fix CVE-2019-13045
(cherry picked from commit a5b4f0d904e134dfeff61763b7cc65be3cb55e07)
This commit is contained in:
wang_yue111
openeuler-sync-bot
parent
fefc16189d
commit
c471969e48
132
CVE-2019-13045-pre.patch
Normal file
132
CVE-2019-13045-pre.patch
Normal file
@ -0,0 +1,132 @@
|
||||
From 0a77b366d33bc5e3d7251235defa68650586af4c Mon Sep 17 00:00:00 2001
|
||||
From: ailin-nemui <ailin-nemui@users.noreply.github.com>
|
||||
Date: Thu, 4 Feb 2021 15:44:21 +0800
|
||||
Subject: [PATCH] Disconnect SASL properly in case the sasl module got unloaded
|
||||
from server
|
||||
|
||||
stops from getting on the network when sasl is unavailable
|
||||
|
||||
fixes #629
|
||||
---
|
||||
src/fe-common/irc/fe-sasl.c | 22 -------------------
|
||||
src/irc/core/irc-servers-setup.c | 2 +-
|
||||
src/irc/core/sasl.c | 36 ++++++++++++++++++++++++++++++++
|
||||
3 files changed, 37 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/src/fe-common/irc/fe-sasl.c b/src/fe-common/irc/fe-sasl.c
|
||||
index fc8105f..ed11f04 100644
|
||||
--- a/src/fe-common/irc/fe-sasl.c
|
||||
+++ b/src/fe-common/irc/fe-sasl.c
|
||||
@@ -40,36 +40,14 @@ static void sig_sasl_failure(IRC_SERVER_REC *server, const char *reason)
|
||||
printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_ERROR, reason);
|
||||
}
|
||||
|
||||
-static void sig_cap_end(IRC_SERVER_REC *server)
|
||||
-{
|
||||
- /* The negotiation has now been terminated, if we didn't manage to
|
||||
- * authenticate successfully with the server just disconnect. */
|
||||
- if (!server->sasl_success &&
|
||||
- server->connrec->sasl_mechanism != SASL_MECHANISM_NONE &&
|
||||
- settings_get_bool("sasl_disconnect_on_failure")) {
|
||||
- /* We can't use server_disconnect() here because we'd end up
|
||||
- * freeing the 'server' object and be guilty of a slew of UaF. */
|
||||
- server->connection_lost = TRUE;
|
||||
- /* By setting connection_lost we make sure the communication is
|
||||
- * halted and when the control goes back to irc_parse_incoming
|
||||
- * the server object is safely destroyed. */
|
||||
- signal_stop();
|
||||
- }
|
||||
-
|
||||
-}
|
||||
-
|
||||
void fe_sasl_init(void)
|
||||
{
|
||||
- settings_add_bool("server", "sasl_disconnect_on_failure", TRUE);
|
||||
-
|
||||
signal_add("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
|
||||
signal_add("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
|
||||
- signal_add_first("server cap end", (SIGNAL_FUNC) sig_cap_end);
|
||||
}
|
||||
|
||||
void fe_sasl_deinit(void)
|
||||
{
|
||||
signal_remove("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
|
||||
signal_remove("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
|
||||
- signal_remove("server cap end", (SIGNAL_FUNC) sig_cap_end);
|
||||
}
|
||||
diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c
|
||||
index e79557a..0af9390 100644
|
||||
--- a/src/irc/core/irc-servers-setup.c
|
||||
+++ b/src/irc/core/irc-servers-setup.c
|
||||
@@ -98,9 +98,9 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
|
||||
if (ircnet->sasl_mechanism != NULL) {
|
||||
if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "plain")) {
|
||||
/* The PLAIN method needs both the username and the password */
|
||||
+ conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
|
||||
if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
