Tweak the patches a bit more
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
parent
af78c9a73f
commit
a2b328a772
|
|
@ -1,8 +1,8 @@
|
|||
From cc3e26e6de62c793ac869d219dd8aa7757249893 Mon Sep 17 00:00:00 2001
|
||||
From 976d4b21b85aad15bf359089dd84b39c48347fb2 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sun, 18 Jun 2017 15:53:15 -0400
|
||||
Subject: [PATCH 1/2] test-resolved-packet: add a simple test for our
|
||||
allocation functions
|
||||
Subject: [PATCH] test-resolved-packet: add a simple test for our allocation
|
||||
functions
|
||||
|
||||
---
|
||||
.gitignore | 1 +
|
||||
|
|
@ -12,10 +12,10 @@ Subject: [PATCH 1/2] test-resolved-packet: add a simple test for our
|
|||
create mode 100644 src/resolve/test-resolved-packet.c
|
||||
|
||||
diff --git a/.gitignore b/.gitignore
|
||||
index 01cb6e7db7..25b976a0e3 100644
|
||||
index f7db68b4a6..814a1c8861 100644
|
||||
--- a/.gitignore
|
||||
+++ b/.gitignore
|
||||
@@ -269,6 +269,7 @@
|
||||
@@ -255,6 +255,7 @@
|
||||
/test-replace-var
|
||||
/test-resolve
|
||||
/test-resolve-tables
|
||||
|
|
@ -24,10 +24,10 @@ index 01cb6e7db7..25b976a0e3 100644
|
|||
/test-rlimit-util
|
||||
/test-sched-prio
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index a767a5aa0d..e97a66e0fa 100644
|
||||
index 0c27f81986..e8d72a8129 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -5663,6 +5663,7 @@ dist_zshcompletion_data += \
|
||||
@@ -5451,6 +5451,7 @@ dist_zshcompletion_data += \
|
||||
tests += \
|
||||
test-dns-packet \
|
||||
test-resolve-tables \
|
||||
|
|
@ -35,7 +35,7 @@ index a767a5aa0d..e97a66e0fa 100644
|
|||
test-dnssec
|
||||
|
||||
manual_tests += \
|
||||
@@ -5684,6 +5685,19 @@ test_resolve_tables_LDADD = \
|
||||
@@ -5472,6 +5473,19 @@ test_resolve_tables_LDADD = \
|
||||
$(GCRYPT_LIBS) \
|
||||
-lm
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
From d2a286714f136404d05c8981a2e0820c1dd6e0a9 Mon Sep 17 00:00:00 2001
|
||||
From e3abee3dee32ae7cd8e937e44ace94ab7f45ede9 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sun, 18 Jun 2017 16:07:57 -0400
|
||||
Subject: [PATCH 2/2] resolved: simplify alloc size calculation
|
||||
Subject: [PATCH] resolved: simplify alloc size calculation
|
||||
|
||||
The allocation size was calculated in a complicated way, and for values
|
||||
close to the page size we would actually allocate less than requested.
|
||||
|
|
@ -15,7 +15,7 @@ CVE-2017-9445
|
|||
2 files changed, 1 insertion(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
|
||||
index 240ee448f4..821b66e266 100644
|
||||
index 8b620cb6a8..7262a50eee 100644
|
||||
--- a/src/resolve/resolved-dns-packet.c
|
||||
+++ b/src/resolve/resolved-dns-packet.c
|
||||
@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
|
||||
|
|
@ -34,7 +34,7 @@ index 240ee448f4..821b66e266 100644
|
|||
/* round up to next page size */
|
||||
a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
|
||||
diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
|
||||
index 2c92392e4d..3abcaf8cf3 100644
|
||||
index 7b7d4e14c9..05a7a844e4 100644
|
||||
--- a/src/resolve/resolved-dns-packet.h
|
||||
+++ b/src/resolve/resolved-dns-packet.h
|
||||
@@ -66,8 +66,6 @@ struct DnsPacketHeader {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,48 @@
|
|||
From 626e9ef495474c95e3143ddae1a498d391c2a008 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 27 Jun 2017 14:20:00 -0400
|
||||
Subject: [PATCH] resolved: do not allocate packets with minimum size
|
||||
|
||||
dns_packet_new() is sometimes called with mtu == 0, and in that case we should
|
||||
allocate more than the absolute minimum (which is the dns packet header size),
|
||||
otherwise we have to resize immediately again after appending the first data to
|
||||
the packet.
|
||||
|
||||
This partially reverts the previous commit.
