packages/irssi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!3 [sync] PR-2: fix CVE-2019-13045

Browse Source 
From: @openeuler-sync-bot
Reviewed-by: @zhanghua1831,@small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-02-07 14:03:07 +08:00 committed by Gitee
commit f40b05bd05
3 changed files with 193 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
CVE-2019-13045-pre.patch Normal file
View File

@ -0,0 +1,132 @@
From 0a77b366d33bc5e3d7251235defa68650586af4c Mon Sep 17 00:00:00 2001
From: ailin-nemui <ailin-nemui@users.noreply.github.com>
Date: Thu, 4 Feb 2021 15:44:21 +0800
Subject: [PATCH] Disconnect SASL properly in case the sasl module got unloaded
from server
stops from getting on the network when sasl is unavailable
fixes #629
---
src/fe-common/irc/fe-sasl.c | 22 -------------------
src/irc/core/irc-servers-setup.c | 2 +-
src/irc/core/sasl.c | 36 ++++++++++++++++++++++++++++++++
3 files changed, 37 insertions(+), 23 deletions(-)
diff --git a/src/fe-common/irc/fe-sasl.c b/src/fe-common/irc/fe-sasl.c
index fc8105f..ed11f04 100644
--- a/src/fe-common/irc/fe-sasl.c
+++ b/src/fe-common/irc/fe-sasl.c
@@ -40,36 +40,14 @@ static void sig_sasl_failure(IRC_SERVER_REC *server, const char *reason)
printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_ERROR, reason);
}
-static void sig_cap_end(IRC_SERVER_REC *server)
-{
- /* The negotiation has now been terminated, if we didn't manage to
- * authenticate successfully with the server just disconnect. */
- if (!server->sasl_success &&
- server->connrec->sasl_mechanism != SASL_MECHANISM_NONE &&
- settings_get_bool("sasl_disconnect_on_failure")) {
- /* We can't use server_disconnect() here because we'd end up
- * freeing the 'server' object and be guilty of a slew of UaF. */
- server->connection_lost = TRUE;
- /* By setting connection_lost we make sure the communication is
- * halted and when the control goes back to irc_parse_incoming
- * the server object is safely destroyed. */
- signal_stop();
- }
-
-}
-
void fe_sasl_init(void)
{
- settings_add_bool("server", "sasl_disconnect_on_failure", TRUE);
-
signal_add("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
signal_add("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
- signal_add_first("server cap end", (SIGNAL_FUNC) sig_cap_end);
}
void fe_sasl_deinit(void)
{
signal_remove("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
signal_remove("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
- signal_remove("server cap end", (SIGNAL_FUNC) sig_cap_end);
}
diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c
index e79557a..0af9390 100644
--- a/src/irc/core/irc-servers-setup.c
+++ b/src/irc/core/irc-servers-setup.c
@@ -98,9 +98,9 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
if (ircnet->sasl_mechanism != NULL) {
if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "plain")) {
/* The PLAIN method needs both the username and the password */
+ conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
ircnet->sasl_password != NULL && *ircnet->sasl_password) {
- conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
conn->sasl_username = ircnet->sasl_username;
conn->sasl_password = ircnet->sasl_password;
} else
diff --git a/src/irc/core/sasl.c b/src/irc/core/sasl.c
index c5aa2ca..b7abe74 100644
--- a/src/irc/core/sasl.c
+++ b/src/irc/core/sasl.c
@@ -301,9 +301,42 @@ static void sasl_disconnected(IRC_SERVER_REC *server)
sasl_timeout_stop(server);
}
+static void sig_sasl_over(IRC_SERVER_REC *server)
+{
+ if (!IS_IRC_SERVER(server))
+ return;
+
+ /* The negotiation has now been terminated, if we didn't manage to
+ * authenticate successfully with the server just disconnect. */
+ if (!server->sasl_success &&
+ server->connrec->sasl_mechanism != SASL_MECHANISM_NONE) {
+ if (server->cap_supported == NULL ||
+ !g_hash_table_lookup_extended(server->cap_supported, "sasl", NULL, NULL)) {
+ signal_emit("server sasl failure", 2, server, "The server did not offer SASL");
+ }
+
+ if (settings_get_bool("sasl_disconnect_on_failure")) {
+ /* We can't use server_disconnect() here because we'd end up
+ * freeing the 'server' object and be guilty of a slew of UaF. */
+ server->connection_lost = TRUE;
+ /* By setting connection_lost we make sure the communication is
+ * halted and when the control goes back to irc_parse_incoming
+ * the server object is safely destroyed. */
+ signal_stop();
+ }
+ }
+
+}
+
void sasl_init(void)
{
+ settings_add_bool("server", "sasl_disconnect_on_failure", TRUE);
+
+ signal_add_first("event 001", (SIGNAL_FUNC) sig_sasl_over);
+ /* this event can get us connected on broken ircds, see irc-servers.c */
+ signal_add_first("event 375", (SIGNAL_FUNC) sig_sasl_over);
signal_add_first("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
+ signal_add_first("server cap end", (SIGNAL_FUNC) sig_sasl_over);
signal_add_first("event authenticate", (SIGNAL_FUNC) sasl_step);
signal_add_first("event 903", (SIGNAL_FUNC) sasl_success);
signal_add_first("event 902", (SIGNAL_FUNC) sasl_fail);
@@ -316,7 +349,10 @@ void sasl_init(void)
void sasl_deinit(void)
{
+ signal_remove("event 001", (SIGNAL_FUNC) sig_sasl_over);
+ signal_remove("event 375", (SIGNAL_FUNC) sig_sasl_over);
signal_remove("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
+ signal_remove("server cap end", (SIGNAL_FUNC) sig_sasl_over);
signal_remove("event authenticate", (SIGNAL_FUNC) sasl_step);
signal_remove("event 903", (SIGNAL_FUNC) sasl_success);
signal_remove("event 902", (SIGNAL_FUNC) sasl_fail);
--
2.23.0

