1 |
coldwind 08/07/04 15:20:02 |
2 |
|
3 |
Added: licq-1.3.5-gcc43.patch licq-1.3.5-prevent-dos.patch |
4 |
licq-1.3.5-logonfix.patch |
5 |
Log: |
6 |
Fix security bug #219708, gcc-4.3 and glibc-2.8 fixes (bugs #218814 and #228373) and ICQ protocol upgrade (bug #230387). |
7 |
(Portage version: 2.2_rc1/cvs/Linux 2.6.25-gentoo-r6 x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-im/licq/files/licq-1.3.5-gcc43.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-gcc43.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-gcc43.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: licq-1.3.5-gcc43.patch |
16 |
=================================================================== |
17 |
Source: Anders Olofsson, zimous, Peter Alfredsen, maybe others too. |
18 |
Upstream: Probably fixed in next release. |
19 |
Reason: gcc-4.3 and glibc-2.8 errors, bugs #218814 and #228373 |
20 |
diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/configure.ac licq-1.3.5/plugins/auto-reply/configure.ac |
21 |
--- licq-1.3.5.orig/plugins/auto-reply/configure.ac 2008-06-21 14:49:20.000000000 +0200 |
22 |
+++ licq-1.3.5/plugins/auto-reply/configure.ac 2008-06-21 14:52:18.000000000 +0200 |
23 |
@@ -44,11 +44,11 @@ |
24 |
|
25 |
dnl Switch to C++ mode and check for needed C++ headers |
26 |
AC_LANG_SAVE |
27 |
AC_LANG_CPLUSPLUS |
28 |
|
29 |
-AC_CHECK_HEADER(vector.h,, |
30 |
+AC_CHECK_HEADER(vector,, |
31 |
AC_MSG_ERROR(You need to have the libstdc++ headers installed)) |
32 |
|
33 |
AC_LANG_RESTORE |
34 |
|
35 |
AC_OUTPUT( |
36 |
diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp licq-1.3.5/plugins/auto-reply/src/autoreply.cpp |
37 |
--- licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp 2008-06-21 14:49:20.000000000 +0200 |
38 |
+++ licq-1.3.5/plugins/auto-reply/src/autoreply.cpp 2008-06-21 14:52:18.000000000 +0200 |
39 |
@@ -10,10 +10,11 @@ |
40 |
#include <ctype.h> |
41 |
#include <stdio.h> |
42 |
#include <stdlib.h> |
43 |
#include <sys/wait.h> |
44 |
#include <signal.h> |
45 |
+#include <climits> |
46 |
#ifdef HAVE_ERRNO_H |
47 |
#include <errno.h> |
48 |
#else |
49 |
extern int errno; |
50 |
#endif |
51 |
diff -NrU5 licq-1.3.5.orig/plugins/email/configure.ac licq-1.3.5/plugins/email/configure.ac |
52 |
--- licq-1.3.5.orig/plugins/email/configure.ac 2008-06-21 14:49:20.000000000 +0200 |
53 |
+++ licq-1.3.5/plugins/email/configure.ac 2008-06-21 14:52:18.000000000 +0200 |
54 |
@@ -46,11 +46,11 @@ |
55 |
|
56 |
dnl Switch to C++ mode and check for needed C++ headers |
57 |
AC_LANG_SAVE |
58 |
AC_LANG_CPLUSPLUS |
59 |
|
60 |
-AC_CHECK_HEADER(vector.h,, |
61 |
+AC_CHECK_HEADER(vector,, |
62 |
AC_MSG_ERROR(You need to have the libstdc++ headers installed)) |
63 |
|
64 |
AC_LANG_RESTORE |
65 |
|
66 |
AC_OUTPUT( |
67 |
diff -NrU5 licq-1.3.5.orig/plugins/email/src/forwarder.cpp licq-1.3.5/plugins/email/src/forwarder.cpp |
68 |
--- licq-1.3.5.orig/plugins/email/src/forwarder.cpp 2008-06-21 14:49:20.000000000 +0200 |
69 |
+++ licq-1.3.5/plugins/email/src/forwarder.cpp 2008-06-21 15:17:53.000000000 +0200 |
70 |
@@ -7,10 +7,11 @@ |
71 |
#include <sys/types.h> |
72 |
#include <unistd.h> |
73 |
#include <string.h> |
74 |
#include <ctype.h> |
75 |
#include <stdio.h> |
76 |
+#include <climits> |
77 |
#ifdef HAVE_ERRNO_H |
78 |
#include <errno.h> |
79 |
#else |
80 |
extern int errno; |
81 |
#endif |
82 |
diff -NrU5 licq-1.3.5.orig/plugins/msn/configure.ac licq-1.3.5/plugins/msn/configure.ac |
83 |
--- licq-1.3.5.orig/plugins/msn/configure.ac 2008-06-21 14:49:20.000000000 +0200 |
