1 files changed, 40 insertions, 0 deletions

diff --git a/sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch b/sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch
new file mode 100644
index 000000000000..aa53239f157c
--- /dev/null
+++ b/sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch
@@ -0,0 +1,40 @@
+From 5dee0365a56dd2cc4cfd0b182bc843b4f32c086c Mon Sep 17 00:00:00 2001
+From: Justin Bronder <jsbronder@gmail.com>
+Date: Mon, 23 Dec 2013 12:40:27 -0500
+Subject: [PATCH] CVE-2013-4319: 2.x root submit fix
+
+https://bugs.gentoo.org/show_bug.cgi?id=484320
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319\
+---
+ src/server/process_request.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/server/process_request.c b/src/server/process_request.c
+index d4a3c92..b06a333 100644
+--- a/src/server/process_request.c
++++ b/src/server/process_request.c
+@@ -640,6 +640,21 @@ void process_request(
+         log_buffer);
+       }
+ 
++    if (svr_conn[sfds].cn_authen != PBS_NET_CONN_FROM_PRIVIL)
++      {
++      sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",
++        reqtype_to_txt(request->rq_type),
++        request->rq_host);
++
++      log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, id, log_buffer);
++
++      req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
++
++      close_client(sfds);
++
++      return;
++      }
++
+     if (!tfind(svr_conn[sfds].cn_addr, &okclients))
+       {
+       sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",
+-- 
+1.8.3.2
+