[arch-commits] Commit in ppp/trunk (CVE-2015-3310.patch PKGBUILD)

Allan McRae allan at archlinux.org
Mon Jul 27 05:39:12 UTC 2015


    Date: Monday, July 27, 2015 @ 07:39:12
  Author: allan
Revision: 242523

upgpkg: ppp 2.4.7-2

CVE-2015-3310

Added:
  ppp/trunk/CVE-2015-3310.patch
Modified:
  ppp/trunk/PKGBUILD

---------------------+
 CVE-2015-3310.patch |   18 ++++++++++++++++++
 PKGBUILD            |   13 +++++++++----
 2 files changed, 27 insertions(+), 4 deletions(-)

Added: CVE-2015-3310.patch
===================================================================
--- CVE-2015-3310.patch	                        (rev 0)
+++ CVE-2015-3310.patch	2015-07-27 05:39:12 UTC (rev 242523)
@@ -0,0 +1,18 @@
+Fix buffer overflow in rc_mksid()
+
+rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string.
+If the process id is bigger than 65535 (FFFF), its hex representation will be
+longer than 4 characters, resulting in a buffer overflow.
+ 
+The bug can be exploited to cause a remote DoS.
+--- ppp-2.4.7/pppd/plugins/radius/util.c
++++ ppp-2.4.7/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+   static unsigned short int cnt = 0;
+   sprintf (buf, "%08lX%04X%02hX",
+ 	   (unsigned long int) time (NULL),
+-	   (unsigned int) getpid (),
++	   (unsigned int) getpid () & 0xFFFF,
+ 	   cnt & 0xFF);
+   cnt++;
+   return buf;

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2015-07-26 13:51:37 UTC (rev 242522)
+++ PKGBUILD	2015-07-27 05:39:12 UTC (rev 242523)
@@ -2,7 +2,7 @@
 # Maintainer: Thomas Baechler <thomas at archlinux.org>
 pkgname=ppp
 pkgver=2.4.7
-pkgrel=1
+pkgrel=2
 pkgdesc="A daemon which implements the Point-to-Point Protocol for dial-up networking"
 arch=(i686 x86_64) 
 url="http://www.samba.org/ppp/"
@@ -9,7 +9,7 @@
 license=('custom:GPL/BSD')
 depends=('glibc' 'libpcap>=1.0.0')
 backup=(etc/ppp/{chap-secrets,pap-secrets,options,ip-up,ip-down,ip-down.d/00-dns.sh,ip-up.d/00-dns.sh,ipv6-up.d/00-iface-config.sh})
-source=(ftp://ftp.samba.org/pub/ppp/ppp-${pkgver}.tar.gz{,.asc}
+source=(https://download.samba.org/pub/ppp/ppp-${pkgver}.tar.gz{,.asc}
         ppp-2.4.6-makefiles.patch
         options
         ip-up
@@ -19,7 +19,8 @@
         ipv6-up
         ipv6-down
         ipv6-up.d.iface-config.sh
-        ppp.systemd)
+        ppp.systemd
+        CVE-2015-3310.patch)
 sha256sums=('02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30'
             'SKIP'
             'f04f47318226c79594f45b8b75877c30710d22fe0fb1e2e17db3b4257dc4218c'
@@ -31,12 +32,16 @@
             'bb3f44a4f2c4b8dbe7f84d77feae90a71caa9fa3c252a20c390e015d4f8ea248'
             '77292b79f99f97a01aa9a75cd7cd93da70d746d3b8cc60f35b31dfe0568544c0'
             '20780cf4bd0774bebb55ecb3bdae7667c9ae5cbe003a52a1ecb0bbc77d46260f'
-            'eb8ab2e2d71c3bb9c4297cf847b6e9d52616a3fdbf2257c479cc43dff318c831')
+            'eb8ab2e2d71c3bb9c4297cf847b6e9d52616a3fdbf2257c479cc43dff318c831'
+            'f0fe7e7d9b35141c2565a09e39c4f66b475ed3fe8e2528d10faa4412f480e338')
+validpgpkeys=('631E179E370CD727A7F2A33A9E4295D605F66CE9') # Paul Mackerras (Signing key) <paulus at samba.org>
 
 prepare() {
   cd "${srcdir}/${pkgname}-${pkgver}"
 
   patch -p1 -i "${srcdir}/ppp-2.4.6-makefiles.patch"
+  patch -p1 -i "${srcdir}/CVE-2015-3310.patch"
+
   # enable active filter
   sed -i "s:^#FILTER=y:FILTER=y:" pppd/Makefile.linux
   # enable ipv6 support



More information about the arch-commits mailing list