summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGuillem Jover <guillem@hadrons.org>2013-02-07 03:32:06 +0100
committerGuillem Jover <guillem@hadrons.org>2013-02-07 03:32:06 +0100
commit23ba4d3abbb08f1c070b02de0b71e2094117ac91 (patch)
tree83ed009505d7aea09f5545ec33341d6cb120a4fc
parentddc7d6677effcf86d352e9b364ab1ce7613e6d41 (diff)
downloadinetutils-23ba4d3abbb08f1c070b02de0b71e2094117ac91.tar.gz
Fix DoS against inetutils-ping via a crafted echo response
Patch cherry-picked from upstream. Fixes: CVE-2010-2529
-rw-r--r--debian/changelog7
-rw-r--r--debian/patches/0001-ping-CVE-2010-2529.patch28
-rw-r--r--debian/patches/series1
3 files changed, 36 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 468e489..7a74dd4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+inetutils (2:1.9-2) UNRELEASED; urgency=medium
+
+ * Fix DoS against inetutils-ping via a crafted echo response.
+ Patch cherry-picked from upstream. CVE-2010-2529
+
+ -- Guillem Jover <guillem@debian.org> Mon, 04 Feb 2013 00:33:08 +0100
+
inetutils (2:1.9-1) unstable; urgency=low
* New upstream release.
diff --git a/debian/patches/0001-ping-CVE-2010-2529.patch b/debian/patches/0001-ping-CVE-2010-2529.patch
new file mode 100644
index 0000000..ad8c048
--- /dev/null
+++ b/debian/patches/0001-ping-CVE-2010-2529.patch
@@ -0,0 +1,28 @@
+From d7ffe9ddf524b0ff13088b2685bd9cfde5e580f5 Mon Sep 17 00:00:00 2001
+From: Mats Erik Andersson <gnu@gisladisker.se>
+Date: Thu, 17 Jan 2013 10:34:55 +0100
+Subject: [PATCH] ping: CVE-2010-2529
+
+ CVE-2010-2529: Infinite loop.
+
+ * ping/ping_echo.c (print_ip_opt) <IPOPT_RR>: Break loop
+ if option is truncated or exhausted.
+
+---
+
+diff --git a/ping/ping_echo.c b/ping/ping_echo.c
+index 634e178..e83ccff 100644
+--- a/ping/ping_echo.c
++++ b/ping/ping_echo.c
+@@ -499,7 +499,7 @@ print_ip_opt (struct ip *ip, int hlen)
+ i = j;
+ i -= IPOPT_MINOFF;
+ if (i <= 0)
+- continue;
++ break;
+ if (i == old_rrlen
+ && cp == (unsigned char *) (ip + 1) + 2
+ && !memcmp ((char *) cp, old_rr, i) && !(options & OPT_FLOOD))
+--
+1.8.1.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 43c0d1d..3069639 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@
62_inetd_change_ipv6_protocol_semantics.patch
70_ftbfs_non-linux.patch
71_ftbfs_format_security.patch
+0001-ping-CVE-2010-2529.patch