packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-13529

Browse Source
This commit is contained in:
yangmingtaip 2021-08-16 16:53:09 +08:00
parent 2fa9dc97b6
commit e4e59fcdc8
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
backport-tentatively-ignore-FORCERENEW-command.patch Normal file
View File

@ -0,0 +1,38 @@
From 38e980a6a5a3442c2f48b1f827284388096d8ca5 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 24 Jun 2021 01:22:07 +0900
Subject: [PATCH] sd-dhcp-client: tentatively ignore FORCERENEW command
This makes DHCP client ignore FORCERENEW requests, as unauthenticated
FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529).
Let's re-enable this after RFC3118 (Authentication for DHCP Messages)
and/or RFC6704 (Forcerenew Nonce Authentication) are implemented.
Fixes #16774.
---
src/libsystemd-network/sd-dhcp-client.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
index 67a5a03eba6a..dc8ff19d1a24 100644
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -1380,9 +1380,17 @@ static int client_handle_forcerenew(sd_dhcp_client *client, DHCPMessage *force,
if (r != DHCP_FORCERENEW)
return -ENOMSG;
+#if 0
log_dhcp_client(client, "FORCERENEW");
return 0;
+#else
+ /* FIXME: Ignore FORCERENEW requests until we implement RFC3118 (Authentication for DHCP
+ * Messages) and/or RFC6704 (Forcerenew Nonce Authentication), as unauthenticated FORCERENEW
+ * requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). */
+ log_dhcp_client(client, "Received FORCERENEW, ignoring.");
+ return -ENOMSG;
+#endif
}
static bool lease_equal(const sd_dhcp_lease *a, const sd_dhcp_lease *b) {

9
systemd.spec
View File

@ -16,7 +16,7 @@
Name: systemd
Url: https://www.freedesktop.org/wiki/Software/systemd
Version: 243
Release: 44
Release: 45
License: MIT and LGPLv2+ and GPLv2+
Summary: System and Service Manager
@ -136,6 +136,7 @@ Patch0088: backport-udevd-don-t-kill-worker-in-manager_kill_workers-when.pa
Patch0089: backport-stat-util-add-stat_inode_unmodified-helper-that-chec.patch
Patch0090: backport-basic-stat-util-make-mtime-check-stricter-and-use-en.patch
Patch0091: backport-udev-make-algorithm-that-selects-highest-priority-de.patch
Patch0092: backport-tentatively-ignore-FORCERENEW-command.patch
#openEuler
Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch
@ -1523,6 +1524,12 @@ fi
%exclude /usr/share/man/man3/*
%changelog
* Mon Aug 16 2021 yangmingtai <yangmingtai@huawei.com> - 243-45
- Type:CVE
- ID:CVE-2020-13529
- SUG:NA
- DESC:fix CVE-2020-13529
* Tue Aug 10 2021 yangmingtai <yangmingtai@huawei.com> - 243-44
- Type:bugfix
- ID:NA