[gentoo-commits] gentoo-x86 commit in sys-cluster/torque/files: CVE-2013-4319-4.x-root-submit-fix.patch CVE-2013-4319-2.x-root-submit-fix.patch - gentoo-commits

From:	"Justin Bronder (jsbronder)" <jsbronder@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in sys-cluster/torque/files: CVE-2013-4319-4.x-root-submit-fix.patch CVE-2013-4319-2.x-root-submit-fix.patch
Date:	Mon, 23 Dec 2013 18:01:41
Message-Id:	`20131223180136.2C2872001A@flycatcher.gentoo.org`

1

jsbronder    13/12/23 18:01:35

2

3

  Added:                CVE-2013-4319-4.x-root-submit-fix.patch

4

                        CVE-2013-4319-2.x-root-submit-fix.patch

5

  Log:

6

  Add patches for CVE-2013-4319 (#484320).

7

8

  (Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9)

9

10

Revision  Changes    Path

11

1.1                  sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch?rev=1.1&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch?rev=1.1&content-type=text/plain

15

16

Index: CVE-2013-4319-4.x-root-submit-fix.patch

17

===================================================================

18

From 6424696d7b160c8a9ad806c4a6b0f77f0d359962 Mon Sep 17 00:00:00 2001

19

From: Justin Bronder <jsbronder@×××××.com>

20

Date: Mon, 23 Dec 2013 12:48:22 -0500

21

Subject: [PATCH] CVE-2013-4319: 4.x root submit fix

22

23

https://bugs.gentoo.org/show_bug.cgi?id=484320

24

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319

25

---

26

 src/resmom/mom_process_request.c | 13 +++++++++++++

27

 1 file changed, 13 insertions(+)

28

29

diff --git a/src/resmom/mom_process_request.c b/src/resmom/mom_process_request.c

30

index 049f63f..813833f 100644

31

--- a/src/resmom/mom_process_request.c

32

+++ b/src/resmom/mom_process_request.c

33

@@ -238,6 +238,19 @@ void *mom_process_request(

34

       log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);

35

}

36

37

+    if (svr_conn[chan->sock].cn_authen != PBS_NET_CONN_FROM_PRIVIL)

38

+      {

39

+      sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",

40

+        reqtype_to_txt(request->rq_type),

41

+        request->rq_host);

42

+

43

+      log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);

44

+      req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");

45

+      mom_close_client(chan->sock);

46

+      DIS_tcp_cleanup(chan);

47

+      return NULL;

48

+      }

49

+

50

     if (!AVL_is_in_tree_no_port_compare(svr_conn[chan->sock].cn_addr, 0, okclients))

51

{

52

       sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",

53

--

54

1.8.3.2

1.1                  sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch

60

61

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch?rev=1.1&view=markup

62

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch?rev=1.1&content-type=text/plain

63

64

Index: CVE-2013-4319-2.x-root-submit-fix.patch

65

===================================================================

66

From 5dee0365a56dd2cc4cfd0b182bc843b4f32c086c Mon Sep 17 00:00:00 2001

67

From: Justin Bronder <jsbronder@×××××.com>

68

Date: Mon, 23 Dec 2013 12:40:27 -0500

69

Subject: [PATCH] CVE-2013-4319: 2.x root submit fix

70

71

https://bugs.gentoo.org/show_bug.cgi?id=484320

72

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319\

73

---

74

 src/server/process_request.c | 15 +++++++++++++++

75

 1 file changed, 15 insertions(+)

76

77

diff --git a/src/server/process_request.c b/src/server/process_request.c

78

index d4a3c92..b06a333 100644

79

--- a/src/server/process_request.c

80

+++ b/src/server/process_request.c

81

@@ -640,6 +640,21 @@ void process_request(

82

         log_buffer);

83

}

84

85

+    if (svr_conn[sfds].cn_authen != PBS_NET_CONN_FROM_PRIVIL)

86

+      {

87

+      sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",

88

+        reqtype_to_txt(request->rq_type),

89

+        request->rq_host);

