Ubuntu
isc-dhcp package

Merge lp:~davewalker/ubuntu/natty/isc-dhcp/lp_720729 into lp:ubuntu/natty/isc-dhcp

  1. Natty (11.04)
  2. lp_720729
  3. Merge into natty
Proposed by Dave Walker
Status: Merged
Merged at revision: 16
Proposed branch: lp:~davewalker/ubuntu/natty/isc-dhcp/lp_720729
Merge into: lp:ubuntu/natty/isc-dhcp
Diff against target: 99 lines (+76/-0)
3 files modified
debian/changelog (+12/-0)
debian/patches/00list (+2/-0)
debian/patches/CVE-2011-0413.dpatch (+62/-0)
To merge this branch: bzr merge lp:~davewalker/ubuntu/natty/isc-dhcp/lp_720729
Reviewer Review Type Date Requested Status
Ubuntu Security Sponsors Team Pending
Ubuntu Sponsors Pending
Review via email: mp+50195@code.launchpad.net
To post a comment you must log in.
lp:~davewalker/ubuntu/natty/isc-dhcp/lp_720729 updated
17. By Dave Walker

Adjusted spacing on debian/patches/CVE-2011-0413.dpatch

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2010-12-09 11:21:53 +0000
+++ debian/changelog 2011-02-17 17:44:59 +0000
@@ -1,3 +1,15 @@
1isc-dhcp (4.1.1-P1-15ubuntu3) natty; urgency=low
2
3 * SECURITY UPDATE: denial of service via processing of message from an address
4 that was previously declined, causing assert failure. (LP: #720729)
5 - debian/patches/CVE-2011-0413.dpatch: Reclaim the previously abandoned
6 address in isc-dhcp/server/mdb6.c, by retagging the lease and adding
7 a sane expiration value. Based on changes between upstream releases
8 4.1.2 and 4.1.2-P1
9 - CVE-2011-0413
10
11 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Thu, 17 Feb 2011 16:24:57 +0000
12
1isc-dhcp (4.1.1-P1-15ubuntu2) natty; urgency=low13isc-dhcp (4.1.1-P1-15ubuntu2) natty; urgency=low
214
3 * debian/apparmor-profile.dhcpd: allow read access to @{PROC}/[0-9]*/net/dev15 * debian/apparmor-profile.dhcpd: allow read access to @{PROC}/[0-9]*/net/dev
416
=== modified file 'debian/patches/00list'
--- debian/patches/00list 2010-12-06 14:23:12 +0000
+++ debian/patches/00list 2011-02-17 17:44:59 +0000
@@ -11,6 +11,8 @@
1111
12# Backported from 4.1.212# Backported from 4.1.2
13CVE-2010-361113CVE-2010-3611
14# Ported from 4.1-ESV
15CVE-2011-0413
1416
15# Ubuntu patches (see patch headers)17# Ubuntu patches (see patch headers)
16# emailed upstream18# emailed upstream
1719
=== added file 'debian/patches/CVE-2011-0413.dpatch'
--- debian/patches/CVE-2011-0413.dpatch 1970-01-01 00:00:00 +0000
+++ debian/patches/CVE-2011-0413.dpatch 2011-02-17 17:44:59 +0000
@@ -0,0 +1,62 @@
1#! /bin/sh /usr/share/dpatch/dpatch-run
2# Description: When the DHCPv6 server code processed a message for an address
3# that was previously declined and internally tagged as abandoned it could
4# trigger an assert failure resulting in the server crashing. This could have
5# been used to crash DHCPv6 servers remotely. This issue only affected DHCPv6
6# servers. DHCPv4 servers were unaffected. Patch is based on diff between
7# upstream releases 4.1.2 and 4.1.2-P1, constructed to apply by Raphael
8# Geissert. (CVE-2011-0413)
9# Origin: upstream
10# Author: Raphael Geissert <geissert@debian.org>
11# Bug-Ubuntu: https://launchpad.net/bugs/720729
12# Bug-Debian: http://bugs.debian.org/611217
13# Last-Update: 2011-02-17
14
15@DPATCH@
16diff -urNad isc-dhcp~/server/mdb6.c isc-dhcp/server/mdb6.c
17--- isc-dhcp~/server/mdb6.c 2008-10-22 04:41:58.000000000 -0700
18+++ isc-dhcp/server/mdb6.c 2011-02-03 22:18:27.000000000 -0800
19@@ -1006,7 +1006,7 @@
20 * Renew an lease in the pool.
21 *
22 * To do this, first set the new hard_lifetime_end_time for the resource,
23- * and then invoke renew_lease() on it.
24+ * and then invoke renew_lease6() on it.
25 *
26 * WARNING: lease times must only be extended, never reduced!!!
27 */
28@@ -1016,12 +1016,24 @@
29 * If we're already active, then we can just move our expiration
30 * time down the heap.
31 *
32+ * If we're abandoned then we are already on the active list
33+ * but we need to retag the lease and move our expiration
34+ * from infinite to the current value
35+ *
36 * Otherwise, we have to move from the inactive heap to the
37 * active heap.
38 */
39 if (lease->state == FTS_ACTIVE) {
40 isc_heap_decreased(pool->active_timeouts, lease->heap_index);
41 return ISC_R_SUCCESS;
42+ } else if (lease->state == FTS_ABANDONED) {
43+ char tmp_addr[INET6_ADDRSTRLEN];
44+ lease->state = FTS_ACTIVE;
45+ isc_heap_increased(pool->active_timeouts, lease->heap_index);
46+ log_info("Reclaiming previously abandoned address %s",
47+ inet_ntop(AF_INET6, &(lease->addr), tmp_addr,
48+ sizeof(tmp_addr)));
49+ return ISC_R_SUCCESS;
50 } else {
51 return move_lease_to_active(pool, lease);
52 }
53@@ -1109,7 +1121,8 @@
54 decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
55 isc_result_t result;
56
57- if (lease->state != FTS_ACTIVE) {
58+ if ((lease->state != FTS_ACTIVE) &&
59+ (lease->state != FTS_ABANDONED)) {
60 result = move_lease_to_active(pool, lease);
61 if (result != ISC_R_SUCCESS) {
62 return result;

Subscribers

People subscribed via source and target branches