1 |
jsbronder 13/12/23 18:01:35 |
2 |
|
3 |
Added: CVE-2013-4319-4.x-root-submit-fix.patch |
4 |
CVE-2013-4319-2.x-root-submit-fix.patch |
5 |
Log: |
6 |
Add patches for CVE-2013-4319 (#484320). |
7 |
|
8 |
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: CVE-2013-4319-4.x-root-submit-fix.patch |
17 |
=================================================================== |
18 |
From 6424696d7b160c8a9ad806c4a6b0f77f0d359962 Mon Sep 17 00:00:00 2001 |
19 |
From: Justin Bronder <jsbronder@×××××.com> |
20 |
Date: Mon, 23 Dec 2013 12:48:22 -0500 |
21 |
Subject: [PATCH] CVE-2013-4319: 4.x root submit fix |
22 |
|
23 |
https://bugs.gentoo.org/show_bug.cgi?id=484320 |
24 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319 |
25 |
--- |
26 |
src/resmom/mom_process_request.c | 13 +++++++++++++ |
27 |
1 file changed, 13 insertions(+) |
28 |
|
29 |
diff --git a/src/resmom/mom_process_request.c b/src/resmom/mom_process_request.c |
30 |
index 049f63f..813833f 100644 |
31 |
--- a/src/resmom/mom_process_request.c |
32 |
+++ b/src/resmom/mom_process_request.c |
33 |
@@ -238,6 +238,19 @@ void *mom_process_request( |
34 |
log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer); |
35 |
} |
36 |
|
37 |
+ if (svr_conn[chan->sock].cn_authen != PBS_NET_CONN_FROM_PRIVIL) |
38 |
+ { |
39 |
+ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)", |
40 |
+ reqtype_to_txt(request->rq_type), |
41 |
+ request->rq_host); |
42 |
+ |
43 |
+ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer); |
44 |
+ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized"); |
45 |
+ mom_close_client(chan->sock); |
46 |
+ DIS_tcp_cleanup(chan); |
47 |
+ return NULL; |
48 |
+ } |
49 |
+ |
50 |
if (!AVL_is_in_tree_no_port_compare(svr_conn[chan->sock].cn_addr, 0, okclients)) |
51 |
{ |
52 |
sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)", |
53 |
-- |
54 |
1.8.3.2 |
55 |
|
56 |
|
57 |
|
58 |
|
59 |
1.1 sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch |
60 |
|
61 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch?rev=1.1&view=markup |
62 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4319-2.x-root-submit-fix.patch?rev=1.1&content-type=text/plain |
63 |
|
64 |
Index: CVE-2013-4319-2.x-root-submit-fix.patch |
65 |
=================================================================== |
66 |
From 5dee0365a56dd2cc4cfd0b182bc843b4f32c086c Mon Sep 17 00:00:00 2001 |
67 |
From: Justin Bronder <jsbronder@×××××.com> |
68 |
Date: Mon, 23 Dec 2013 12:40:27 -0500 |
69 |
Subject: [PATCH] CVE-2013-4319: 2.x root submit fix |
70 |
|
71 |
https://bugs.gentoo.org/show_bug.cgi?id=484320 |
72 |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319\ |
73 |
--- |
74 |
src/server/process_request.c | 15 +++++++++++++++ |
75 |
1 file changed, 15 insertions(+) |
76 |
|
77 |
diff --git a/src/server/process_request.c b/src/server/process_request.c |
78 |
index d4a3c92..b06a333 100644 |
79 |
--- a/src/server/process_request.c |
80 |
+++ b/src/server/process_request.c |
81 |
@@ -640,6 +640,21 @@ void process_request( |
82 |
log_buffer); |
83 |
} |
84 |
|
85 |
+ if (svr_conn[sfds].cn_authen != PBS_NET_CONN_FROM_PRIVIL) |
86 |
+ { |
87 |
+ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)", |
88 |
+ reqtype_to_txt(request->rq_type), |
89 |
+ request->rq_host); |
90 |
+ |
91 |
+ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, id, log_buffer); |
92 |
+ |
93 |
+ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized"); |
94 |
+ |
95 |
+ close_client(sfds); |
96 |
+ |
97 |
+ return; |
98 |
+ } |
99 |
+ |
100 |
if (!tfind(svr_conn[sfds].cn_addr, &okclients)) |
101 |
{ |
102 |
sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)", |
103 |
-- |
104 |
1.8.3.2 |