90

+

91

+      log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, id, log_buffer);

92

+

93

+      req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");

94

+

95

+      close_client(sfds);

96

+

97

+      return;

98

+      }

99

+

100

     if (!tfind(svr_conn[sfds].cn_addr, &okclients))

101

{

102

       sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",

103

--

104

1.8.3.2

1	jsbronder 13/12/23 18:01:35
2
3	Added: CVE-2013-4319-4.x-root-submit-fix.patch
4	CVE-2013-4319-2.x-root-submit-fix.patch
5	Log:
6	Add patches for CVE-2013-4319 (#484320).
7
8	(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9)
9
10	Revision Changes Path
11	1.1 sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch?rev=1.1&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch?rev=1.1&content-type=text/plain
15
16	Index: CVE-2013-4319-4.x-root-submit-fix.patch
17	===================================================================
18	From 6424696d7b160c8a9ad806c4a6b0f77f0d359962 Mon Sep 17 00:00:00 2001
19	From: Justin Bronder <jsbronder@×××××.com>
20	Date: Mon, 23 Dec 2013 12:48:22 -0500
21	Subject: [PATCH] CVE-2013-4319: 4.x root submit fix
22
23	https://bugs.gentoo.org/show_bug.cgi?id=484320
24	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319
25	---
26	src/resmom/mom_process_request.c \| 13 +++++++++++++
27	1 file changed, 13 insertions(+)
28
29	diff --git a/src/resmom/mom_process_request.c b/src/resmom/mom_process_request.c
30	index 049f63f..813833f 100644
31	--- a/src/resmom/mom_process_request.c
32	+++ b/src/resmom/mom_process_request.c
33	@@ -238,6 +238,19 @@ void *mom_process_request(
34	log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
35	}
36
37	+ if (svr_conn[chan->sock].cn_authen != PBS_NET_CONN_FROM_PRIVIL)
38	+ {
39	+ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",
40	+ reqtype_to_txt(request->rq_type),
41	+ request->rq_host);
42	+
43	+ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
44	+ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
45	+ mom_close_client(chan->sock);
46	+ DIS_tcp_cleanup(chan);
47	+ return NULL;
48	+ }
49	+
50	if (!AVL_is_in_tree_no_port_compare(svr_conn[chan->sock].cn_addr, 0, okclients))
51	{
52	sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",
53	--
54	1.8.3.2
55
56
57
58
59	1.1 sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch
60
61	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch?rev=1.1&view=markup
62	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch?rev=1.1&content-type=text/plain
63
64	Index: CVE-2013-4319-2.x-root-submit-fix.patch
65	===================================================================
66	From 5dee0365a56dd2cc4cfd0b182bc843b4f32c086c Mon Sep 17 00:00:00 2001
67	From: Justin Bronder <jsbronder@×××××.com>
68	Date: Mon, 23 Dec 2013 12:40:27 -0500
69	Subject: [PATCH] CVE-2013-4319: 2.x root submit fix
70
71	https://bugs.gentoo.org/show_bug.cgi?id=484320
72	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319\
73	---
74	src/server/process_request.c \| 15 +++++++++++++++
75	1 file changed, 15 insertions(+)
76
77	diff --git a/src/server/process_request.c b/src/server/process_request.c
78	index d4a3c92..b06a333 100644
79	--- a/src/server/process_request.c
80	+++ b/src/server/process_request.c
81	@@ -640,6 +640,21 @@ void process_request(
82	log_buffer);
83	}
84
85	+ if (svr_conn[sfds].cn_authen != PBS_NET_CONN_FROM_PRIVIL)
86	+ {
87	+ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",
88	+ reqtype_to_txt(request->rq_type),
89	+ request->rq_host);
90	+
91	+ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, id, log_buffer);
92	+
93	+ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
94	+
95	+ close_client(sfds);
96	+
97	+ return;
98	+ }
99	+
100	if (!tfind(svr_conn[sfds].cn_addr, &okclients))
101	{
102	sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",
103	--
104	1.8.3.2

Gentoo Archives: gentoo-commits