Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
libcgroup1
cgrulesengd-deny-message-forging.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cgrulesengd-deny-message-forging.patch of Package libcgroup1
From 0a59ea5e0b2ce466bfd35c9e700094bf09a0310d Mon Sep 17 00:00:00 2001 From: Nelson Elhage <nelhage@ksplice.com> Date: Thu, 17 Feb 2011 20:55:12 -0500 Subject: cgrulesengd: Ignore netlink messages that don't come from the kernel. References: bnc#675048, CVE-2011-1022 recvfrom() returns the address, it doesn't filter the packet based on the sender. We need to explicitly check the received address after the call happens. Signed-off-by: Nelson Elhage <nelhage@ksplice.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com> Signed-off-by: Jiri Slaby <jslaby@suse.cz> --- src/daemon/cgrulesengd.c | 11 ++++------- 1 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c index 10fd2cd..5a965fd 100644 --- a/src/daemon/cgrulesengd.c +++ b/src/daemon/cgrulesengd.c @@ -503,17 +503,10 @@ static int cgre_receive_netlink_msg(int sk_nl) struct sockaddr_nl from_nla; socklen_t from_nla_len; struct nlmsghdr *nlh; - struct sockaddr_nl kern_nla; struct cn_msg *cn_hdr; - kern_nla.nl_family = AF_NETLINK; - kern_nla.nl_groups = CN_IDX_PROC; - kern_nla.nl_pid = 1; - kern_nla.nl_pad = 0; - memset(buff, 0, sizeof(buff)); from_nla_len = sizeof(from_nla); - memcpy(&from_nla, &kern_nla, sizeof(from_nla)); recv_len = recvfrom(sk_nl, buff, sizeof(buff), 0, (struct sockaddr *)&from_nla, &from_nla_len); if (recv_len == ENOBUFS) { @@ -523,6 +516,10 @@ static int cgre_receive_netlink_msg(int sk_nl) if (recv_len < 1) return 0; + if (from_nla.nl_groups != CN_IDX_PROC + || from_nla.nl_pid != 0) + return 0; + nlh = (struct nlmsghdr *)buff; while (NLMSG_OK(nlh, recv_len)) { cn_hdr = NLMSG_DATA(nlh); -- 1.7.4.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor