summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Klausmann <klausman@gentoo.org>2021-01-12 12:54:22 +0100
committerTobias Klausmann <klausman@gentoo.org>2021-01-12 12:55:58 +0100
commitfb0a9a8269b01b991bb14c1382058d84de966ea2 (patch)
tree0e692a622a42308941ed483093db52e25c573c95
parentsci-libs/gdal: bump to 3.2.1 (diff)
downloadgentoo-fb0a9a8269b01b991bb14c1382058d84de966ea2.tar.gz
gentoo-fb0a9a8269b01b991bb14c1382058d84de966ea2.tar.bz2
gentoo-fb0a9a8269b01b991bb14c1382058d84de966ea2.zip
net-ftp/atftp: Add -r addressing CVE 2020-6097
Patch sourced from: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/ Bug: https://bugs.gentoo.org/741566 Signed-off-by: Tobias Klausmann <klausman@gentoo.org>
-rw-r--r--net-ftp/atftp/atftp-0.7.2-r2.ebuild68
-rw-r--r--net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch92
2 files changed, 160 insertions, 0 deletions
diff --git a/net-ftp/atftp/atftp-0.7.2-r2.ebuild b/net-ftp/atftp/atftp-0.7.2-r2.ebuild
new file mode 100644
index 000000000000..28a0da5d668f
--- /dev/null
+++ b/net-ftp/atftp/atftp-0.7.2-r2.ebuild
@@ -0,0 +1,68 @@
+# Copyright 2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools flag-o-matic systemd
+
+DESCRIPTION="Advanced TFTP implementation client/server"
+HOMEPAGE="https://sourceforge.net/projects/atftp/"
+SRC_URI="mirror://sourceforge/atftp/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="selinux tcpd readline pcre"
+
+DEPEND="tcpd? ( sys-apps/tcp-wrappers )
+ readline? ( sys-libs/readline:0= )
+ pcre? ( dev-libs/libpcre )"
+RDEPEND="${DEPEND}
+ !net-ftp/tftp-hpa
+ !net-ftp/uftpd
+ selinux? ( sec-policy/selinux-tftp )"
+BDEPEND=""
+
+PATCHES=(
+ "${FILESDIR}/${P}-CFLAGS.patch"
+ "${FILESDIR}/${P}-cve-2020-6097.patch"
+)
+
+src_prepare() {
+ append-cppflags -D_REENTRANT -DRATE_CONTROL
+ # fix #561720 by restoring pre-GCC5 inline semantics
+ append-cflags -std=gnu89
+
+ default
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_enable tcpd libwrap) \
+ $(use_enable readline libreadline) \
+ $(use_enable pcre libpcre) \
+ --enable-mtftp
+}
+
+src_test() {
+ cd "${S}"/test || die
+ # Try to run the tests
+ ./test.sh || die
+}
+
+src_install() {
+ default
+
+ newinitd "${FILESDIR}"/atftp.init atftp
+ newconfd "${FILESDIR}"/atftp.confd atftp
+
+ systemd_dounit "${FILESDIR}"/atftp.service
+ systemd_install_serviced "${FILESDIR}"/atftp.service.conf
+
+ dodoc README* BUGS FAQ Changelog INSTALL TODO
+ dodoc "${S}"/docs/*
+
+ docinto test
+ cd "${S}"/test || die
+ dodoc load.sh mtftp.conf pcre_pattern.txt test.sh test_suite.txt
+}
diff --git a/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch b/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch
new file mode 100644
index 000000000000..5130d0086432
--- /dev/null
+++ b/net-ftp/atftp/files/atftp-0.7.2-cve-2020-6097.patch
@@ -0,0 +1,92 @@
+commit 96409ef3b9ca061f9527cfaafa778105cf15d994
+Author: Peter Kaestle <peter.kaestle@nokia.com>
+Date: Wed Oct 14 14:02:41 2020 +0200
+
+ Fix for DoS issue CVE-2020-6097
+
+ "sockaddr_print_addr" of tftpd can be triggered remotely to call
+ assert(), which will crash the tftpd daemon. See:
+ https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
+
+ "sockaddr_print_addr" originaly had two features:
+ 1) returning pointer to string of the incoming ip address
+ 2) checking whether ss_family of the connection is supported
+
+ To fix the issue, a separate function "sockaddr_family_supported" is
+ used to take care of 2) and "sockaddr_print_addr" returns an error
+ message string for unsupported cases when using 1) insert of calling
+ assert().
+
+diff --git a/tftp_def.c b/tftp_def.c
+index d457c2a..428a930 100644
+--- a/tftp_def.c
++++ b/tftp_def.c
+@@ -180,6 +180,15 @@ int Gethostbyname(char *addr, struct hostent *host)
+ return OK;
+ }
+
++int
++sockaddr_family_supported(const struct sockaddr_storage *ss)
++{
++ if (ss->ss_family == AF_INET || ss->ss_family == AF_INET6)
++ return 1;
++ else
++ return 0;
++}
++
+ char *
+ sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len)
+ {
+@@ -189,7 +198,7 @@ sockaddr_print_addr(const struct sockaddr_storage *ss, char *buf, size_t len)
+ else if (ss->ss_family == AF_INET6)
+ addr = &((const struct sockaddr_in6 *)ss)->sin6_addr;
+ else
+- assert(!"sockaddr_print: unsupported address family");
++ return "sockaddr_print: unsupported address family";
+ return (char *)inet_ntop(ss->ss_family, addr, buf, len);
+ }
+
+diff --git a/tftp_def.h b/tftp_def.h
+index 0841746..458e310 100644
+--- a/tftp_def.h
++++ b/tftp_def.h
+@@ -54,6 +54,7 @@ int print_eng(double value, char *string, int size, char *format);
+ inline char *Strncpy(char *to, const char *from, size_t size);
+ int Gethostbyname(char *addr, struct hostent *host);
+
++int sockaddr_family_supported(const struct sockaddr_storage *ss);
+ char *sockaddr_print_addr(const struct sockaddr_storage *, char *, size_t);
+ #define SOCKADDR_PRINT_ADDR_LEN INET6_ADDRSTRLEN
+ uint16_t sockaddr_get_port(const struct sockaddr_storage *);
+diff --git a/tftpd.c b/tftpd.c
+index 0b6f6a5..a7561a5 100644
+--- a/tftpd.c
++++ b/tftpd.c
+@@ -644,6 +644,11 @@ void *tftpd_receive_request(void *arg)
+ }
+
+ #ifdef HAVE_WRAP
++ if (!abort && !sockaddr_family_supported(&data->client_info->client))
++ {
++ logger(LOG_ERR, "Connection from unsupported network address family refused");
++ abort = 1;
++ }
+ if (!abort)
+ {
+ /* Verify the client has access. We don't look for the name but
+diff --git a/tftpd_mtftp.c b/tftpd_mtftp.c
+index d420d10..0032905 100644
+--- a/tftpd_mtftp.c
++++ b/tftpd_mtftp.c
+@@ -393,6 +393,11 @@ void *tftpd_mtftp_server(void *arg)
+ &data_size, data->data_buffer);
+
+ #ifdef HAVE_WRAP
++ if (!sockaddr_family_supported(&sa))
++ {
++ logger(LOG_ERR, "mtftp: Connection from unsupported network address family refused");
++ continue;
++ }
+ /* Verify the client has access. We don't look for the name but
+ rely only on the IP address for that. */
+ sockaddr_print_addr(&sa, addr_str, sizeof(addr_str));