summaryrefslogtreecommitdiff
path: root/chat/licq-core
diff options
context:
space:
mode:
authortonnerre <tonnerre@pkgsrc.org>2008-05-11 04:12:34 +0000
committertonnerre <tonnerre@pkgsrc.org>2008-05-11 04:12:34 +0000
commit2b32a72a590ed2ec80dab7c3e28c5889250303d3 (patch)
tree16a46a339aab78892ae13709f9c4c8ce4d52bec7 /chat/licq-core
parent78764441f34d091b20a712610c93aac5238e717e (diff)
downloadpkgsrc-2b32a72a590ed2ec80dab7c3e28c5889250303d3.tar.gz
Fix multiple connection handling Denial of Service vulnerability in licq
(CVE-2008-1996). Before this, the application would crash if too many TCP connections are opened.
Diffstat (limited to 'chat/licq-core')
-rw-r--r--chat/licq-core/Makefile3
-rw-r--r--chat/licq-core/distinfo7
-rw-r--r--chat/licq-core/patches/patch-aa12
-rw-r--r--chat/licq-core/patches/patch-ab47
-rw-r--r--chat/licq-core/patches/patch-ac36
-rw-r--r--chat/licq-core/patches/patch-ag26
6 files changed, 126 insertions, 5 deletions
diff --git a/chat/licq-core/Makefile b/chat/licq-core/Makefile
index 944e7930605..7527b5e4765 100644
--- a/chat/licq-core/Makefile
+++ b/chat/licq-core/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.10 2007/12/22 22:34:22 jdolecek Exp $
+# $NetBSD: Makefile,v 1.11 2008/05/11 04:12:34 tonnerre Exp $
#
DISTNAME= licq-1.3.5
PKGNAME= ${DISTNAME:C/-/-core-/}
+PKGREVISION= 1
CATEGORIES= chat
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=licq/}
EXTRACT_SUFX= .tar.bz2
diff --git a/chat/licq-core/distinfo b/chat/licq-core/distinfo
index 21ea18cd22d..a5705fdf35c 100644
--- a/chat/licq-core/distinfo
+++ b/chat/licq-core/distinfo
@@ -1,12 +1,15 @@
-$NetBSD: distinfo,v 1.12 2008/01/05 21:00:18 rillig Exp $
+$NetBSD: distinfo,v 1.13 2008/05/11 04:12:34 tonnerre Exp $
SHA1 (licq-1.3.5.tar.bz2) = a1059173f36694e6e5ec9ba62ced6e9738807916
RMD160 (licq-1.3.5.tar.bz2) = 4442f6cb3630d8300e5f128617a522bd2cb863dc
Size (licq-1.3.5.tar.bz2) = 3260471 bytes
-SHA1 (patch-aa) = 974a65e3483b3438fb3c6c9aaf96aa67e4c60fa6
+SHA1 (patch-aa) = 643c4a7ac8abada0a60eb16f66e845fbb8e8a0e2
+SHA1 (patch-ab) = f6cefc63ebff977300b85eeee4c69694f27a1b04
+SHA1 (patch-ac) = 8bd085b41c37df19b45e772d3b7c2eef9f45490a
SHA1 (patch-ad) = d53a300e08852c9ad09ec900b46feb2c37129d76
SHA1 (patch-ae) = cf0ad230f4dcaca9ed1d3f92a4c5e6e131029d68
SHA1 (patch-af) = 86a99ad96c56f0e53547025a7c5536a01fd2a8b8
+SHA1 (patch-ag) = 57f07955f7710b4ff2d7e453518eb1bdee45a4b5
SHA1 (patch-ai) = f8cebb4e821a1b648e69135db5dd232a9459773a
SHA1 (patch-ca) = 36475ac0642e8908a2ae6a8913efa25ba09af1c3
SHA1 (patch-cb) = 3a4f3f35825207693dc87112899a3e6bb3ec71a0
diff --git a/chat/licq-core/patches/patch-aa b/chat/licq-core/patches/patch-aa
index 2fa7c96cef8..839f452358d 100644
--- a/chat/licq-core/patches/patch-aa
+++ b/chat/licq-core/patches/patch-aa
@@ -1,6 +1,6 @@
-$NetBSD: patch-aa,v 1.1 2005/10/31 18:58:38 tv Exp $
+$NetBSD: patch-aa,v 1.2 2008/05/11 04:12:34 tonnerre Exp $
---- include/licq_socket.h.orig 2002-03-20 11:00:54.000000000 -0500
+--- include/licq_socket.h.orig 2006-10-18 10:59:12.000000000 +0200
+++ include/licq_socket.h
@@ -6,6 +6,7 @@
#endif
@@ -10,3 +10,11 @@ $NetBSD: patch-aa,v 1.1 2005/10/31 18:58:38 tv Exp $
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+@@ -250,6 +251,7 @@ public:
+
+ fd_set SocketSet() { return m_sSockets.SocketSet(); }
+ int LargestSocket() { return m_sSockets.Largest(); }
++ unsigned short Num() { return m_sSockets.Num(); }
+
+ protected:
+ CSocketSet m_sSockets;
diff --git a/chat/licq-core/patches/patch-ab b/chat/licq-core/patches/patch-ab
new file mode 100644
index 00000000000..96c62c06fa2
--- /dev/null