84 |
+++ licq-1.3.5/plugins/msn/configure.ac 2008-06-21 14:52:18.000000000 +0200 |
85 |
@@ -51,11 +51,11 @@ |
86 |
|
87 |
dnl Switch to C++ mode and check for needed C++ headers |
88 |
AC_LANG_SAVE |
89 |
AC_LANG_CPLUSPLUS |
90 |
|
91 |
-AC_CHECK_HEADER(vector.h,, |
92 |
+AC_CHECK_HEADER(vector,, |
93 |
AC_MSG_ERROR(You need to have the libstdc++ headers installed)) |
94 |
|
95 |
AC_LANG_RESTORE |
96 |
|
97 |
msn_gcc_major_version=0 |
98 |
diff -NrU5 licq-1.3.5.orig/plugins/rms/src/rms.cpp licq-1.3.5/plugins/rms/src/rms.cpp |
99 |
--- licq-1.3.5.orig/plugins/rms/src/rms.cpp 2008-06-21 14:49:20.000000000 +0200 |
100 |
+++ licq-1.3.5/plugins/rms/src/rms.cpp 2008-06-21 15:08:27.000000000 +0200 |
101 |
@@ -7,10 +7,11 @@ |
102 |
#include <sys/types.h> |
103 |
#include <unistd.h> |
104 |
#include <string.h> |
105 |
#include <ctype.h> |
106 |
#include <stdio.h> |
107 |
+#include <climits> |
108 |
#ifdef HAVE_ERRNO_H |
109 |
#include <errno.h> |
110 |
#else |
111 |
extern int errno; |
112 |
#endif |
113 |
diff -NrU5 licq-1.3.5.orig/src/fifo.cpp licq-1.3.5/src/fifo.cpp |
114 |
--- licq-1.3.5.orig/src/fifo.cpp 2008-06-21 14:49:20.000000000 +0200 |
115 |
+++ licq-1.3.5/src/fifo.cpp 2008-06-21 14:52:18.000000000 +0200 |
116 |
@@ -28,10 +28,11 @@ |
117 |
#include <stdio.h> |
118 |
#include <stdlib.h> |
119 |
#include <sys/stat.h> |
120 |
#include <fcntl.h> |
121 |
#include <ctype.h> |
122 |
+#include <climits> |
123 |
#include "time-fix.h" |
124 |
|
125 |
#ifdef HAVE_ERRNO_H |
126 |
#include <errno.h> |
127 |
#else |
128 |
|
129 |
|
130 |
|
131 |
1.1 net-im/licq/files/licq-1.3.5-prevent-dos.patch |
132 |
|
133 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-prevent-dos.patch?rev=1.1&view=markup |
134 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-prevent-dos.patch?rev=1.1&content-type=text/plain |
135 |
|
136 |
Index: licq-1.3.5-prevent-dos.patch |
137 |
=================================================================== |
138 |
Source: http://www.licq.org/changeset/6146 |
139 |
Reason: DoS via large number of connections, bug #219708 |
140 |
--- /trunk/licq/include/licq_socket.h |
141 |
+++ /trunk/licq/include/licq_socket.h |
142 |
@@ -251,4 +251,5 @@ |
143 |
fd_set SocketSet() { return m_sSockets.SocketSet(); } |
144 |
int LargestSocket() { return m_sSockets.Largest(); } |
145 |
+ unsigned short Num() { return m_sSockets.Num(); } |
146 |
|
147 |
protected: |
148 |
--- /trunk/licq/src/socket.cpp |
149 |
+++ /trunk/licq/src/socket.cpp |
150 |
@@ -818,6 +818,24 @@ |
151 |
socklen_t sizeofSockaddr = sizeof(struct sockaddr_in); |
152 |
|
153 |
- newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr); |
154 |
- newSocket.SetLocalAddress(); |
155 |
+ // Make sure we stay under FD_SETSIZE |
156 |
+ // See: |
157 |
+ // * http://www.securityfocus.com/archive/1/490711 |
158 |
+ // * http://securityvulns.com/docs7669.html |
159 |
+ // for more details |
160 |
+ // This probably has no affect, since we are using multiple threads, but keep it here |
161 |
+ // to be used as a sanity check. |
162 |
+ int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr); |
163 |
+ if (newDesc < FD_SETSIZE) |
164 |
+ { |
165 |
+ newSocket.m_nDescriptor = newDesc; |
166 |
+ newSocket.SetLocalAddress(); |
167 |
+ } |
168 |
+ else |
169 |
+ { |
170 |
+ gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR); |
171 |
+ close(newDesc); |
172 |
+ |
173 |
+ // TODO throw an exception, or do something to tell the caller it failed |
