libfcgi:add security patch for CVE-2012-6687

Fix-CVE-2012-6687 - remote attackers cause a denial of service (crash) via a large number of connections (http://www.cvedetails.com/cve/CVE-2012-6687/). use poll in os_unix.c instead of select to avoid problem with > 1024 connections. The patch libfcgi_2.4.0-8.3.debian.tar.xz is taken from the below link: (https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3) The next release of libfcgi is 2.4.1 which may have this fix is yet to be released officially. Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-01 11:51:56 +05:30 · 2016-03-01 11:51:56 +05:30 · 2311d54ec4
commit 2311d54ec4
parent 18f3a22dce
1 changed files with 104 additions and 0 deletions
--- a/package/libfcgi/0006-fix-CVE-2012-6687.patch
+++ b/package/libfcgi/0006-fix-CVE-2012-6687.patch
@ -0,0 +1,104 @@
+libfcgi:add security patch for CVE-2012-6687
+CVE-2012-6687 - remote attackers cause a denial of service (crash) via a large number 
+of connections (http://www.cvedetails.com/cve/CVE-2012-6687/).
+Fix:use poll in os_unix.c instead of select to avoid problem with > 1024 connections.
+This patch libfcgi_2.4.0-8.3.debian.tar.xz is pulled from the below link:
+(https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)
+The next release of libfcgi is 2.4.1 which may have this fix is yet to be released 
+officially.
+
+Signed-off-by: Anton Kortunov <toshic.toshic@gmail.com>
+Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
+
+Index: b/libfcgi/os_unix.c
+===================================================================
+--- a/libfcgi/os_unix.c
+++ b/libfcgi/os_unix.c
+@@ -42,6 +42,7 @@
+ #include <sys/time.h>
+ #include <sys/un.h>
+ #include <signal.h>
+#include <poll.h>
+ 
+ #ifdef HAVE_NETDB_H
+ #include <netdb.h>
+@@ -103,6 +104,9 @@
+ static int shutdownPending = FALSE;
+ static int shutdownNow = FALSE;
+ 
+static int libfcgiOsClosePollTimeout = 2000;
+static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
+
+ void OS_ShutdownPending()
+ {
+     shutdownPending = TRUE;
+@@ -168,6 +172,16 @@
+     if(libInitialized)
+         return 0;
+ 
+    char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
+    if(libfcgiOsClosePollTimeoutStr) {
+        libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
+    }
+
+    char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
+    if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
+        libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
+    }
+
+     asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
+     if(asyncIoTable == NULL) {
+         errno = ENOMEM;
+@@ -755,19 +769,16 @@
+ 
+     if (shutdown(fd, 1) == 0)
+     {
+-        struct timeval tv;
+-        fd_set rfds;
+        struct pollfd pfd;
+         int rv;
+         char trash[1024];
+ 
+-        FD_ZERO(&rfds);
+        pfd.fd = fd;
+        pfd.events = POLLIN;
+ 
+         do 
+         {
+-            FD_SET(fd, &rfds);
+-            tv.tv_sec = 2;
+-            tv.tv_usec = 0;
+-            rv = select(fd + 1, &rfds, NULL, NULL, &tv);
+            rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
+         }
+         while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
+     }
+@@ -1116,13 +1127,11 @@
+  */
+ static int is_af_unix_keeper(const int fd)
+ {
+-    struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
+-    fd_set read_fds;
+-
+-    FD_ZERO(&read_fds);
+-    FD_SET(fd, &read_fds);
+    struct pollfd pfd;
+    pfd.fd = fd;
+    pfd.events = POLLIN;
+ 
+-    return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
+    return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
+ }
+ 
+ /*
+
+Index: b/examples/Makefile.am
+===================================================================
+--- a/examples/Makefile.am
+++ b/examples/Makefile.am
+@@ -34,5 +34,5 @@ threaded_CFLAGS    = @PTHREAD_CFLAGS@
+ threaded_LDFLAGS   = @PTHREAD_CFLAGS@ @PTHREAD_LIBS@
+ 
+ echo_cpp_SOURCES = $(INCLUDE_FILES) $(INCLUDEDIR)/fcgio.h echo-cpp.cpp
+-echo_cpp_LDADD   = $(LIBDIR)/libfcgi++.la
+echo_cpp_LDADD   = $(LIBDIR)/libfcgi++.la $(LIBDIR)/libfcgi.la