diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-29 11:22:34 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-29 11:22:34 +0000 |
| commit | bd7908c6630f38067350d396ac5d18c3cc2434a0 (patch) | |
| tree | 3559b3e11424f5529527f2474d8a977a91ee3389 /sys-apps/systemd/files | |
| parent | 8b2628ad8526c806375e7b157889e4274b70248b (diff) | |
gentoo resync : 29.10.2017
Diffstat (limited to 'sys-apps/systemd/files')
| -rw-r--r-- | sys-apps/systemd/files/CVE-2017-15908.patch | 39 | ||||
| -rw-r--r-- | sys-apps/systemd/files/CVE-2017-9217.patch | 28 |
2 files changed, 67 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/CVE-2017-15908.patch b/sys-apps/systemd/files/CVE-2017-15908.patch new file mode 100644 index 000000000000..08e5e37514ce --- /dev/null +++ b/sys-apps/systemd/files/CVE-2017-15908.patch @@ -0,0 +1,39 @@ +From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 25 Oct 2017 11:19:19 +0200 +Subject: [PATCH] resolved: fix loop on packets with pseudo dns types + +Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. + +https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 +--- + src/resolve/resolved-dns-packet.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index e2f227bfc..35f4d0689 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + + found = true; + +- while (bitmask) { ++ for (; bitmask; bit++, bitmask >>= 1) + if (bitmap[i] & bitmask) { + uint16_t n; + +@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + if (r < 0) + return r; + } +- +- bit++; +- bitmask >>= 1; +- } + } + + if (!found) +-- +2.15.0.rc2 + diff --git a/sys-apps/systemd/files/CVE-2017-9217.patch b/sys-apps/systemd/files/CVE-2017-9217.patch new file mode 100644 index 000000000000..68d0f36d4913 --- /dev/null +++ b/sys-apps/systemd/files/CVE-2017-9217.patch @@ -0,0 +1,28 @@ +From a924f43f30f9c4acaf70618dd2a055f8b0f166be Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Wed, 24 May 2017 08:56:48 +0300 +Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing + (#6020) + +See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396 +--- + src/resolve/resolved-dns-packet.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index 652970284..240ee448f 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -2269,6 +2269,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) { + if (r < 0) + return r; + ++ if (!p->question) ++ return 0; ++ + if (p->question->n_keys != 1) + return 0; + +-- +2.15.0.rc2 + |