packages/unbound
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-28935

Browse Source
This commit is contained in:
sherlock2010 2021-02-23 15:44:50 +08:00
parent b8e6277f88
commit 9a176865b5
2 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
CVE-2020-28935.patch Normal file
View File

@ -0,0 +1,54 @@
From ad387832979b6ce4c93f64fe706301cd7d034e87 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Mon, 23 Nov 2020 13:42:11 +0100
Subject: [PATCH] - Fix for #303 CVE-2020-28935 : Fix that symlink does not
interfere with chown of pidfile.
---
daemon/unbound.c | 26 ++++++++++++++++++++------
doc/Changelog | 2 ++
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/daemon/unbound.c b/daemon/unbound.c
index cd0fd69f2..45537d5c9 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -341,18 +341,32 @@ readpid (const char* file)
static void
writepid (const char* pidfile, pid_t pid)
{
- FILE* f;
+ int fd;
+ char pidbuf[32];
+ size_t count = 0;
+ snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)pid);
- if ((f = fopen(pidfile, "w")) == NULL ) {
+ if((fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC
+#ifdef O_NOFOLLOW
+ | O_NOFOLLOW
+#endif
+ , 0644)) == -1) {
log_err("cannot open pidfile %s: %s",
pidfile, strerror(errno));
return;
}
- if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) {
- log_err("cannot write to pidfile %s: %s",
- pidfile, strerror(errno));
+ while(count < strlen(pidbuf)) {
+ ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count);
+ if(r == -1) {
+ if(errno == EAGAIN || errno == EINTR)
+ continue;
+ log_err("cannot write to pidfile %s: %s",
+ pidfile, strerror(errno));
+ break;
+ }
+ count += r;
}
- fclose(f);
+ close(fd);
}
/**

10
unbound.spec
View File

@ -2,7 +2,7 @@
Name: unbound Name: unbound
Version: 1.10.1 Version: 1.10.1
Release: 2 Release: 3
Summary: Unbound is a validating, recursive, caching DNS resolver Summary: Unbound is a validating, recursive, caching DNS resolver
License: BSD License: BSD
Url: https://nlnetlabs.nl/projects/unbound/about/ Url: https://nlnetlabs.nl/projects/unbound/about/
@ -22,6 +22,7 @@ Source12: unbound-anchor.timer
Source13: unbound-anchor.service Source13: unbound-anchor.service
Patch0: unbound-1.10.0-auth-callback.patch Patch0: unbound-1.10.0-auth-callback.patch
Patch1: CVE-2020-28935.patch
BuildRequires: make flex swig pkgconfig systemd BuildRequires: make flex swig pkgconfig systemd
BuildRequires: libevent-devel expat-devel openssl-devel python3-devel BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
@ -74,6 +75,7 @@ Package help includes includes man pages for unbound.
pushd %{name}-%{version} pushd %{name}-%{version}
%patch0 -p1 %patch0 -p1
%patch1 -p1
cp -pr doc pythonmod libunbound ../ cp -pr doc pythonmod libunbound ../
popd popd
@ -229,6 +231,12 @@ popd
%{_mandir}/man* %{_mandir}/man*
%changelog %changelog
* Tue Feb 23 2021 zhouyihang <zhouyihang3@huawei.com> - 1.10.1-3
- Type:CVE
- ID:NA
- SUG:NA
- DESC:fix CVE-2020-28935
* Thu Oct 29 2020 gaihuiying <gaihuiying1@huawei.com> - 1.10.1-2 * Thu Oct 29 2020 gaihuiying <gaihuiying1@huawei.com> - 1.10.1-2
- Type:requirement - Type:requirement
- ID:NA - ID:NA