rpms/licq/devel licq-1.3.5-dos.patch,NONE,1.1 licq.spec,1.23,1.24
Jiří Moskovčák (jmoskovc)
fedora-extras-commits at redhat.com
Mon May 12 12:49:18 UTC 2008
Author: jmoskovc
Update of /cvs/extras/rpms/licq/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20170
Modified Files:
licq.spec
Added Files:
licq-1.3.5-dos.patch
Log Message:
fixed possible DoS vulnerability CVE-2008-1996
licq-1.3.5-dos.patch:
--- NEW FILE licq-1.3.5-dos.patch ---
Index: /trunk/licq/include/licq_socket.h
===================================================================
--- licq-1.3.5/include/licq_socket.h (revision 4714)
+++ licq-1.3.5/include/licq_socket.h (revision 6146)
@@ -251,4 +251,5 @@
fd_set SocketSet() { return m_sSockets.SocketSet(); }
int LargestSocket() { return m_sSockets.Largest(); }
+ unsigned short Num() { return m_sSockets.Num(); }
protected:
Index: licq-1.3.5/src/socket.cpp
===================================================================
--- licq-1.3.5/src/socket.cpp (revision 5629)
+++ licq-1.3.5/src/socket.cpp (revision 6146)
@@ -818,6 +818,24 @@
socklen_t sizeofSockaddr = sizeof(struct sockaddr_in);
- newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
- newSocket.SetLocalAddress();
+ // Make sure we stay under FD_SETSIZE
+ // See:
+ // * http://www.securityfocus.com/archive/1/490711
+ // * http://securityvulns.com/docs7669.html
+ // for more details
+ // This probably has no affect, since we are using multiple threads, but keep it here
+ // to be used as a sanity check.
+ int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
+ if (newDesc < FD_SETSIZE)
+ {
+ newSocket.m_nDescriptor = newDesc;
+ newSocket.SetLocalAddress();
+ }
+ else
+ {
+ gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR);
+ close(newDesc);
+
+ // TODO throw an exception, or do something to tell the caller it failed
+ }
}
Index: licq-1.3.5/src/icqd-threads.cpp
===================================================================
--- licq-1.3.5/src/icqd-threads.cpp (revision 5450)
+++ licq-1.3.5/src/icqd-threads.cpp (revision 6146)
@@ -24,4 +24,5 @@
#include "gettext.h"
+#define MAX_CONNECTS 256
#define DEBUG_THREADS(x)
//#define DEBUG_THREADS(x) gLog.Info(x)
@@ -781,6 +782,19 @@
tcp->RecvConnection(*newSocket);
gSocketManager.DropSocket(tcp);
- gSocketManager.AddSocket(newSocket);
- gSocketManager.DropSocket(newSocket);
+
+ // Make sure we can handle another socket before accepting it
+ if (gSocketManager.Num() > MAX_CONNECTS)
+ {
+ // Too many sockets, drop this one
+ char remoteIp[32];
+ gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"),
+ L_WARNxSTR, newSocket->RemoteIpStr(remoteIp));
+ delete newSocket;
+ }
+ else
+ {
+ gSocketManager.AddSocket(newSocket);
+ gSocketManager.DropSocket(newSocket);
+ }
}
}
Index: licq-1.3.5/src/icqd-chat.cpp
===================================================================
--- licq-1.3.5/src/icqd-chat.cpp (revision 6136)
+++ licq-1.3.5/src/icqd-chat.cpp (revision 6146)
@@ -24,4 +24,5 @@
#include "gettext.h"
+#define MAX_CONNECTS 256
#define DEBUG_THREADS(x)
@@ -2384,14 +2385,22 @@
else if (nCurrentSocket == chatman->chatServer.Descriptor())
{
- CChatUser *u = new CChatUser;
- u->m_pClient = new CChatClient;
-
- chatman->chatServer.RecvConnection(u->sock);
- chatman->sockman.AddSocket(&u->sock);
- chatman->sockman.DropSocket(&u->sock);
-
- u->state = CHAT_STATE_HANDSHAKE;
- chatman->chatUsers.push_back(u);
- gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
+ if (chatman->sockman.Num() >= MAX_CONNECTS)
+ {
+ // Too many sockets, drop this one
+ gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR);
+ }
+ else
+ {
+ CChatUser *u = new CChatUser;
+ u->m_pClient = new CChatClient;
+
+ chatman->chatServer.RecvConnection(u->sock);
+ chatman->sockman.AddSocket(&u->sock);
+ chatman->sockman.DropSocket(&u->sock);
+
+ u->state = CHAT_STATE_HANDSHAKE;
+ chatman->chatUsers.push_back(u);
+ gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
+ }
}
Index: licq.spec
===================================================================
RCS file: /cvs/extras/rpms/licq/devel/licq.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- licq.spec 15 Feb 2008 09:45:51 -0000 1.23
+++ licq.spec 12 May 2008 12:48:40 -0000 1.24
@@ -1,6 +1,6 @@
Name: licq
Version: 1.3.5
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPL
Source0: http://prdownloads.sourceforge.net/licq/licq-%{version}.tar.gz
Source1: http://prdownloads.sourceforge.net/icqnd/icqnd-0.1.9.6.tar.bz2
@@ -15,6 +15,7 @@
BuildRequires: libXScrnSaver-devel
BuildRequires: gettext, automake, libtool
Patch0: licq-1.3.5-gcc43.patch
+Patch1: licq-1.3.5-dos.patch
%package kde
Summary: Licq plugin for KDE
@@ -72,6 +73,7 @@
%setup -q
tar -C plugins -xjf %{SOURCE1}
%patch0 -p1 -b .gcc43.patch
+%patch1 -p1 -b .dos
#remove cvs stuff
rm -rf `find . -name CVS`
@@ -111,6 +113,7 @@
--with-qt-libraries=%{_libdir}/qt-3.3/lib/ \
--with-qt-moc=%{_libdir}/qt-3.3/bin/moc \
QT_LUPDATE=/usr/lib/qt-3.3/bin/lupdate
+# QT_LRELEASE=/usr/lib/qt-3.3/bin/lrelease
make
cd ../osd
%configure --libdir=%{_libdir}/
@@ -226,6 +229,9 @@
%doc plugins/auto-reply/{README,licq_autoreply.conf,examples}
%changelog
+* Mon May 12 2008 Jiri Moskovcak <jmoskovc at redhat.com> 1.3.5-2
+- fixed possible DoS vulnerability CVE-2008-1996
+
* Thu Feb 14 2008 Jiri Moskovcak <jmoskovc at redhat.com> 1.3.5-1
- new version
- few minor fixes to make licq compile with gcc 4.3
More information about the fedora-extras-commits
mailing list