|
||||
ircnet->sasl_password != NULL && *ircnet->sasl_password) {
|
||||
- conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
|
||||
conn->sasl_username = ircnet->sasl_username;
|
||||
conn->sasl_password = ircnet->sasl_password;
|
||||
} else
|
||||
diff --git a/src/irc/core/sasl.c b/src/irc/core/sasl.c
|
||||
index c5aa2ca..b7abe74 100644
|
||||
--- a/src/irc/core/sasl.c
|
||||
+++ b/src/irc/core/sasl.c
|
||||
@@ -301,9 +301,42 @@ static void sasl_disconnected(IRC_SERVER_REC *server)
|
||||
sasl_timeout_stop(server);
|
||||
}
|
||||
|
||||
+static void sig_sasl_over(IRC_SERVER_REC *server)
|
||||
+{
|
||||
+ if (!IS_IRC_SERVER(server))
|
||||
+ return;
|
||||
+
|
||||
+ /* The negotiation has now been terminated, if we didn't manage to
|
||||
+ * authenticate successfully with the server just disconnect. */
|
||||
+ if (!server->sasl_success &&
|
||||
+ server->connrec->sasl_mechanism != SASL_MECHANISM_NONE) {
|
||||
+ if (server->cap_supported == NULL ||
|
||||
+ !g_hash_table_lookup_extended(server->cap_supported, "sasl", NULL, NULL)) {
|
||||
+ signal_emit("server sasl failure", 2, server, "The server did not offer SASL");
|
||||
+ }
|
||||
+
|
||||
+ if (settings_get_bool("sasl_disconnect_on_failure")) {
|
||||
+ /* We can't use server_disconnect() here because we'd end up
|
||||
+ * freeing the 'server' object and be guilty of a slew of UaF. */
|
||||
+ server->connection_lost = TRUE;
|
||||
+ /* By setting connection_lost we make sure the communication is
|
||||
+ * halted and when the control goes back to irc_parse_incoming
|
||||
+ * the server object is safely destroyed. */
|
||||
+ signal_stop();
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+}
|
||||
+
|
||||
void sasl_init(void)
|
||||
{
|
||||
+ settings_add_bool("server", "sasl_disconnect_on_failure", TRUE);
|
||||
+
|
||||
+ signal_add_first("event 001", (SIGNAL_FUNC) sig_sasl_over);
|
||||
+ /* this event can get us connected on broken ircds, see irc-servers.c */
|
||||
+ signal_add_first("event 375", (SIGNAL_FUNC) sig_sasl_over);
|
||||
signal_add_first("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
|
||||
+ signal_add_first("server cap end", (SIGNAL_FUNC) sig_sasl_over);
|
||||
signal_add_first("event authenticate", (SIGNAL_FUNC) sasl_step);
|
||||
signal_add_first("event 903", (SIGNAL_FUNC) sasl_success);
|
||||
signal_add_first("event 902", (SIGNAL_FUNC) sasl_fail);
|
||||
@@ -316,7 +349,10 @@ void sasl_init(void)
|
||||
|
||||
void sasl_deinit(void)
|
||||
{
|
||||
+ signal_remove("event 001", (SIGNAL_FUNC) sig_sasl_over);
|
||||
+ signal_remove("event 375", (SIGNAL_FUNC) sig_sasl_over);
|
||||
signal_remove("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
|
||||
+ signal_remove("server cap end", (SIGNAL_FUNC) sig_sasl_over);
|
||||
signal_remove("event authenticate", (SIGNAL_FUNC) sasl_step);
|
||||
signal_remove("event 903", (SIGNAL_FUNC) sasl_success);
|
||||
signal_remove("event 902", (SIGNAL_FUNC) sasl_fail);
|
||||
--
|
||||
2.23.0
|
||||
|
||||
54
CVE-2019-13045.patch
Normal file
54
CVE-2019-13045.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From 5a67b983dc97caeb5df1139aabd0bc4f260a47d8 Mon Sep 17 00:00:00 2001
|
||||
From: ailin-nemui <ailin-nemui@users.noreply.github.com>
|
||||
Date: Mon, 17 Jun 2019 15:22:27 +0200
|
||||
Subject: [PATCH] copy sasl username and password values
