diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch')
-rw-r--r-- | import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch deleted file mode 100644 index 4836dbc2a..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch +++ /dev/null @@ -1,65 +0,0 @@ -From b9f56d578ebfd649b5d829960540859ac6ca931c Mon Sep 17 00:00:00 2001 -From: Catalin Enache <catalin.enache@windriver.com> -Date: Tue, 12 Apr 2016 18:23:31 +0300 -Subject: [PATCH] Add patch to limit the value of an fd we accept for a - connection. - -By limiting the highest value we accept for an fd we limit the number -of connections. - -Upstream-Status: Backport -CVE: CVE-2016-2774 - -Author: Shawn Routhier <sar@isc.org> -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> ---- - includes/site.h | 6 ++++++ - omapip/listener.c | 9 +++++++-- - 3 files changed, 18 insertions(+), 2 deletions(-) - -diff --git a/includes/site.h b/includes/site.h -index 9c33de3..df020c8 100644 ---- a/includes/site.h -+++ b/includes/site.h -@@ -290,6 +290,12 @@ - this option will be removed at some time. */ - /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */ - -+/* Limit the value of a file descriptor the serve will use -+ when accepting a connecting request. This can be used to -+ limit the number of TCP connections that the server will -+ allow at one time. A value of 0 means there is no limit.*/ -+#define MAX_FD_VALUE 200 -+ - /* Include definitions for various options. In general these - should be left as is, but if you have already defined one - of these and prefer your definition you can comment the -diff --git a/omapip/listener.c b/omapip/listener.c -index 8bdcdbd..61473cf 100644 ---- a/omapip/listener.c -+++ b/omapip/listener.c -@@ -3,7 +3,7 @@ - Subroutines that support the generic listener object. */ - - /* -- * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC") -+ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1999-2003 by Internet Software Consortium - * -@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h) - return ISC_R_NORESOURCES; - return ISC_R_UNEXPECTED; - } -- -+ -+ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) { -+ close(socket); -+ return (ISC_R_NORESOURCES); -+ } -+ - #if defined (TRACING) - /* If we're recording a trace, remember the connection. */ - if (trace_record ()) { --- -2.7.4 |