+++ b/chat/licq-core/patches/patch-ab
@@ -0,0 +1,47 @@
+$NetBSD: patch-ab,v 1.3 2008/05/11 04:12:34 tonnerre Exp $
+
+--- src/icqd-chat.cpp.orig 2007-09-09 14:05:24.000000000 +0200
++++ src/icqd-chat.cpp
+@@ -23,6 +23,7 @@
+ // Localization
+ #include "gettext.h"
+
++#define MAX_CONNECTS 256
+ #define DEBUG_THREADS(x)
+
+
+@@ -2383,16 +2384,24 @@ void *ChatManager_tep(void *arg)
+ // Connection on the server port ---------------------------------------
+ else if (nCurrentSocket == chatman->chatServer.Descriptor())
+ {
+- CChatUser *u = new CChatUser;
+- u->m_pClient = new CChatClient;
+-
+- chatman->chatServer.RecvConnection(u->sock);
+- chatman->sockman.AddSocket(&u->sock);
+- chatman->sockman.DropSocket(&u->sock);
+-
+- u->state = CHAT_STATE_HANDSHAKE;
+- chatman->chatUsers.push_back(u);
+- gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++ if (chatman->sockman.Num() >= MAX_CONNECTS)
++ {
++ // Too many sockets, drop this one
++ gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR);
++ }
++ else
++ {
++ CChatUser *u = new CChatUser;
++ u->m_pClient = new CChatClient;
++
++ chatman->chatServer.RecvConnection(u->sock);
++ chatman->sockman.AddSocket(&u->sock);
++ chatman->sockman.DropSocket(&u->sock);
++
++ u->state = CHAT_STATE_HANDSHAKE;
++ chatman->chatUsers.push_back(u);
++ gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++ }
+ }
+
+ // Message from connected socket----------------------------------------
diff --git a/chat/licq-core/patches/patch-ac b/chat/licq-core/patches/patch-ac
new file mode 100644
index 00000000000..fa863cf0901
--- /dev/null
+++ b/chat/licq-core/patches/patch-ac
@@ -0,0 +1,36 @@
+$NetBSD: patch-ac,v 1.5 2008/05/11 04:12:34 tonnerre Exp $
+
+--- src/icqd-threads.cpp.orig 2007-09-28 22:11:35.000000000 +0200
++++ src/icqd-threads.cpp
+@@ -23,6 +23,7 @@
+ // Localization
+ #include "gettext.h"
+
++#define MAX_CONNECTS 256
+ #define DEBUG_THREADS(x)
+ //#define DEBUG_THREADS(x) gLog.Info(x)
+
+@@ -780,8 +781,21 @@ void *MonitorSockets_tep(void *p)
+ TCPSocket *newSocket = new TCPSocket(0);
+ tcp->RecvConnection(*newSocket);
+ gSocketManager.DropSocket(tcp);
+- gSocketManager.AddSocket(newSocket);
+- gSocketManager.DropSocket(newSocket);
++
++ // Make sure we can handle another socket before accepting it
++ if (gSocketManager.Num() > MAX_CONNECTS)
++ {
++ // Too many sockets, drop this one
++ char remoteIp[32];
++ gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"),
++ L_WARNxSTR, newSocket->RemoteIpStr(remoteIp));
++ delete newSocket;
++ }
++ else
++ {
++ gSocketManager.AddSocket(newSocket);
++ gSocketManager.DropSocket(newSocket);
++ }
+ }
+ }
+
diff --git a/chat/licq-core/patches/patch-ag b/chat/licq-core/patches/patch-ag
new file mode 100644
index 00000000000..c2b76b137ca
--- /dev/null
+++ b/chat/licq-core/patches/patch-ag
@@ -0,0 +1,26 @@
+$NetBSD: patch-ag,v 1.3 2008/05/11 04:12:34 tonnerre Exp $
+
+--- src/socket.cpp.orig 2007-10-15 20:11:50.000000000 +0200
++++ src/socket.cpp
+@@ -817,8 +817,19 @@ void TCPSocket::RecvConnection(TCPSocket
+ {
+ socklen_t sizeofSockaddr = sizeof(struct sockaddr_in);
+
+- newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
+- newSocket.SetLocalAddress();
++ int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
++ if (newDesc < FD_SETSIZE)
++ {
++ newSocket.m_nDescriptor = newDesc;
++ newSocket.SetLocalAddress();
++ }
++ else
++ {
++ gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR);
++ close(newDesc);
++
++ // TODO throw an exception, or do something to tell the caller it failed
++ }
+ }
+
+ #define m_pSSL ((SSL *) m_p_SSL)