NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/fastd: fix CVE-2020-27638

Browse Source 
receive.c in fastd before v21 allows denial of service (assertion
failure) when receiving packets with an invalid type code.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Fabrice Fontaine 2020-10-31 17:34:20 +01:00 committed by Thomas Petazzoni
parent 822c283edc
commit 7e4af3ce3f
2 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
package/fastd/0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch Normal file
View File

@ -0,0 +1,45 @@
From 737925113363b6130879729cdff9ccc46c33eaea Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Mon, 19 Oct 2020 21:08:16 +0200
Subject: [PATCH] receive: fix buffer leak when receiving invalid packets
For fastd versions before v20, this was just a memory leak (which could
still be used for DoS, as it's remotely triggerable). With the new
buffer management of fastd v20, this will trigger an assertion failure
instead as soon as the buffer pool is empty.
[Retrieved from:
https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/receive.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/receive.c b/src/receive.c
index 043c9f2..6bca9f4 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -169,6 +169,11 @@ static inline void handle_socket_receive_known(
case PACKET_HANDSHAKE:
fastd_handshake_handle(sock, local_addr, remote_addr, peer, buffer);
+ break;
+
+ default:
+ fastd_buffer_free(buffer);
+ pr_debug("received packet with invalid type from %P[%I]", peer, remote_addr);
}
}
@@ -195,6 +200,11 @@ static inline void handle_socket_receive_unknown(
case PACKET_HANDSHAKE:
fastd_handshake_handle(sock, local_addr, remote_addr, NULL, buffer);
+ break;
+
+ default:
+ fastd_buffer_free(buffer);
+ pr_debug("received packet with invalid type from unknown address %I", remote_addr);
}
}

3
package/fastd/fastd.mk
View File

@ -12,6 +12,9 @@ FASTD_LICENSE_FILES = COPYRIGHT
FASTD_CONF_OPTS = -DENABLE_LIBSODIUM=ON
FASTD_DEPENDENCIES = host-bison host-pkgconf libuecc libsodium libcap
# 0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch
FASTD_IGNORE_CVES += CVE-2020-27638
ifeq ($(BR2_PACKAGE_OPENSSL),y)
FASTD_CONF_OPTS += -DENABLE_OPENSSL=ON
FASTD_DEPENDENCIES += openssl