54
CVE-2019-13045.patch Normal file
View File

@ -0,0 +1,54 @@
From 5a67b983dc97caeb5df1139aabd0bc4f260a47d8 Mon Sep 17 00:00:00 2001
From: ailin-nemui <ailin-nemui@users.noreply.github.com>
Date: Mon, 17 Jun 2019 15:22:27 +0200
Subject: [PATCH] copy sasl username and password values
---
src/irc/core/irc-core.c | 2 ++
src/irc/core/irc-servers-reconnect.c | 4 ++--
src/irc/core/irc-servers-setup.c | 4 ++--
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/irc/core/irc-core.c b/src/irc/core/irc-core.c
index e65abe255..b5e80f2a0 100644
--- a/src/irc/core/irc-core.c
+++ b/src/irc/core/irc-core.c
@@ -75,6 +75,8 @@ static void destroy_server_connect(SERVER_CONNECT_REC *conn)
g_free_not_null(ircconn->usermode);
g_free_not_null(ircconn->alternate_nick);
+ g_free_not_null(ircconn->sasl_username);
+ g_free_not_null(ircconn->sasl_password);
}
void irc_core_init(void)
diff --git a/src/irc/core/irc-servers-reconnect.c b/src/irc/core/irc-servers-reconnect.c
index 3d2933f4e..cfe28a1a0 100644
--- a/src/irc/core/irc-servers-reconnect.c
+++ b/src/irc/core/irc-servers-reconnect.c
@@ -49,8 +49,8 @@ static void sig_server_connect_copy(SERVER_CONNECT_REC **dest,
rec->usermode = g_strdup(src->usermode);
rec->alternate_nick = g_strdup(src->alternate_nick);
rec->sasl_mechanism = src->sasl_mechanism;
- rec->sasl_username = src->sasl_username;
- rec->sasl_password = src->sasl_password;
+ rec->sasl_username = g_strdup(src->sasl_username);
+ rec->sasl_password = g_strdup(src->sasl_password);
*dest = (SERVER_CONNECT_REC *) rec;
}
diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c
index 56e52edd0..5f1290a2f 100644
--- a/src/irc/core/irc-servers-setup.c
+++ b/src/irc/core/irc-servers-setup.c
@@ -101,8 +101,8 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
ircnet->sasl_password != NULL && *ircnet->sasl_password) {
- conn->sasl_username = ircnet->sasl_username;
- conn->sasl_password = ircnet->sasl_password;
+ conn->sasl_username = g_strdup(ircnet->sasl_username);
+ conn->sasl_password = g_strdup(ircnet->sasl_password);
} else
g_warning("The fields sasl_username and sasl_password are either missing or empty");
}

8
irssi.spec
View File

@ -2,12 +2,15 @@
Name: irssi Name: irssi
Version: 1.1.2 Version: 1.1.2
Release: 2 Release: 3
Summary: A modular char client. Summary: A modular char client.
License: GPLv2+ License: GPLv2+
URL: http://irssi.org/ URL: http://irssi.org/
Source0: https://github.com/irssi/irssi/releases/download/%{version}/irssi-%{version}.tar.xz Source0: https://github.com/irssi/irssi/releases/download/%{version}/irssi-%{version}.tar.xz
Source1: irssi-config.h Source1: irssi-config.h
Patch0000: CVE-2019-13045-pre.patch
Patch0001: CVE-2019-13045.patch
BuildRequires: ncurses-devel openssl-devel zlib-devel autoconf automake libtool BuildRequires: ncurses-devel openssl-devel zlib-devel autoconf automake libtool
BuildRequires: pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::Embed) BuildRequires: pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::Embed)
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@ -59,5 +62,8 @@ chmod -R u+w $RPM_BUILD_ROOT%{perl_vendorarch}
%{_includedir}/irssi/ %{_includedir}/irssi/
%changelog %changelog
* Thu Feb 04 2021 wangyue <wangyue92@huawei.com> - 1.1.2-3
- fix CVE-2019-13045
* Wed Apr 22 2020 chengzihan <chengzihan2@huawei.com> - 1.1.2-2 * Wed Apr 22 2020 chengzihan <chengzihan2@huawei.com> - 1.1.2-2
- Package init - Package init