diff options
author | Guillem Jover <guillem@hadrons.org> | 2013-02-07 03:32:06 +0100 |
---|---|---|
committer | Guillem Jover <guillem@hadrons.org> | 2013-02-07 03:32:06 +0100 |
commit | 23ba4d3abbb08f1c070b02de0b71e2094117ac91 (patch) | |
tree | 83ed009505d7aea09f5545ec33341d6cb120a4fc | |
parent | ddc7d6677effcf86d352e9b364ab1ce7613e6d41 (diff) | |
download | inetutils-23ba4d3abbb08f1c070b02de0b71e2094117ac91.tar.gz |
Fix DoS against inetutils-ping via a crafted echo response
Patch cherry-picked from upstream.
Fixes: CVE-2010-2529
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | debian/patches/0001-ping-CVE-2010-2529.patch | 28 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 36 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 468e489..7a74dd4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +inetutils (2:1.9-2) UNRELEASED; urgency=medium + + * Fix DoS against inetutils-ping via a crafted echo response. + Patch cherry-picked from upstream. CVE-2010-2529 + + -- Guillem Jover <guillem@debian.org> Mon, 04 Feb 2013 00:33:08 +0100 + inetutils (2:1.9-1) unstable; urgency=low * New upstream release. diff --git a/debian/patches/0001-ping-CVE-2010-2529.patch b/debian/patches/0001-ping-CVE-2010-2529.patch new file mode 100644 index 0000000..ad8c048 --- /dev/null +++ b/debian/patches/0001-ping-CVE-2010-2529.patch @@ -0,0 +1,28 @@ +From d7ffe9ddf524b0ff13088b2685bd9cfde5e580f5 Mon Sep 17 00:00:00 2001 +From: Mats Erik Andersson <gnu@gisladisker.se> +Date: Thu, 17 Jan 2013 10:34:55 +0100 +Subject: [PATCH] ping: CVE-2010-2529 + + CVE-2010-2529: Infinite loop. + + * ping/ping_echo.c (print_ip_opt) <IPOPT_RR>: Break loop + if option is truncated or exhausted. + +--- + +diff --git a/ping/ping_echo.c b/ping/ping_echo.c +index 634e178..e83ccff 100644 +--- a/ping/ping_echo.c ++++ b/ping/ping_echo.c +@@ -499,7 +499,7 @@ print_ip_opt (struct ip *ip, int hlen) + i = j; + i -= IPOPT_MINOFF; + if (i <= 0) +- continue; ++ break; + if (i == old_rrlen + && cp == (unsigned char *) (ip + 1) + 2 + && !memcmp ((char *) cp, old_rr, i) && !(options & OPT_FLOOD)) +-- +1.8.1.1 + diff --git a/debian/patches/series b/debian/patches/series index 43c0d1d..3069639 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,3 +7,4 @@ 62_inetd_change_ipv6_protocol_semantics.patch 70_ftbfs_non-linux.patch 71_ftbfs_format_security.patch +0001-ping-CVE-2010-2529.patch |