Skip to content

Commit

Permalink
Merge branch 'fasttrack/3.0' into saulparedes/CVE-2024-39908
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbykhovtsev-ms
mbykhovtsev-ms authored Nov 22, 2024
2 parents cf05317 + ac7abb3 commit 537a038
Show file tree
Hide file tree
Showing 8 changed files with 421 additions and 12 deletions.
301 changes: 301 additions & 0 deletions SPECS/nmap/CVE-2023-7256.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,301 @@
From 3b1b155b6f1238a1f1bbc2cd37aee44f1c991f1e Mon Sep 17 00:00:00 2001
From: kavyasree <[email protected]>
Date: Mon, 18 Nov 2024 09:54:44 +0530
Subject: [PATCH] Fix CVE-2023-7256

---
libpcap/pcap-rpcap.c | 48 ++++++++++++++++++-----------------
libpcap/sockutils.c | 60 +++++++++++++++++++++++++-------------------
libpcap/sockutils.h | 5 ++--
3 files changed, 61 insertions(+), 52 deletions(-)

diff --git a/libpcap/pcap-rpcap.c b/libpcap/pcap-rpcap.c
index 22fc736..cf912c9 100644
--- a/libpcap/pcap-rpcap.c
+++ b/libpcap/pcap-rpcap.c
@@ -1021,7 +1021,6 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
{
struct activehosts *temp; /* temp var needed to scan the host list chain */
struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
- int retval;

/* retrieve the network address corresponding to 'host' */
addrinfo = NULL;
@@ -1029,9 +1028,9 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;

- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
PCAP_ERRBUF_SIZE);
- if (retval != 0)
+ if (addrinfo == NULL)
{
*error = 1;
return NULL;
@@ -1183,7 +1182,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */

/* Let's the server pick up a free network port for us */
- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
+ addrinfo = sock_initaddress(NULL, NULL, &hints, fp->errbuf,
+ PCAP_ERRBUF_SIZE);
+ if (addrinfo == NULL)
goto error_nodiscard;

if ((sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER,
@@ -1308,7 +1309,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));

/* Let's the server pick up a free network port for us */
- if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
+ addrinfo = sock_initaddress(host, portstring, &hints,
+ fp->errbuf, PCAP_ERRBUF_SIZE);
+ if (addrinfo == NULL)
goto error;

if ((sockdata = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
@@ -2337,16 +2340,16 @@ rpcap_setup_session(const char *source, struct pcap_rmtauth *auth,
if (port[0] == 0)
{
/* the user chose not to specify the port */
- if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
- &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
- return -1;
+ addrinfo = sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
+ &hints, errbuf, PCAP_ERRBUF_SIZE);
}
else
{
- if (sock_initaddress(host, port, &hints, &addrinfo,
- errbuf, PCAP_ERRBUF_SIZE) == -1)
- return -1;
+ addrinfo = sock_initaddress(host, port, &hints,
+ errbuf, PCAP_ERRBUF_SIZE);
}
+ if (addrinfo == NULL)
+ return -1;

if ((*sockctrlp = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0,
errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
@@ -2947,19 +2950,19 @@ SOCKET pcap_remoteact_accept_ex(const char *address, const char *port, const cha
/* Do the work */
if ((port == NULL) || (port[0] == 0))
{
- if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
- {
- return (SOCKET)-2;
- }
+ addrinfo = sock_initaddress(address,
+ RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, errbuf,
+ PCAP_ERRBUF_SIZE);
}
else
{
- if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
- {
- return (SOCKET)-2;
- }
+ addrinfo = sock_initaddress(address, port, &hints, errbuf,
+ PCAP_ERRBUF_SIZE);
+ }
+ if (addrinfo == NULL)
+ {
+ return (SOCKET)-2;
}
-

if ((sockmain = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
{
@@ -3119,7 +3122,6 @@ int pcap_remoteact_close(const char *host, char *errbuf)
{
struct activehosts *temp, *prev; /* temp var needed to scan the host list chain */
struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
- int retval;

temp = activeHosts;
prev = NULL;
@@ -3130,9 +3132,9 @@ int pcap_remoteact_close(const char *host, char *errbuf)
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;

- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
PCAP_ERRBUF_SIZE);
- if (retval != 0)
+ if (addrinfo == NULL)
{
return -1;
}
diff --git a/libpcap/sockutils.c b/libpcap/sockutils.c
index 1c07f76..b66ed64 100644
--- a/libpcap/sockutils.c
+++ b/libpcap/sockutils.c
@@ -1069,20 +1069,21 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err,
* \param errbuflen: length of the buffer that will contains the error. The error message cannot be
* larger than 'errbuflen - 1' because the last char is reserved for the string terminator.
*
- * \return '0' if everything is fine, '-1' if some errors occurred. The error message is returned
- * in the 'errbuf' variable. The addrinfo variable that has to be used in the following sockets calls is
- * returned into the addrinfo parameter.
+ * \return a pointer to the first element in a list of addrinfo structures
+ * if everything is fine, NULL if some errors occurred. The error message
+ * is returned in the 'errbuf' variable.
*
- * \warning The 'addrinfo' variable has to be deleted by the programmer by calling freeaddrinfo() when
- * it is no longer needed.
+ * \warning The list of addrinfo structures returned has to be deleted by
+ * the programmer by calling freeaddrinfo() when it is no longer needed.
*
* \warning This function requires the 'hints' variable as parameter. The semantic of this variable is the same
* of the one of the corresponding variable used into the standard getaddrinfo() socket function. We suggest
* the programmer to look at that function in order to set the 'hints' variable appropriately.
*/
-int sock_initaddress(const char *host, const char *port,
- struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int errbuflen)
+struct addrinfo *sock_initaddress(const char *host, const char *port,
+ struct addrinfo *hints, char *errbuf, int errbuflen)
{
+ struct addrinfo *addrinfo;
int retval;

/*
@@ -1094,9 +1095,13 @@ int sock_initaddress(const char *host, const char *port,
* as those messages won't talk about a problem with the port if
* no port was specified.
*/
- retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo);
+ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, &addrinfo);
if (retval != 0)
{
+ /*
+ * That call failed.
+ * Determine whether the problem is that the host is bad.
+ */
if (errbuf)
{
if (host != NULL && port != NULL) {
@@ -1108,7 +1113,7 @@ int sock_initaddress(const char *host, const char *port,
int try_retval;

try_retval = getaddrinfo(host, NULL, hints,
- addrinfo);
+ &addrinfo);
if (try_retval == 0) {
/*
* Worked with just the host,
@@ -1117,14 +1122,16 @@ int sock_initaddress(const char *host, const char *port,
*
* Free up the address info first.
*/
- freeaddrinfo(*addrinfo);
+ freeaddrinfo(addrinfo);
get_gai_errstring(errbuf, errbuflen,
"", retval, NULL, port);
} else {
/*
* Didn't work with just the host,
* so assume the problem is
- * with the host.
+ * with the host; we assume
+ * the original error indicates
+ * the underlying problem.
*/
get_gai_errstring(errbuf, errbuflen,
"", retval, host, NULL);
@@ -1132,13 +1139,14 @@ int sock_initaddress(const char *host, const char *port,
} else {
/*
* Either the host or port was null, so
- * there's nothing to determine.
+ * there's nothing to determine; report
+ * the error from the original call.
*/
get_gai_errstring(errbuf, errbuflen, "",
retval, host, port);
}
}
- return -1;
+ return NULL;
}
/*
* \warning SOCKET: I should check all the accept() in order to bind to all addresses in case
@@ -1153,30 +1161,28 @@ int sock_initaddress(const char *host, const char *port,
* ignore all addresses that are neither? (What, no IPX
* support? :-))
*/
- if (((*addrinfo)->ai_family != PF_INET) &&
- ((*addrinfo)->ai_family != PF_INET6))
+ if ((addrinfo->ai_family != PF_INET) &&
+ (addrinfo->ai_family != PF_INET6))
{
if (errbuf)
snprintf(errbuf, errbuflen, "getaddrinfo(): socket type not supported");
- freeaddrinfo(*addrinfo);
- *addrinfo = NULL;
- return -1;
+ freeaddrinfo(addrinfo);
+ return NULL;
}

/*
* You can't do multicast (or broadcast) TCP.
*/
- if (((*addrinfo)->ai_socktype == SOCK_STREAM) &&
- (sock_ismcastaddr((*addrinfo)->ai_addr) == 0))
+ if ((addrinfo->ai_socktype == SOCK_STREAM) &&
+ (sock_ismcastaddr(addrinfo->ai_addr) == 0))
{
if (errbuf)
snprintf(errbuf, errbuflen, "getaddrinfo(): multicast addresses are not valid when using TCP streams");
- freeaddrinfo(*addrinfo);
- *addrinfo = NULL;
- return -1;
+ freeaddrinfo(addrinfo);
+ return NULL;
}

- return 0;
+ return addrinfo;
}

/*
@@ -2082,7 +2088,6 @@ int sock_getascii_addrport(const struct sockaddr_storage *sockaddr, char *addres
*/
int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, int addr_family, char *errbuf, int errbuflen)
{
- int retval;
struct addrinfo *addrinfo;
struct addrinfo hints;

