rpms/licq/F-8 licq-1.3.5-dos.patch,NONE,1.1 licq.spec,1.21,1.22
Jiří Moskovčák (jmoskovc)
fedora-extras-commits at redhat.com
Mon May 12 12:37:23 UTC 2008
Author: jmoskovc
Update of /cvs/extras/rpms/licq/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19769
Modified Files:
licq.spec
Added Files:
licq-1.3.5-dos.patch
Log Message:
Fixed DoS vulnerability - CVE-2009-1996
licq-1.3.5-dos.patch:
--- NEW FILE licq-1.3.5-dos.patch ---
Index: /trunk/licq/include/licq_socket.h
===================================================================
--- licq-1.3.5/include/licq_socket.h (revision 4714)
+++ licq-1.3.5/include/licq_socket.h (revision 6146)
@@ -251,4 +251,5 @@
fd_set SocketSet() { return m_sSockets.SocketSet(); }
int LargestSocket() { return m_sSockets.Largest(); }
+ unsigned short Num() { return m_sSockets.Num(); }
protected:
Index: licq-1.3.5/src/socket.cpp
===================================================================
--- licq-1.3.5/src/socket.cpp (revision 5629)
+++ licq-1.3.5/src/socket.cpp (revision 6146)
@@ -818,6 +818,24 @@
socklen_t sizeofSockaddr = sizeof(struct sockaddr_in);
- newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
- newSocket.SetLocalAddress();
+ // Make sure we stay under FD_SETSIZE
+ // See:
+ // * http://www.securityfocus.com/archive/1/490711
+ // * http://securityvulns.com/docs7669.html
+ // for more details
+ // This probably has no affect, since we are using multiple threads, but keep it here
+ // to be used as a sanity check.
+ int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
+ if (newDesc < FD_SETSIZE)
+ {
+ newSocket.m_nDescriptor = newDesc;
+ newSocket.SetLocalAddress();
+ }
+ else
+ {
+ gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR);
+ close(newDesc);
+
+ // TODO throw an exception, or do something to tell the caller it failed
+ }
}
Index: licq-1.3.5/src/icqd-threads.cpp
===================================================================
--- licq-1.3.5/src/icqd-threads.cpp (revision 5450)
+++ licq-1.3.5/src/icqd-threads.cpp (revision 6146)
@@ -24,4 +24,5 @@
#include "gettext.h"
+#define MAX_CONNECTS 256
#define DEBUG_THREADS(x)
//#define DEBUG_THREADS(x) gLog.Info(x)
@@ -781,6 +782,19 @@
tcp->RecvConnection(*newSocket);
gSocketManager.DropSocket(tcp);
- gSocketManager.AddSocket(newSocket);
- gSocketManager.DropSocket(newSocket);
+
+ // Make sure we can handle another socket before accepting it
+ if (gSocketManager.Num() > MAX_CONNECTS)
+ {
+ // Too many sockets, drop this one
+ char remoteIp[32];
+ gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"),
+ L_WARNxSTR, newSocket->RemoteIpStr(remoteIp));
+ delete newSocket;
+ }
+ else
+ {
+ gSocketManager.AddSocket(newSocket);
+ gSocketManager.DropSocket(newSocket);
+ }
}
}
Index: licq-1.3.5/src/icqd-chat.cpp
===================================================================
--- licq-1.3.5/src/icqd-chat.cpp (revision 6136)
+++ licq-1.3.5/src/icqd-chat.cpp (revision 6146)
@@ -24,4 +24,5 @@
#include "gettext.h"
+#define MAX_CONNECTS 256
#define DEBUG_THREADS(x)
@@ -2384,14 +2385,22 @@
else if (nCurrentSocket == chatman->chatServer.Descriptor())
{
- CChatUser *u = new CChatUser;
- u->m_pClient = new CChatClient;
-
- chatman->chatServer.RecvConnection(u->sock);
- chatman->sockman.AddSocket(&u->sock);
- chatman->sockman.DropSocket(&u->sock);
-
- u->state = CHAT_STATE_HANDSHAKE;
- chatman->chatUsers.push_back(u);
- gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
+ if (chatman->sockman.Num() >= MAX_CONNECTS)
+ {
+ // Too many sockets, drop this one
+ gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR);
+ }
+ else
+ {
+ CChatUser *u = new CChatUser;
+ u->m_pClient = new CChatClient;
+
+ chatman->chatServer.RecvConnection(u->sock);
+ chatman->sockman.AddSocket(&u->sock);
+ chatman->sockman.DropSocket(&u->sock);
+
+ u->state = CHAT_STATE_HANDSHAKE;
+ chatman->chatUsers.push_back(u);
+ gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
+ }
}
Index: licq.spec
===================================================================
RCS file: /cvs/extras/rpms/licq/F-8/licq.spec,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- licq.spec 26 Nov 2007 14:12:21 -0000 1.21
+++ licq.spec 12 May 2008 12:36:44 -0000 1.22
@@ -1,6 +1,6 @@
Name: licq
Version: 1.3.4
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPL
Source0: http://prdownloads.sourceforge.net/licq/licq-%{version}.tar.gz
Source1: http://prdownloads.sourceforge.net/icqnd/icqnd-0.1.9.6.tar.bz2
@@ -15,6 +15,7 @@
BuildRequires: libXScrnSaver-devel
BuildRequires: gettext, automake, libtool
Patch0: licq-1.3.4-new_user_auth.patch
+Patch1: licq-1.3.5-dos.patch
%package kde
Summary: Licq plugin for KDE
@@ -71,6 +72,7 @@
%prep
%setup -q
%patch0 -p1 -b .new_user_auth
+%patch1 -p1 -b .dos
tar -C plugins -xjf %{SOURCE1}
#remove cvs stuff
@@ -224,6 +226,9 @@
%doc plugins/auto-reply/{README,licq_autoreply.conf,examples}
%changelog
+* Fri May 9 2008 Jiri Moskovcak <jmoskovc at redhat.com> 1.3.5-9
+- fixed DoS vulnerability - CVE-2009-1996
+
* Mon Nov 26 2007 Jiri Moskovcak <jmoskovc at redhat.com> 1.3.4-8
- fixed sigsegv when new user requested authorization
- Resolves: #389731
More information about the fedora-extras-commits
mailing list