diff options
author | Ismael Luceno | 2019-08-28 19:36:08 +0200 |
---|---|---|
committer | Ismael Luceno | 2019-08-28 20:22:10 +0200 |
commit | a1dfa2bf55177690f633a1aa892211a1c8ace17f (patch) | |
tree | 6e6565b21f3b9be579740ee345f5c5a91de444b7 /net | |
parent | 80ba26cc74127eacac4cedd64afaa0c3ab5eb7e7 (diff) |
ppp: Import general patches from Void-Linux
Diffstat (limited to 'net')
-rw-r--r-- | net/ppp/HISTORY | 3 | ||||
-rw-r--r-- | net/ppp/patches/CVE-2015-3310.patch | 18 | ||||
-rw-r--r-- | net/ppp/patches/netinet_in_h_fix.patch | 37 | ||||
-rw-r--r-- | net/ppp/patches/openssl_DES.patch | 121 |
4 files changed, 179 insertions, 0 deletions
diff --git a/net/ppp/HISTORY b/net/ppp/HISTORY index 88b4fc83ff..62582182f7 100644 --- a/net/ppp/HISTORY +++ b/net/ppp/HISTORY @@ -4,6 +4,9 @@ * PRE_BUILD: Made the build system respect build flags * BUILD: Added LDFLAGS to COPTS * PRE_BUILD, mppe-header.patch: Move patch to a patches folder + * patches/CVE-2015-3310.patch, patches/netinet_in_h_fix.patch, + patches/openssl_DES.patch, patches/openssl_include.patch: + Imported general patches from Void-Linux 2017-01-13 David C. Haley <khoralin@gmail.com> * DETAILS: updated SOURCE_URL diff --git a/net/ppp/patches/CVE-2015-3310.patch b/net/ppp/patches/CVE-2015-3310.patch new file mode 100644 index 0000000000..2f5d57cf28 --- /dev/null +++ b/net/ppp/patches/CVE-2015-3310.patch @@ -0,0 +1,18 @@ +Fix buffer overflow in rc_mksid() + +rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string. +If the process id is bigger than 65535 (FFFF), its hex representation will be +longer than 4 characters, resulting in a buffer overflow. + +The bug can be exploited to cause a remote DoS. +--- a/pppd/plugins/radius/util.c ++++ b/pppd/plugins/radius/util.c +@@ -77,7 +77,7 @@ rc_mksid (void) + static unsigned short int cnt = 0; + sprintf (buf, "%08lX%04X%02hX", + (unsigned long int) time (NULL), +- (unsigned int) getpid (), ++ (unsigned int) getpid () & 0xFFFF, + cnt & 0xFF); + cnt++; + return buf; diff --git a/net/ppp/patches/netinet_in_h_fix.patch b/net/ppp/patches/netinet_in_h_fix.patch new file mode 100644 index 0000000000..000613d619 --- /dev/null +++ b/net/ppp/patches/netinet_in_h_fix.patch @@ -0,0 +1,37 @@ +From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel <lkundrak@v3.sk> +Date: Mon, 9 Jan 2017 13:34:23 +0000 +Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h + +This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be +included before <linux/in.h> otherwise the earlier, unaware of the latter, +tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work +alone anymore, since it pulls the headers in the wrong order, so we better +include <netinet/in.h> early. +--- + pppd/plugins/rp-pppoe/pppoe.h | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h +index 9ab2eee3..c4aaa6e6 100644 +--- a/pppd/plugins/rp-pppoe/pppoe.h ++++ b/pppd/plugins/rp-pppoe/pppoe.h +@@ -47,6 +47,10 @@ + #include <sys/socket.h> + #endif + ++/* This has to be included before Linux 4.8's linux/in.h ++ * gets dragged in. */ ++#include <netinet/in.h> ++ + /* Ugly header files on some Linux boxes... */ + #if defined(HAVE_LINUX_IF_H) + #include <linux/if.h> +@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t; + #include <linux/if_ether.h> + #endif + +-#include <netinet/in.h> +- + #ifdef HAVE_NETINET_IF_ETHER_H + #include <sys/types.h> diff --git a/net/ppp/patches/openssl_DES.patch b/net/ppp/patches/openssl_DES.patch new file mode 100644 index 0000000000..28fd4825d0 --- /dev/null +++ b/net/ppp/patches/openssl_DES.patch @@ -0,0 +1,121 @@ +From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com> +Date: Fri, 6 Apr 2018 14:27:18 +0200 +Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc + +It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped +libcrypt. The libxcrypt standalone package can be used instead, but +it dropped the old setkey/encrypt API which ppp uses for DES. There +is support for using openssl in pppcrypt.c, but it contains typos +preventing it from compiling and seems to be written for an ancient +openssl version. + +This updates the code to use current openssl. + +[paulus@ozlabs.org - wrote the commit description, fixed comment in + Makefile.linux.] +[ismael@sourcemage.org: Merged openssl include fix] + +Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com> +Signed-off-by: Paul Mackerras <paulus@ozlabs.org> +Signed-off-by: Ismael Luceno <ismael@sourcemage.org> +--- + pppd/Makefile.linux | 6 +++--- + pppd/pppcrypt.c | 18 +++++++++--------- + pppd/pppcrypt.h | 2 +- + 3 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index 36d2b036..8d5ce99d 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -35,10 +35,10 @@ endif + COPTS = -O2 -pipe -Wall -g + LIBS = + +-# Uncomment the next 2 lines to include support for Microsoft's ++# Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. + CHAPMS=y +-USE_CRYPT=y ++#USE_CRYPT=y + # Don't use MSLANMAN unless you really know what you're doing. + #MSLANMAN=y + # Uncomment the next line to include support for MPPE. CHAPMS (above) must +@@ -132,7 +132,7 @@ endif + + ifdef NEEDDES + ifndef USE_CRYPT +-LIBS += -ldes $(LIBS) ++LIBS += -lcrypto + else + CFLAGS += -DUSE_CRYPT=1 + endif +diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c +index 8b85b132..6b35375e 100644 +--- a/pppd/pppcrypt.c ++++ b/pppd/pppcrypt.c +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */ + des_key[7] = Get7Bits(key, 49); + + #ifndef USE_CRYPT +- des_set_odd_parity((des_cblock *)des_key); ++ DES_set_odd_parity((DES_cblock *)des_key); + #endif + } + +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ + } + + #else /* USE_CRYPT */ +-static des_key_schedule key_schedule; ++static DES_key_schedule key_schedule; + + bool + DesSetkey(key) + u_char *key; + { +- des_cblock des_key; ++ DES_cblock des_key; + MakeKey(key, des_key); +- des_set_key(&des_key, key_schedule); ++ DES_set_key(&des_key, &key_schedule); + return (1); + } + + bool +-DesEncrypt(clear, key, cipher) ++DesEncrypt(clear, cipher) + u_char *clear; /* IN 8 octets */ + u_char *cipher; /* OUT 8 octets */ + { +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, +- key_schedule, 1); ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, ++ &key_schedule, 1); + return (1); + } + +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) + u_char *cipher; /* IN 8 octets */ + u_char *clear; /* OUT 8 octets */ + { +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, +- key_schedule, 0); ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, ++ &key_schedule, 0); + return (1); + } + +diff --git a/pppd/pppcrypt.h b/pppd/pppcrypt.h +--- a/pppd/pppcrypt.h ++++ b/pppd/pppcrypt.h +@@ -38,7 +38,7 @@ + #endif + + #ifndef USE_CRYPT +-#include <des.h> ++#include <openssl/des.h> + #endif + + extern bool DesSetkey __P((u_char *)); |