@@ -2090,7 +2095,10 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr,

hints.ai_family = addr_family;

- if ((retval = sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen)) == -1)
+ if ((sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen)) == -1)
+ addrinfo = sock_initaddress(address, "22222" /* fake port */, &hints,
+ errbuf, errbuflen);
+ if (addrinfo == NULL)
return 0;

if (addrinfo->ai_family == PF_INET)
diff --git a/libpcap/sockutils.h b/libpcap/sockutils.h
index a488d8f..30b8cfe 100644
--- a/libpcap/sockutils.h
+++ b/libpcap/sockutils.h
@@ -138,9 +138,8 @@ void sock_fmterrmsg(char *errbuf, size_t errbuflen, int errcode,
PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(4, 5);
void sock_geterrmsg(char *errbuf, size_t errbuflen,
PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(3, 4);
-int sock_initaddress(const char *address, const char *port,
- struct addrinfo *hints, struct addrinfo **addrinfo,
- char *errbuf, int errbuflen);
+struct addrinfo *sock_initaddress(const char *address, const char *port,
+ struct addrinfo *hints, char *errbuf, int errbuflen);
int sock_recv(SOCKET sock, SSL *, void *buffer, size_t size, int receiveall,
char *errbuf, int errbuflen);
int sock_recv_dgram(SOCKET sock, SSL *, void *buffer, size_t size,
--
2.34.1

39 changes: 39 additions & 0 deletions SPECS/nmap/CVE-2024-8006.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
From 5021a8497e579cdc138565d60fa997d6bbbc00bc Mon Sep 17 00:00:00 2001
From: kavyasree <[email protected]>
Date: Mon, 18 Nov 2024 05:47:26 +0530
Subject: [PATCH] Fix CVE-2024-8006

---
libpcap/pcap-new.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libpcap/pcap-new.c b/libpcap/pcap-new.c
index 76388a9..22bccb1 100644
--- a/libpcap/pcap-new.c
+++ b/libpcap/pcap-new.c
@@ -232,6 +232,13 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t
#else
/* opening the folder */
unixdir= opendir(path);
+ if (unixdir == NULL) {
+ DIAG_OFF_FORMAT_TRUNCATION
+ snprintf(errbuf, PCAP_ERRBUF_SIZE,
+ "Error when listing files: does folder '%s' exist?", path);
+ DIAG_ON_FORMAT_TRUNCATION
+ return -1;
+ }

/* get the first file into it */
filedata= readdir(unixdir);
@@ -239,7 +246,7 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t
if (filedata == NULL)
{
DIAG_OFF_FORMAT_TRUNCATION
- snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path);
+ snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' contain files?", path);
DIAG_ON_FORMAT_TRUNCATION
closedir(unixdir);
return -1;
--
2.34.1

10 changes: 8 additions & 2 deletions SPECS/nmap/nmap.spec
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Summary: Nmap Network Mapper
Name: nmap
Version: 7.95
Release: 1%{?dist}
Release: 2%{?dist}
License: Nmap
Vendor: Microsoft Corporation
Distribution: Azure Linux
Expand All @@ -18,7 +18,9 @@ BuildRequires: make
BuildRequires: openssl-devel
BuildRequires: zlib-devel

Patch1: remove_openssl_macro.patch
Patch0: remove_openssl_macro.patch
Patch1: CVE-2024-8006.patch
Patch2: CVE-2023-7256.patch

%description
Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing.
Expand Down Expand Up @@ -63,6 +65,10 @@ ln -s ncat %{buildroot}%{_bindir}/nc
%{_bindir}/nc

%changelog
* Mon Nov 18 2024 Kavya Sree Kaitepalli <[email protected]> - 7.95-2
- Backport to fix CVE-2024-8006
- Fix CVE-2023-7256.patch

* Fri Jul 05 2024 CBL-Mariner Servicing Account <[email protected]> - 7.95-1
- Auto-upgrade to 7.95 to fix CVE-2022-33099

Expand Down
10 changes: 5 additions & 5 deletions SPECS/postgresql/postgresql.signatures.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"Signatures": {
"postgresql-16.4.tar.bz2": "971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f",
"postgresql.service": "2d209e10523c43e7011b4a85e9e32f5f5911a74a25012cdeaf5fdeb0a5664461"
}
}
"Signatures": {
"postgresql.service": "2d209e10523c43e7011b4a85e9e32f5f5911a74a25012cdeaf5fdeb0a5664461",
"postgresql-16.5.tar.bz2": "a6cbbb7037f98cb8afa7d3970b7c48040cf02b115e39253a0c037a8bb8e778f0"
}
}
Loading

0 comments on commit 537a038

Please sign in to comment.