pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/chat/licq-core Fix multiple connection handling Denial...
details: https://anonhg.NetBSD.org/pkgsrc/rev/4776cef02126
branches: trunk
changeset: 542280:4776cef02126
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Sun May 11 04:12:34 2008 +0000
description:
Fix multiple connection handling Denial of Service vulnerability in licq
(CVE-2008-1996). Before this, the application would crash if too many TCP
connections are opened.
diffstat:
chat/licq-core/Makefile | 3 +-
chat/licq-core/distinfo | 7 ++++-
chat/licq-core/patches/patch-aa | 12 ++++++++-
chat/licq-core/patches/patch-ab | 47 +++++++++++++++++++++++++++++++++++++++++
chat/licq-core/patches/patch-ac | 36 +++++++++++++++++++++++++++++++
chat/licq-core/patches/patch-ag | 26 ++++++++++++++++++++++
6 files changed, 126 insertions(+), 5 deletions(-)
diffs (180 lines):
diff -r bb6f697a28dc -r 4776cef02126 chat/licq-core/Makefile
--- a/chat/licq-core/Makefile Sun May 11 03:47:15 2008 +0000
+++ b/chat/licq-core/Makefile Sun May 11 04:12:34 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.10 2007/12/22 22:34:22 jdolecek Exp $
+# $NetBSD: Makefile,v 1.11 2008/05/11 04:12:34 tonnerre Exp $
#
DISTNAME= licq-1.3.5
PKGNAME= ${DISTNAME:C/-/-core-/}
+PKGREVISION= 1
CATEGORIES= chat
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=licq/}
EXTRACT_SUFX= .tar.bz2
diff -r bb6f697a28dc -r 4776cef02126 chat/licq-core/distinfo
--- a/chat/licq-core/distinfo Sun May 11 03:47:15 2008 +0000
+++ b/chat/licq-core/distinfo Sun May 11 04:12:34 2008 +0000
@@ -1,12 +1,15 @@
-$NetBSD: distinfo,v 1.12 2008/01/05 21:00:18 rillig Exp $
+$NetBSD: distinfo,v 1.13 2008/05/11 04:12:34 tonnerre Exp $
SHA1 (licq-1.3.5.tar.bz2) = a1059173f36694e6e5ec9ba62ced6e9738807916
RMD160 (licq-1.3.5.tar.bz2) = 4442f6cb3630d8300e5f128617a522bd2cb863dc
Size (licq-1.3.5.tar.bz2) = 3260471 bytes
-SHA1 (patch-aa) = 974a65e3483b3438fb3c6c9aaf96aa67e4c60fa6
+SHA1 (patch-aa) = 643c4a7ac8abada0a60eb16f66e845fbb8e8a0e2
+SHA1 (patch-ab) = f6cefc63ebff977300b85eeee4c69694f27a1b04
+SHA1 (patch-ac) = 8bd085b41c37df19b45e772d3b7c2eef9f45490a
SHA1 (patch-ad) = d53a300e08852c9ad09ec900b46feb2c37129d76
SHA1 (patch-ae) = cf0ad230f4dcaca9ed1d3f92a4c5e6e131029d68
SHA1 (patch-af) = 86a99ad96c56f0e53547025a7c5536a01fd2a8b8
+SHA1 (patch-ag) = 57f07955f7710b4ff2d7e453518eb1bdee45a4b5
SHA1 (patch-ai) = f8cebb4e821a1b648e69135db5dd232a9459773a
SHA1 (patch-ca) = 36475ac0642e8908a2ae6a8913efa25ba09af1c3
SHA1 (patch-cb) = 3a4f3f35825207693dc87112899a3e6bb3ec71a0
diff -r bb6f697a28dc -r 4776cef02126 chat/licq-core/patches/patch-aa
--- a/chat/licq-core/patches/patch-aa Sun May 11 03:47:15 2008 +0000
+++ b/chat/licq-core/patches/patch-aa Sun May 11 04:12:34 2008 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-aa,v 1.1 2005/10/31 18:58:38 tv Exp $
+$NetBSD: patch-aa,v 1.2 2008/05/11 04:12:34 tonnerre Exp $
---- include/licq_socket.h.orig 2002-03-20 11:00:54.000000000 -0500
+--- include/licq_socket.h.orig 2006-10-18 10:59:12.000000000 +0200
+++ include/licq_socket.h
@@ -6,6 +6,7 @@
#endif
@@ -10,3 +10,11 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+@@ -250,6 +251,7 @@ public:
+
+ fd_set SocketSet() { return m_sSockets.SocketSet(); }
+ int LargestSocket() { return m_sSockets.Largest(); }
++ unsigned short Num() { return m_sSockets.Num(); }
+
+ protected:
+ CSocketSet m_sSockets;
diff -r bb6f697a28dc -r 4776cef02126 chat/licq-core/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/licq-core/patches/patch-ab Sun May 11 04:12:34 2008 +0000
@@ -0,0 +1,47 @@
