From 88276c8e9486427792344b6395d9538397882642 Mon Sep 17 00:00:00 2001 From: tonnerre Date: Mon, 12 May 2008 15:49:30 +0000 Subject: Use mkstemp in netperf code to open the debug log in order to avoid a symlink vulnerability. This fixes CVE-2007-1444. --- benchmarks/netperf/Makefile | 3 +- benchmarks/netperf/distinfo | 5 +++- benchmarks/netperf/patches/patch-ah | 12 ++++++++ benchmarks/netperf/patches/patch-ai | 56 +++++++++++++++++++++++++++++++++++++ benchmarks/netperf/patches/patch-ak | 12 ++++++++ 5 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 benchmarks/netperf/patches/patch-ah create mode 100644 benchmarks/netperf/patches/patch-ai create mode 100644 benchmarks/netperf/patches/patch-ak (limited to 'benchmarks/netperf') diff --git a/benchmarks/netperf/Makefile b/benchmarks/netperf/Makefile index f5a6f171150..7080ac403fe 100644 --- a/benchmarks/netperf/Makefile +++ b/benchmarks/netperf/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.4 2007/12/29 10:14:50 wiz Exp $ +# $NetBSD: Makefile,v 1.5 2008/05/12 15:49:30 tonnerre Exp $ # DISTNAME= netperf-2.3pl1 PKGNAME= netperf-2.3.1 +PKGREVISION= 1 CATEGORIES= benchmarks MASTER_SITES= ftp://ftp.cup.hp.com/dist/networking/benchmarks/netperf/archive/ \ ftp://ftp.netperf.org/netperf/archive/ \ diff --git a/benchmarks/netperf/distinfo b/benchmarks/netperf/distinfo index e8e780ee87b..89321ba6caf 100644 --- a/benchmarks/netperf/distinfo +++ b/benchmarks/netperf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2007/08/08 20:30:13 joerg Exp $ +$NetBSD: distinfo,v 1.3 2008/05/12 15:49:30 tonnerre Exp $ SHA1 (netperf-2.3pl1.tar.gz) = 288c34b6c4d937b06422a8cdab3dcae5ed58cc17 RMD160 (netperf-2.3pl1.tar.gz) = 83f2afd612b7d4d4b486b82554f4e792c5e8509d @@ -10,3 +10,6 @@ SHA1 (patch-ad) = a829f207d8af01497887b4386d184a4b0d14774f SHA1 (patch-ae) = 4848b2699cdbf2b9059f6e0290afc929d94f514c SHA1 (patch-af) = 720808dcbdbc6fa1ea55aae43ea1e24c333d9891 SHA1 (patch-ag) = 4139125768a4b037692ab3cefcb2562ccc5c4b0f +SHA1 (patch-ah) = ae945388b12d9b964f2728d07ce17d543c440bdd +SHA1 (patch-ai) = ca2d19efa72f2ac40f66eb5c61272b90b080aec4 +SHA1 (patch-ak) = 35da529b4509791718e2912bc8d59a32ea992933 diff --git a/benchmarks/netperf/patches/patch-ah b/benchmarks/netperf/patches/patch-ah new file mode 100644 index 00000000000..6f030e4ae66 --- /dev/null +++ b/benchmarks/netperf/patches/patch-ah @@ -0,0 +1,12 @@ +$NetBSD: patch-ah,v 1.1 2008/05/12 15:49:30 tonnerre Exp $ + +--- netlib.h.orig 2004-09-21 23:33:40.000000000 +0200 ++++ netlib.h +@@ -343,6 +343,7 @@ extern int lib_num_loc_cpus; + extern SOCKET server_sock; + extern int times_up; + extern FILE *where; ++extern int fd; + extern int loops_per_msec; + extern float lib_local_per_cpu_util[]; + diff --git a/benchmarks/netperf/patches/patch-ai b/benchmarks/netperf/patches/patch-ai new file mode 100644 index 00000000000..48e2f33f305 --- /dev/null +++ b/benchmarks/netperf/patches/patch-ai @@ -0,0 +1,56 @@ +$NetBSD: patch-ai,v 1.1 2008/05/12 15:49:30 tonnerre Exp $ + +--- netserver.c.orig 2004-09-21 23:33:40.000000000 +0200 ++++ netserver.c +@@ -138,6 +138,9 @@ FILE *afp; + short listen_port_num; + extern char *optarg; + extern int optind, opterr; ++#ifndef WIN32 ++char debuglog[] = "/tmp/netperf.debugXXXXXX"; ++#endif + + #ifndef WIN32 + #define SERVER_ARGS "dn:p:v:46" +@@ -181,8 +184,14 @@ process_requests() + netperf_response.content.response_type = DEBUG_OK; + send_response(); + //+*+SAF why??? +- if (!debug) ++ if (!debug) ++ { + fclose(where); ++#ifndef WIN32 ++ unlink(debuglog); ++ close(fd); ++#endif ++ } + break; + + case CPU_CALIBRATE: +@@ -730,7 +739,13 @@ struct sockaddr name; + + /* unlink(DEBUG_LOG_FILE); */ + #ifndef WIN32 +- if ((where = fopen(DEBUG_LOG_FILE, "w")) == NULL) { ++ if ((fd = mkstemp(debuglog)) == -1 || (where = fdopen(fd, "w+")) == NULL) ++ { ++ if (fd != -1) ++ { ++ unlink(debuglog); ++ close(fd); ++ } + perror("netserver: debug file"); + exit(1); + } +@@ -761,10 +776,6 @@ struct sockaddr name; + } + #endif + +-#ifndef WIN32 +- chmod(DEBUG_LOG_FILE,0644); +-#endif +- + #if WIN32 + if (child) { + server_sock = (SOCKET)GetStdHandle(STD_INPUT_HANDLE); diff --git a/benchmarks/netperf/patches/patch-ak b/benchmarks/netperf/patches/patch-ak new file mode 100644 index 00000000000..865f2ac0022 --- /dev/null +++ b/benchmarks/netperf/patches/patch-ak @@ -0,0 +1,12 @@ +$NetBSD: patch-ak,v 1.1 2008/05/12 15:49:30 tonnerre Exp $ + +--- netlib.c.orig 2004-09-21 23:33:40.000000000 +0200 ++++ netlib.c +@@ -422,6 +422,7 @@ union netperf_request_struct netperf_ + union netperf_response_struct netperf_response; + + FILE *where; ++int fd = -1; + + char libfmt = 'm'; + -- cgit v1.2.3