49a2bb396c
Fixes CVE-2017-8779: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commitdiff;h=dd9c7cf4f8f375c6d641b760d124650c418c2ce3 Rebased patches 0001, 0002 & 0006. Removed patch 0007, applied upstream: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4f1503e84b2f7bd229a097335e52fb8203f5bb0b Renumbered patch 0008. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
143 lines
4.4 KiB
Diff
143 lines
4.4 KiB
Diff
From 79975eb4104667be85abd06874c258438826b674 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks>
|
|
Date: Fri, 24 Jul 2015 14:45:52 +0200
|
|
Subject: [PATCH] Disable DES authentification support
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
uClibc and musl does not provide DES authentication.
|
|
|
|
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
|
|
[peda@axentia.se: update for 1.0.1]
|
|
Signed-off-by: Peter Rosin <peda@axentia.se>
|
|
[bernd.kuhls@t-online.de: update for 1.0.2]
|
|
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
|
|
---
|
|
src/Makefile.am | 2 +-
|
|
src/rpc_soc.c | 32 --------------------------------
|
|
2 files changed, 1 insertion(+), 33 deletions(-)
|
|
|
|
diff --git a/src/Makefile.am b/src/Makefile.am
|
|
index 960a522..3a88e31 100644
|
|
--- a/src/Makefile.am
|
|
+++ b/src/Makefile.am
|
|
@@ -22,9 +22,8 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
|
|
pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \
|
|
rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
|
|
rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
|
|
- svc_auth_des.c \
|
|
svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
|
|
- auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
|
|
+ debug.c
|
|
|
|
## XDR
|
|
libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
|
|
diff --git a/src/svc_auth.c b/src/svc_auth.c
|
|
--- a/src/svc_auth.c
|
|
+++ b/src/svc_auth.c
|
|
@@ -114,9 +114,6 @@ _gss_authenticate(rqst, msg, no_dispatch)
|
|
case AUTH_SHORT:
|
|
dummy = _svcauth_short(rqst, msg);
|
|
return (dummy);
|
|
- case AUTH_DES:
|
|
- dummy = _svcauth_des(rqst, msg);
|
|
- return (dummy);
|
|
#ifdef HAVE_RPCSEC_GSS
|
|
case RPCSEC_GSS:
|
|
dummy = _svcauth_gss(rqst, msg, no_dispatch);
|
|
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
|
|
index e146ed4..161a1ec 100644
|
|
--- a/src/rpc_soc.c
|
|
+++ b/src/rpc_soc.c
|
|
@@ -522,86 +521,6 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult)
|
|
}
|
|
|
|
/*
|
|
- * Create the client des authentication object. Obsoleted by
|
|
- * authdes_seccreate().
|
|
- */
|
|
-AUTH *
|
|
-authdes_create(servername, window, syncaddr, ckey)
|
|
- char *servername; /* network name of server */
|
|
- u_int window; /* time to live */
|
|
- struct sockaddr *syncaddr; /* optional hostaddr to sync with */
|
|
- des_block *ckey; /* optional conversation key to use */
|
|
-{
|
|
- AUTH *nauth;
|
|
- char hostname[NI_MAXHOST];
|
|
-
|
|
- if (syncaddr) {
|
|
- /*
|
|
- * Change addr to hostname, because that is the way
|
|
- * new interface takes it.
|
|
- */
|
|
- switch (syncaddr->sa_family) {
|
|
- case AF_INET:
|
|
- if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
|
|
- sizeof hostname, NULL, 0, 0) != 0)
|
|
- goto fallback;
|
|
- break;
|
|
- case AF_INET6:
|
|
- if (getnameinfo(syncaddr, sizeof(struct sockaddr_in6), hostname,
|
|
- sizeof hostname, NULL, 0, 0) != 0)
|
|
- goto fallback;
|
|
- break;
|
|
- default:
|
|
- goto fallback;
|
|
- }
|
|
- nauth = authdes_seccreate(servername, window, hostname, ckey);
|
|
- return (nauth);
|
|
- }
|
|
-fallback:
|
|
- return authdes_seccreate(servername, window, NULL, ckey);
|
|
-}
|
|
-
|
|
-/*
|
|
- * Create the client des authentication object. Obsoleted by
|
|
- * authdes_pk_seccreate().
|
|
- */
|
|
-extern AUTH *authdes_pk_seccreate(const char *, netobj *, u_int, const char *,
|
|
- const des_block *, nis_server *);
|
|
-
|
|
-AUTH *
|
|
-authdes_pk_create(servername, pkey, window, syncaddr, ckey)
|
|
- char *servername; /* network name of server */
|
|
- netobj *pkey; /* public key */
|
|
- u_int window; /* time to live */
|
|
- struct sockaddr *syncaddr; /* optional hostaddr to sync with */
|
|
- des_block *ckey; /* optional conversation key to use */
|
|
-{
|
|
- AUTH *nauth;
|
|
- char hostname[NI_MAXHOST];
|
|
-
|
|
- if (syncaddr) {
|
|
- /*
|
|
- * Change addr to hostname, because that is the way
|
|
- * new interface takes it.
|
|
- */
|
|
- switch (syncaddr->sa_family) {
|
|
- case AF_INET:
|
|
- if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
|
|
- sizeof hostname, NULL, 0, 0) != 0)
|
|
- goto fallback;
|
|
- break;
|
|
- default:
|
|
- goto fallback;
|
|
- }
|
|
- nauth = authdes_pk_seccreate(servername, pkey, window, hostname, ckey, NULL);
|
|
- return (nauth);
|
|
- }
|
|
-fallback:
|
|
- return authdes_pk_seccreate(servername, pkey, window, NULL, ckey, NULL);
|
|
-}
|
|
-
|
|
-
|
|
-/*
|
|
* Create a client handle for a unix connection. Obsoleted by clnt_vc_create()
|
|
*/
|
|
CLIENT *
|
|
--
|
|
2.4.6
|
|
|