|
||||
|
||||
---
|
||||
src/irc/core/irc-core.c | 2 ++
|
||||
src/irc/core/irc-servers-reconnect.c | 4 ++--
|
||||
src/irc/core/irc-servers-setup.c | 4 ++--
|
||||
3 files changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/irc/core/irc-core.c b/src/irc/core/irc-core.c
|
||||
index e65abe255..b5e80f2a0 100644
|
||||
--- a/src/irc/core/irc-core.c
|
||||
+++ b/src/irc/core/irc-core.c
|
||||
@@ -75,6 +75,8 @@ static void destroy_server_connect(SERVER_CONNECT_REC *conn)
|
||||
|
||||
g_free_not_null(ircconn->usermode);
|
||||
g_free_not_null(ircconn->alternate_nick);
|
||||
+ g_free_not_null(ircconn->sasl_username);
|
||||
+ g_free_not_null(ircconn->sasl_password);
|
||||
}
|
||||
|
||||
void irc_core_init(void)
|
||||
diff --git a/src/irc/core/irc-servers-reconnect.c b/src/irc/core/irc-servers-reconnect.c
|
||||
index 3d2933f4e..cfe28a1a0 100644
|
||||
--- a/src/irc/core/irc-servers-reconnect.c
|
||||
+++ b/src/irc/core/irc-servers-reconnect.c
|
||||
@@ -49,8 +49,8 @@ static void sig_server_connect_copy(SERVER_CONNECT_REC **dest,
|
||||
rec->usermode = g_strdup(src->usermode);
|
||||
rec->alternate_nick = g_strdup(src->alternate_nick);
|
||||
rec->sasl_mechanism = src->sasl_mechanism;
|
||||
- rec->sasl_username = src->sasl_username;
|
||||
- rec->sasl_password = src->sasl_password;
|
||||
+ rec->sasl_username = g_strdup(src->sasl_username);
|
||||
+ rec->sasl_password = g_strdup(src->sasl_password);
|
||||
*dest = (SERVER_CONNECT_REC *) rec;
|
||||
}
|
||||
|
||||
diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c
|
||||
index 56e52edd0..5f1290a2f 100644
|
||||
--- a/src/irc/core/irc-servers-setup.c
|
||||
+++ b/src/irc/core/irc-servers-setup.c
|
||||
@@ -101,8 +101,8 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
|
||||
conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
|
||||
if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
|
||||
ircnet->sasl_password != NULL && *ircnet->sasl_password) {
|
||||
- conn->sasl_username = ircnet->sasl_username;
|
||||
- conn->sasl_password = ircnet->sasl_password;
|
||||
+ conn->sasl_username = g_strdup(ircnet->sasl_username);
|
||||
+ conn->sasl_password = g_strdup(ircnet->sasl_password);
|
||||
} else
|
||||
g_warning("The fields sasl_username and sasl_password are either missing or empty");
|
||||
}
|
||||
@ -2,12 +2,15 @@
|
||||
|
||||
Name: irssi
|
||||
Version: 1.1.2
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: A modular char client.
|
||||
License: GPLv2+
|
||||
URL: http://irssi.org/
|
||||
Source0: https://github.com/irssi/irssi/releases/download/%{version}/irssi-%{version}.tar.xz
|
||||
Source1: irssi-config.h
|
||||
Patch0000: CVE-2019-13045-pre.patch
|
||||
Patch0001: CVE-2019-13045.patch
|
||||
|
||||
BuildRequires: ncurses-devel openssl-devel zlib-devel autoconf automake libtool
|
||||
BuildRequires: pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::Embed)
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
@ -59,5 +62,8 @@ chmod -R u+w $RPM_BUILD_ROOT%{perl_vendorarch}
|
||||
%{_includedir}/irssi/
|
||||
|
||||
%changelog
|
||||
* Thu Feb 04 2021 wangyue <wangyue92@huawei.com> - 1.1.2-3
|
||||
- fix CVE-2019-13045
|
||||
|
||||
* Wed Apr 22 2020 chengzihan <chengzihan2@huawei.com> - 1.1.2-2
|
||||
- Package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user