+$NetBSD: patch-ab,v 1.3 2008/05/11 04:12:34 tonnerre Exp $
+
+--- src/icqd-chat.cpp.orig 2007-09-09 14:05:24.000000000 +0200
++++ src/icqd-chat.cpp
+@@ -23,6 +23,7 @@
+ // Localization
+ #include "gettext.h"
+
++#define MAX_CONNECTS 256
+ #define DEBUG_THREADS(x)
+
+
+@@ -2383,16 +2384,24 @@ void *ChatManager_tep(void *arg)
+ // Connection on the server port ---------------------------------------
+ else if (nCurrentSocket == chatman->chatServer.Descriptor())
+ {
+- CChatUser *u = new CChatUser;
+- u->m_pClient = new CChatClient;
+-
+- chatman->chatServer.RecvConnection(u->sock);
+- chatman->sockman.AddSocket(&u->sock);
+- chatman->sockman.DropSocket(&u->sock);
+-
+- u->state = CHAT_STATE_HANDSHAKE;
+- chatman->chatUsers.push_back(u);
+- gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++ if (chatman->sockman.Num() >= MAX_CONNECTS)
++ {
++ // Too many sockets, drop this one
++ gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR);
++ }
++ else
++ {
++ CChatUser *u = new CChatUser;
++ u->m_pClient = new CChatClient;
++
++ chatman->chatServer.RecvConnection(u->sock);
++ chatman->sockman.AddSocket(&u->sock);
++ chatman->sockman.DropSocket(&u->sock);
++
++ u->state = CHAT_STATE_HANDSHAKE;
++ chatman->chatUsers.push_back(u);
++ gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++ }
+ }
+
+ // Message from connected socket----------------------------------------
diff -r bb6f697a28dc -r 4776cef02126 chat/licq-core/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/licq-core/patches/patch-ac Sun May 11 04:12:34 2008 +0000
@@ -0,0 +1,36 @@
+$NetBSD: patch-ac,v 1.5 2008/05/11 04:12:34 tonnerre Exp $
+
+--- src/icqd-threads.cpp.orig 2007-09-28 22:11:35.000000000 +0200
++++ src/icqd-threads.cpp
+@@ -23,6 +23,7 @@
+ // Localization
+ #include "gettext.h"
+
++#define MAX_CONNECTS 256
+ #define DEBUG_THREADS(x)
+ //#define DEBUG_THREADS(x) gLog.Info(x)
+
+@@ -780,8 +781,21 @@ void *MonitorSockets_tep(void *p)
+ TCPSocket *newSocket = new TCPSocket(0);
+ tcp->RecvConnection(*newSocket);
+ gSocketManager.DropSocket(tcp);
+- gSocketManager.AddSocket(newSocket);
+- gSocketManager.DropSocket(newSocket);
++
++ // Make sure we can handle another socket before accepting it
++ if (gSocketManager.Num() > MAX_CONNECTS)
++ {
++ // Too many sockets, drop this one
++ char remoteIp[32];
++ gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"),
++ L_WARNxSTR, newSocket->RemoteIpStr(remoteIp));
++ delete newSocket;
++ }
++ else
++ {
++ gSocketManager.AddSocket(newSocket);
++ gSocketManager.DropSocket(newSocket);
++ }
+ }
+ }
+
diff -r bb6f697a28dc -r 4776cef02126 chat/licq-core/patches/patch-ag
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/licq-core/patches/patch-ag Sun May 11 04:12:34 2008 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-ag,v 1.3 2008/05/11 04:12:34 tonnerre Exp $
+
+--- src/socket.cpp.orig 2007-10-15 20:11:50.000000000 +0200
++++ src/socket.cpp
+@@ -817,8 +817,19 @@ void TCPSocket::RecvConnection(TCPSocket
+ {
+ socklen_t sizeofSockaddr = sizeof(struct sockaddr_in);
+
+- newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
+- newSocket.SetLocalAddress();
++ int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
++ if (newDesc < FD_SETSIZE)
++ {
++ newSocket.m_nDescriptor = newDesc;
++ newSocket.SetLocalAddress();
++ }
++ else
++ {
++ gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR);
++ close(newDesc);
++
++ // TODO throw an exception, or do something to tell the caller it failed
++ }
+ }
+
+ #define m_pSSL ((SSL *) m_p_SSL)
Home |
Main Index |
Thread Index |
Old Index