|
||||
---
|
||||
src/resolve/resolved-dns-packet.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
|
||||
index 7262a50eee..c1ee755d9f 100644
|
||||
--- a/src/resolve/resolved-dns-packet.c
|
||||
+++ b/src/resolve/resolved-dns-packet.c
|
||||
@@ -28,6 +28,9 @@
|
||||
|
||||
#define EDNS0_OPT_DO (1<<15)
|
||||
|
||||
+#define DNS_PACKET_SIZE_START 512
|
||||
+assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
|
||||
+
|
||||
typedef struct DnsPacketRewinder {
|
||||
DnsPacket *packet;
|
||||
size_t saved_rindex;
|
||||
@@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
|
||||
|
||||
assert(ret);
|
||||
|
||||
- a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
|
||||
+ /* When dns_packet_new() is called with mtu == 0, allocate more than the
|
||||
+ * absolute minimum (which is the dns packet header size), to avoid
|
||||
+ * resizing immediately again after appending the first data to the packet.
|
||||
+ */
|
||||
+ if (mtu < UDP_PACKET_HEADER_SIZE)
|
||||
+ a = DNS_PACKET_SIZE_START;
|
||||
+ else
|
||||
+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
|
||||
|
||||
/* round up to next page size */
|
||||
a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
|
||||
--
|
||||
2.13.0
|
||||
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
From 46ee71cfab1eebcd57109c5ee402d13a7b9d2468 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 27 Jun 2017 16:59:06 -0400
|
||||
Subject: [PATCH] resolved: define various packet sizes as unsigned
|
||||
|
||||
This seems like the right thing to do, and apparently at least some compilers
|
||||
warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX.
|
||||
---
|
||||
src/resolve/resolved-dns-packet.c | 2 +-
|
||||
src/resolve/resolved-dns-packet.h | 6 +++---
|
||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
|
||||
index c1ee755d9f..fd37363ece 100644
|
||||
--- a/src/resolve/resolved-dns-packet.c
|
||||
+++ b/src/resolve/resolved-dns-packet.c
|
||||
@@ -28,7 +28,7 @@
|
||||
|
||||
#define EDNS0_OPT_DO (1<<15)
|
||||
|
||||
-#define DNS_PACKET_SIZE_START 512
|
||||
+#define DNS_PACKET_SIZE_START 512u
|
||||
assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
|
||||
|
||||
typedef struct DnsPacketRewinder {
|
||||
diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
|
||||
index 05a7a844e4..1020db0221 100644
|
||||
--- a/src/resolve/resolved-dns-packet.h
|
||||
+++ b/src/resolve/resolved-dns-packet.h
|
||||
@@ -58,13 +58,13 @@ struct DnsPacketHeader {
|
||||
/* The various DNS protocols deviate in how large a packet can grow,
|
||||
but the TCP transport has a 16bit size field, hence that appears to
|
||||
be the absolute maximum. */
|
||||
-#define DNS_PACKET_SIZE_MAX 0xFFFF
|
||||
+#define DNS_PACKET_SIZE_MAX 0xFFFFu
|
||||
|
||||
/* RFC 1035 say 512 is the maximum, for classic unicast DNS */
|
||||
-#define DNS_PACKET_UNICAST_SIZE_MAX 512
|
||||
+#define DNS_PACKET_UNICAST_SIZE_MAX 512u
|
||||
|
||||
/* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
|
||||
-#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
|
||||
+#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096u
|
||||
|
||||
struct DnsPacket {
|
||||
int n_ref;
|
||||
--
|
||||
2.13.0
|
||||
|
||||
11
systemd.spec
11
systemd.spec
|
|
@ -13,7 +13,7 @@
|
|||
Name: systemd
|
||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 233
|
||||
Release: 5%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
Release: 6%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: System and Service Manager
|
||||
|
|
@ -123,6 +123,8 @@ Patch0074: 0074-core-mount-pass-c-flag-to-bin-umount-6093.patch
|
|||
Patch0075: 0075-man-systemd-timesyncd.service-8-6109.patch
|
||||
Patch0076: 0076-test-resolved-packet-add-a-simple-test-for-our-alloc.patch
|
||||
Patch0077: 0077-resolved-simplify-alloc-size-calculation.patch
|
||||
Patch0078: 0078-resolved-do-not-allocate-packets-with-minimum-size.patch
|
||||
Patch0079: 0079-resolved-define-various-packet-sizes-as-unsigned.patch
|
||||
|
||||
|
||||
Source0990: hwdb.patch
|
||||
|
|
@ -1124,10 +1126,13 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
|
|||
%{pkgdir}/tests
|
||||
|
||||
%changelog
|
||||
* Tue Jun 27 2017 zbyszek <zbyszek@in.waw.pl> - 233-5
|
||||
* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 233-6
|
||||
- Tweak the patches a bit
|
||||
|
||||
* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 233-5
|
||||
- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445)
|
||||
|
||||
* Thu Jun 15 2017 zbyszek <zbyszek@in.waw.pl> - 233-4
|
||||
* Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 233-4
|
||||
- Backport a bunch of small fixes (memleaks, wrong format strings,
|
||||
man page clarifications, shell completion)
|
||||
- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493)
|
||||
|
|
|
|||
Loading…
Reference in New Issue