174 |
+ } |
175 |
} |
176 |
|
177 |
--- /trunk/licq/src/icqd-threads.cpp |
178 |
+++ /trunk/licq/src/icqd-threads.cpp |
179 |
@@ -24,4 +24,5 @@ |
180 |
#include "gettext.h" |
181 |
|
182 |
+#define MAX_CONNECTS 256 |
183 |
#define DEBUG_THREADS(x) |
184 |
//#define DEBUG_THREADS(x) gLog.Info(x) |
185 |
@@ -781,6 +782,19 @@ |
186 |
tcp->RecvConnection(*newSocket); |
187 |
gSocketManager.DropSocket(tcp); |
188 |
- gSocketManager.AddSocket(newSocket); |
189 |
- gSocketManager.DropSocket(newSocket); |
190 |
+ |
191 |
+ // Make sure we can handle another socket before accepting it |
192 |
+ if (gSocketManager.Num() > MAX_CONNECTS) |
193 |
+ { |
194 |
+ // Too many sockets, drop this one |
195 |
+ char remoteIp[32]; |
196 |
+ gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"), |
197 |
+ L_WARNxSTR, newSocket->RemoteIpStr(remoteIp)); |
198 |
+ delete newSocket; |
199 |
+ } |
200 |
+ else |
201 |
+ { |
202 |
+ gSocketManager.AddSocket(newSocket); |
203 |
+ gSocketManager.DropSocket(newSocket); |
204 |
+ } |
205 |
} |
206 |
} |
207 |
--- /trunk/licq/src/icqd-chat.cpp |
208 |
+++ /trunk/licq/src/icqd-chat.cpp |
209 |
@@ -24,4 +24,5 @@ |
210 |
#include "gettext.h" |
211 |
|
212 |
+#define MAX_CONNECTS 256 |
213 |
#define DEBUG_THREADS(x) |
214 |
|
215 |
@@ -2384,14 +2385,22 @@ |
216 |
else if (nCurrentSocket == chatman->chatServer.Descriptor()) |
217 |
{ |
218 |
- CChatUser *u = new CChatUser; |
219 |
- u->m_pClient = new CChatClient; |
220 |
- |
221 |
- chatman->chatServer.RecvConnection(u->sock); |
222 |
- chatman->sockman.AddSocket(&u->sock); |
223 |
- chatman->sockman.DropSocket(&u->sock); |
224 |
- |
225 |
- u->state = CHAT_STATE_HANDSHAKE; |
226 |
- chatman->chatUsers.push_back(u); |
227 |
- gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR); |
228 |
+ if (chatman->sockman.Num() >= MAX_CONNECTS) |
229 |
+ { |
230 |
+ // Too many sockets, drop this one |
231 |
+ gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR); |
232 |
+ } |
233 |
+ else |
234 |
+ { |
235 |
+ CChatUser *u = new CChatUser; |
236 |
+ u->m_pClient = new CChatClient; |
237 |
+ |
238 |
+ chatman->chatServer.RecvConnection(u->sock); |
239 |
+ chatman->sockman.AddSocket(&u->sock); |
240 |
+ chatman->sockman.DropSocket(&u->sock); |
241 |
+ |
242 |
+ u->state = CHAT_STATE_HANDSHAKE; |
243 |
+ chatman->chatUsers.push_back(u); |
244 |
+ gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR); |
245 |
+ } |
246 |
} |
247 |
|
248 |
|
249 |
|
250 |
|
251 |
|
252 |
1.1 net-im/licq/files/licq-1.3.5-logonfix.patch |
253 |
|
254 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-logonfix.patch?rev=1.1&view=markup |
255 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-logonfix.patch?rev=1.1&content-type=text/plain |
256 |
|
257 |
Index: licq-1.3.5-logonfix.patch |
258 |
=================================================================== |
259 |
Source: Upstream homepage, already applied. |
260 |
Reason: Can't login after protocol change, bug #230387 |
261 |
--- src/icqpacket.cpp |
262 |
+++ src/icqpacket.cpp |
263 |
@@ -821,7 +821,7 @@ |
264 |
|
265 |
// Static versioning |
266 |
buffer->PackUnsignedLongBE(0x00160002); |
267 |
- buffer->PackUnsignedShortBE(0x010A); |
268 |
+ buffer->PackUnsignedShortBE(0x010B); |
269 |
// Client version major (4 == ICQ2000, 5 == ICQ2001) |
270 |
buffer->PackUnsignedLongBE(0x00170002); |
271 |
buffer->PackUnsignedShortBE(0x0014); |
272 |
|
273 |
|
274 |
|
275 |
-- |
276 |
gentoo-commits@l.g.o mailing list |