upstream/oracle/userland-gate: components/isc-dhcp/patches/003-ISC-Bugs

6168 b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	1	This patch is ISC's mitigation code for CVE-2016-2774 - see ISC-Bugs
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	2	#41845. It was ported from ISC DHCP 4.3.4.
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	3
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	4	--- old/RELNOTES Wed Mar 30 18:40:08 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	5	+++ new/RELNOTES Wed Mar 30 18:40:07 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	6	@@ -1,6 +1,6 @@
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	7	Internet Systems Consortium DHCP Distribution
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	8	- Version 4.1-ESV-R7-P1
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	9	- 01 January 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	10	+ Version 4.1-ESV-R7-S2
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	11	+ 29 March 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	12
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	13	Release Notes
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	14
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	15	@@ -54,10 +54,18 @@
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	16
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	17	Changes since 4.1-ESV-R7-P1
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	18
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	19	+! Add an option in site.h to limit the number of failover and control
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	20	+ connections the server will accept. By default this is 200.
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	21	+ [ISC-Bugs #41845]
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	22	+ CVE: CVE-2016-2774
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	23	+
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	24	+ Changes since 4.1-ESV-R7
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	25	+
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	26	! Update the bounds checking when receiving a packet.
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	27	Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	28	patch.
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	29	[ISC-Bugs #41267]
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	30	+ CVE: CVE-2015-8605
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	31
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	32	Changes since 4.1-ESV-R6
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	33
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	34	--- old/configure Wed Mar 30 18:40:08 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	35	+++ new/configure Wed Mar 30 18:40:08 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	36	@@ -574,8 +574,8 @@
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	37	# Identity of this package.
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	38	PACKAGE_NAME='DHCP'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	39	PACKAGE_TARNAME='dhcp'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	40	-PACKAGE_VERSION='4.1-ESV-R7-P1'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	41	-PACKAGE_STRING='DHCP 4.1-ESV-R7-P1'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	42	+PACKAGE_VERSION='4.1-ESV-R7'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	43	+PACKAGE_STRING='DHCP 4.1-ESV-R7'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	44	PACKAGE_BUGREPORT='[email protected]'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	45
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	46	# Factoring default headers for most tests.
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	47	@@ -2125,7 +2125,7 @@
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	48
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	49	# Define the identity of the package.
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	50	PACKAGE='dhcp'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	51	- VERSION='4.1-ESV-R7-P1'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	52	+ VERSION='4.1-ESV-R7'
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	53
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	54
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	55	cat >>confdefs.h <<_ACEOF
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	56	--- old/configure.ac Wed Mar 30 18:40:08 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	57	+++ new/configure.ac Wed Mar 30 18:40:08 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	58	@@ -1,4 +1,4 @@
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	59	-AC_INIT([DHCP], [4.1-ESV-R7-P1], [[email protected]])
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	60	+AC_INIT([DHCP], [4.1-ESV-R7], [[email protected]])
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	61
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	62	# we specify "foreign" to avoid having to have the GNU mandated files,
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	63	# like AUTHORS, COPYING, and such
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	64	--- old/includes/site.h Wed Mar 30 18:40:10 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	65	+++ new/includes/site.h Wed Mar 30 18:40:09 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	66	@@ -217,3 +217,9 @@
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	67	require the original functionality. */
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	68
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	69	/* #define RFC3315_PRE_ERRATA_2010_08 */
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	70	+
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	71	+/* Limit the value of a file descriptor the server will use
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	72	+ when accepting a connecting request. This can be used to
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	73	+ limit the number of TCP connections that the server will
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	74	+ allow at one time. A value of 0 means there is no limit.*/
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	75	+#define MAX_FD_VALUE 200
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	76	--- old/omapip/listener.c Wed Mar 30 18:40:10 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	77	+++ new/omapip/listener.c Wed Mar 30 18:40:09 2016
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	78	@@ -3,7 +3,7 @@
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	79	Subroutines that support the generic listener object. */
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	80
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	81	/*
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	82	- * Copyright (c) 2012 by Internet Systems Consortium, Inc. ("ISC")
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	83	+ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	84	* Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	85	* Copyright (c) 1999-2003 by Internet Software Consortium
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	86	*
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	87	@@ -232,7 +232,12 @@
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	88	return ISC_R_NORESOURCES;
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	89	return ISC_R_UNEXPECTED;
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	90	}
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	91	-
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	92	+
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	93	+ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	94	+ close(socket);
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	95	+ return (ISC_R_NORESOURCES);
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	96	+ }
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	97	+
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	98	#if defined (TRACING)
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	99	/* If we're recording a trace, remember the connection. */
b3cd649419fe 22879627 problem in SERVICE/DHCP-SERVER Ben Chang <Benjamin.Chang@Oracle.COM> parents: diff changeset	100	if (trace_record ()) {

author	Brian Utterback <brian.utterback@oracle.com>
	Fri, 03 Mar 2017 10:53:19 -0800
branch	s11u3-sru
changeset 7929	27eab5dcdc0b
parent 6168	b3cd649419fe
permissions	-rw-r--r--