diff options
Diffstat (limited to 'package/systemd/0002-resolved-simplify-alloc-size-calculation.patch')
| -rw-r--r-- | package/systemd/0002-resolved-simplify-alloc-size-calculation.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/package/systemd/0002-resolved-simplify-alloc-size-calculation.patch b/package/systemd/0002-resolved-simplify-alloc-size-calculation.patch new file mode 100644 index 0000000000..5fab905606 --- /dev/null +++ b/package/systemd/0002-resolved-simplify-alloc-size-calculation.patch @@ -0,0 +1,51 @@ +From db848813bae4d28c524b3b6a7dad135e426659ce Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Sun, 18 Jun 2017 16:07:57 -0400 +Subject: [PATCH] resolved: simplify alloc size calculation + +The allocation size was calculated in a complicated way, and for values +close to the page size we would actually allocate less than requested. + +Reported by Chris Coulson <chris.coulson@canonical.com>. + +CVE-2017-9445 + +[Upstream commit: https://github.com/systemd/systemd/commit/db848813bae4d28c524b3b6a7dad135e426659ce] +Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> +--- + src/resolve/resolved-dns-packet.c | 8 +------- + src/resolve/resolved-dns-packet.h | 2 -- + 2 files changed, 1 insertion(+), 9 deletions(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index 240ee448f4..821b66e266 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { + + assert(ret); + +- if (mtu <= UDP_PACKET_HEADER_SIZE) +- a = DNS_PACKET_SIZE_START; +- else +- a = mtu - UDP_PACKET_HEADER_SIZE; +- +- if (a < DNS_PACKET_HEADER_SIZE) +- a = DNS_PACKET_HEADER_SIZE; ++ a = MAX(mtu, DNS_PACKET_HEADER_SIZE); + + /* round up to next page size */ + a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); +diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h +index 2c92392e4d..3abcaf8cf3 100644 +--- a/src/resolve/resolved-dns-packet.h ++++ b/src/resolve/resolved-dns-packet.h +@@ -66,8 +66,6 @@ struct DnsPacketHeader { + /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ + #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 + +-#define DNS_PACKET_SIZE_START 512 +- + struct DnsPacket { + int n_ref; + DnsProtocol protocol; |
