packages/iptables
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!10 fix CVE-2019-11360

Browse Source 
Merge pull request !10 from Vchanger/master
This commit is contained in:
openeuler-ci-bot 2020-04-16 11:40:56 +08:00 committed by Gitee
commit 450380b2a7
2 changed files with 121 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
CVE-2019-11360.patch Normal file
View File

@ -0,0 +1,113 @@
From da800103668f256f11d88851fa9ea9faf298b760 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 22 Apr 2019 23:17:27 +0200
Subject: [PATCH] xshared: check for maximum buffer length in
add_param_to_argv()
Bail out if we go over the boundary, based on patch from Sebastian.
Reported-by: Sebastian Neef <contact@0day.work>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
iptables/xshared.c | 46 ++++++++++++++++++++++++++++------------------
1 file changed, 28 insertions(+), 18 deletions(-)
diff --git a/iptables/xshared.c b/iptables/xshared.c
index b16f5fa..b0ca8e6 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -433,10 +433,24 @@ void save_argv(void)
}
}
+struct xt_param_buf {
+ char buffer[1024];
+ int len;
+};
+
+static void add_param(struct xt_param_buf *param, const char *curchar)
+{
+ param->buffer[param->len++] = *curchar;
+ if (param->len >= sizeof(param->buffer))
+ xtables_error(PARAMETER_PROBLEM,
+ "Parameter too long!");
+}
+
void add_param_to_argv(char *parsestart, int line)
{
- int quote_open = 0, escaped = 0, param_len = 0;
- char param_buffer[1024], *curchar;
+ int quote_open = 0, escaped = 0;
+ struct xt_param_buf param = {};
+ char *curchar;
/* After fighting with strtok enough, here's now
* a 'real' parser. According to Rusty I'm now no
@@ -445,7 +459,7 @@ void add_param_to_argv(char *parsestart, int line)
for (curchar = parsestart; *curchar; curchar++) {
if (quote_open) {
if (escaped) {
- param_buffer[param_len++] = *curchar;
+ add_param(&param, curchar);
escaped = 0;
continue;
} else if (*curchar == '\\') {
@@ -455,7 +469,7 @@ void add_param_to_argv(char *parsestart, int line)
quote_open = 0;
*curchar = '"';
} else {
- param_buffer[param_len++] = *curchar;
+ add_param(&param, curchar);
continue;
}
} else {
@@ -471,36 +485,32 @@ void add_param_to_argv(char *parsestart, int line)
case ' ':
case '\t':
case '\n':
- if (!param_len) {
+ if (!param.len) {
/* two spaces? */
continue;
}
break;
default:
/* regular character, copy to buffer */
- param_buffer[param_len++] = *curchar;
-
- if (param_len >= sizeof(param_buffer))
- xtables_error(PARAMETER_PROBLEM,
- "Parameter too long!");
+ add_param(&param, curchar);
continue;
}
- param_buffer[param_len] = '\0';
+ param.buffer[param.len] = '\0';
/* check if table name specified */
- if ((param_buffer[0] == '-' &&
- param_buffer[1] != '-' &&
- strchr(param_buffer, 't')) ||
- (!strncmp(param_buffer, "--t", 3) &&
- !strncmp(param_buffer, "--table", strlen(param_buffer)))) {
+ if ((param.buffer[0] == '-' &&
+ param.buffer[1] != '-' &&
+ strchr(param.buffer, 't')) ||
+ (!strncmp(param.buffer, "--t", 3) &&
+ !strncmp(param.buffer, "--table", strlen(param.buffer)))) {
xtables_error(PARAMETER_PROBLEM,
"The -t option (seen in line %u) cannot be used in %s.\n",
line, xt_params->program_name);
}
- add_argv(param_buffer, 0);
- param_len = 0;
+ add_argv(param.buffer, 0);
+ param.len = 0;
}
}
--
1.8.3.1

9
iptables.spec
View File

@ -2,7 +2,7 @@
%global legacy_actions %{_libexecdir}/initscripts/legacy-actions %global legacy_actions %{_libexecdir}/initscripts/legacy-actions
Name: iptables Name: iptables
Version: 1.8.1 Version: 1.8.1
Release: 4 Release: 5
Summary: IP packet filter administration utilities Summary: IP packet filter administration utilities
License: GPLv2 and Artistic Licence 2.0 and ISC License: GPLv2 and Artistic Licence 2.0 and ISC
URL: https://www.netfilter.org/ URL: https://www.netfilter.org/
@ -14,6 +14,7 @@ Source4: sysconfig_iptables
Source5: sysconfig_ip6tables Source5: sysconfig_ip6tables
Patch1: iptables-apply-Use-mktemp-instead-of-tempfile.patch Patch1: iptables-apply-Use-mktemp-instead-of-tempfile.patch
Patch2: CVE-2019-11360.patch
BuildRequires: bison flex gcc kernel-headers libpcap-devel libselinux-devel systemd git BuildRequires: bison flex gcc kernel-headers libpcap-devel libselinux-devel systemd git
BuildRequires: libmnl-devel libnetfilter_conntrack-devel libnfnetlink-devel libnftnl-devel BuildRequires: libmnl-devel libnetfilter_conntrack-devel libnfnetlink-devel libnftnl-devel
@ -248,6 +249,12 @@ fi
%{_mandir}/* %{_mandir}/*
%changelog %changelog
* Thu Apr 16 2020 chenzhen <chenzhen44@huawei.com> - 1.8.1-5
- Type:cves
- ID:CVE-2019-11360
- SUG:restart
- DESC:fix CVE-2019-11360
* Sat Jan 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.1-4 * Sat Jan 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.1-4
- add executable permissions to iptables.init - add executable permissions to iptables.init