpp
+@@ -817,8 +817,19 @@ void TCPSocket::RecvConnection(TCPSocket
+ {
+   socklen_t sizeofSockaddr = sizeof(struct sockaddr_in);
+ 
+-  newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
+-  newSocket.SetLocalAddress();
++  int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
++  if (newDesc < FD_SETSIZE)
++  {
++    newSocket.m_nDescriptor = newDesc;
++    newSocket.SetLocalAddress();
++  }
++  else
++  {
++    gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR);
++    close(newDesc);
++
++    // TODO throw an exception, or do something to tell the caller it failed
++  }
+ }
+ 
+ #define m_pSSL ((SSL *) m_p_SSL)
Prev by Date: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/net/bind8 Pullup ticket 2369 - requested by to...
Next by Date: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/doc ticket #2372
Previous by Thread: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/net/bind8 Pullup ticket 2369 - requested by to...
Next by Thread: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/doc ticket #2372
Indexes:
Home | Main Index | Thread Index | Old Index