[packages/systemd] Patch for local DOS vulnerability
jajcus
jajcus at pld-linux.org
Sat Oct 1 12:19:28 CEST 2016
commit 285d8b286300b58af3e42b459f9aada4df02e3bb
Author: Jacek Konieczny <jajcus at jajcus.net>
Date: Sat Oct 1 11:37:13 2016 +0200
Patch for local DOS vulnerability
https://github.com/systemd/systemd/issues/4234
Reproducible in PLD with:
while : ; do NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" ; done
Patch based on upstream commits:
https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020
https://github.com/systemd/systemd/commit/9987750e7a4c62e0eb8473603150596ba7c3a015
https://github.com/systemd/systemd/commit/8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4
https://github.com/systemd/systemd/commit/a86b76753d7868c2d05f046f601bc7dc89fc2203
Release: 14
empty_notify_dos.patch | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++
systemd.spec | 4 ++-
2 files changed, 98 insertions(+), 1 deletion(-)
---
diff --git a/systemd.spec b/systemd.spec
index 89f7b87..a106634 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -28,7 +28,7 @@ Summary(pl.UTF-8): systemd - zarządca systemu i usług dla Linuksa
Name: systemd
# Verify ChangeLog and NEWS when updating (since there are incompatible/breaking changes very often)
Version: 221
-Release: 13
+Release: 14
Epoch: 1
License: GPL v2+ (udev), LGPL v2.1+ (the rest)
Group: Base
@@ -78,6 +78,7 @@ Patch11: optional-tmp-on-tmpfs.patch
Patch12: uids_gids.patch
Patch13: sysctl.patch
Patch14: journal-gatewayd-fdopen.patch
+Patch15: empty_notify_dos.patch
URL: http://www.freedesktop.org/wiki/Software/systemd
BuildRequires: acl-devel
%{?with_audit:BuildRequires: audit-libs-devel}
@@ -674,6 +675,7 @@ Uzupełnianie parametrów w zsh dla poleceń udev.
%patch12 -p1
%patch13 -p1
%patch14 -p1
+%patch15 -p1
cp -p %{SOURCE2} src/systemd_booted.c
%build
diff --git a/empty_notify_dos.patch b/empty_notify_dos.patch
new file mode 100644
index 0000000..afbbbc0
--- /dev/null
+++ b/empty_notify_dos.patch
@@ -0,0 +1,95 @@
+diff -dur -x '*~' systemd-221.orig/src/core/manager.c systemd-221/src/core/manager.c
+--- systemd-221.orig/src/core/manager.c 2015-06-17 20:28:29.557344895 +0200
++++ systemd-221/src/core/manager.c 2016-10-01 11:33:10.138847360 +0200
+@@ -1478,13 +1478,12 @@
+ return n;
+ }
+
+-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, char *buf, size_t n, FDSet *fds) {
++static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, char *buf, FDSet *fds) {
+ _cleanup_strv_free_ char **tags = NULL;
+
+ assert(m);
+ assert(u);
+ assert(buf);
+- assert(n > 0);
+
+ tags = strv_split(buf, "\n\r");
+ if (!tags) {
+@@ -1494,8 +1493,14 @@
+
+ if (UNIT_VTABLE(u)->notify_message)
+ UNIT_VTABLE(u)->notify_message(u, pid, tags, fds);
+- else
+- log_unit_debug(u, "Got notification message for unit. Ignoring.");
++ else if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
++ _cleanup_free_ char *x = NULL, *y = NULL;
++
++ x = cescape(buf);
++ if (x)
++ y = ellipsize(x, 20, 90);
++ log_unit_debug(u, "Got notification message \"%s\", ignoring.", strnull(y));
++ }
+ }
+
+ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+@@ -1538,10 +1543,13 @@
+
+ n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+ if (n < 0) {
+- if (errno == EAGAIN || errno == EINTR)
+- break;
+-
+- return -errno;
++ if (!IN_SET(errno, EAGAIN, EINTR))
++ log_error("Failed to receive notification message: %m");
++ /* It's not an option to return an error here since it
++ * would disable the notification handler entirely. Services
++ * wouldn't be able to send the WATCHDOG message for
++ * example... */
++ return 0;
+ }
+
+ CMSG_FOREACH(cmsg, &msghdr) {
+@@ -1564,7 +1572,8 @@
+ r = fdset_new_array(&fds, fd_array, n_fds);
+ if (r < 0) {
+ close_many(fd_array, n_fds);
+- return log_oom();
++ log_oom();
++ return 0;
+ }
+ }
+
+@@ -1578,25 +1587,27 @@
+ continue;
+ }
+
++ /* The message should be a string. Here we make sure it's NUL-terminated,
++ * but only the part until first NUL will be used anyway. */
+ buf[n] = 0;
+
+ /* Notify every unit that might be interested, but try
+ * to avoid notifying the same one multiple times. */
+ u1 = manager_get_unit_by_pid(m, ucred->pid);
+ if (u1) {
+- manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
++ manager_invoke_notify_message(m, u1, ucred->pid, buf, fds);
+ found = true;
+ }
+
+ u2 = hashmap_get(m->watch_pids1, LONG_TO_PTR(ucred->pid));
+ if (u2 && u2 != u1) {
+- manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
++ manager_invoke_notify_message(m, u2, ucred->pid, buf, fds);
+ found = true;
+ }
+
+ u3 = hashmap_get(m->watch_pids2, LONG_TO_PTR(ucred->pid));
+ if (u3 && u3 != u2 && u3 != u1) {
+- manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
++ manager_invoke_notify_message(m, u3, ucred->pid, buf, fds);
+ found = true;
+ }
+
+Only in systemd-221/src/core: manager.c.orig
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/systemd.git/commitdiff/285d8b286300b58af3e42b459f9aada4df02e3bb
More information about the pld-cvs-commit
mailing list