Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 613622 Details for
Bug 856766
CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch for dhcp-4.1.1-P1 in RHEL-6
dhcp-4.1.1-P1-CVE-2012-3955.patch (text/plain), 4.39 KB, created by
Jiri Popelka
on 2012-09-17 10:14:17 UTC
(
hide
)
Description:
patch for dhcp-4.1.1-P1 in RHEL-6
Filename:
MIME Type:
Creator:
Jiri Popelka
Created:
2012-09-17 10:14:17 UTC
Size:
4.39 KB
patch
obsolete
>diff -rup dhcp-4.1-ESV-R6/server/dhcpv6.c dhcp-4.1-ESV-R7/server/dhcpv6.c >--- dhcp-4.1-ESV-R6/server/dhcpv6.c 2012-07-13 08:11:52.000000000 +0200 >+++ dhcp-4.1-ESV-R7/server/dhcpv6.c 2012-08-23 20:23:54.000000000 +0200 >@@ -1830,9 +1830,6 @@ reply_process_ia_na(struct reply_state * > ia_reference(&tmp->ia, reply->ia, MDL); > > /* Commit 'hard' bindings. */ >- tmp->hard_lifetime_end_time = >- tmp->soft_lifetime_end_time; >- tmp->soft_lifetime_end_time = 0; > renew_lease6(tmp->ipv6_pool, tmp); > schedule_lease_timeout(tmp->ipv6_pool); > >@@ -2489,9 +2486,6 @@ reply_process_ia_ta(struct reply_state * > ia_reference(&tmp->ia, reply->ia, MDL); > > /* Commit 'hard' bindings. */ >- tmp->hard_lifetime_end_time = >- tmp->soft_lifetime_end_time; >- tmp->soft_lifetime_end_time = 0; > renew_lease6(tmp->ipv6_pool, tmp); > schedule_lease_timeout(tmp->ipv6_pool); > >@@ -3359,9 +3353,6 @@ reply_process_ia_pd(struct reply_state * > ia_reference(&tmp->ia, reply->ia, MDL); > > /* Commit 'hard' bindings. */ >- tmp->hard_lifetime_end_time = >- tmp->soft_lifetime_end_time; >- tmp->soft_lifetime_end_time = 0; > renew_lease6(tmp->ipv6_pool, tmp); > schedule_lease_timeout(tmp->ipv6_pool); > } >diff -rup dhcp-4.1-ESV-R6/server/mdb6.c dhcp-4.1-ESV-R7/server/mdb6.c >--- dhcp-4.1-ESV-R6/server/mdb6.c 2012-07-13 08:11:52.000000000 +0200 >+++ dhcp-4.1-ESV-R7/server/mdb6.c 2012-08-23 20:23:54.000000000 +0200 >@@ -375,6 +378,8 @@ void > ia_remove_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, > const char *file, int line) { > int i, j; >+ if (ia == NULL || iasubopt == NULL) >+ return; > > for (i=0; i<ia->num_iasubopt; i++) { > if (ia->iasubopt[i] == iasubopt) { >@@ -1234,29 +1239,49 @@ move_lease_to_active(struct ipv6_pool *p > return insert_result; > } > >-/* >- * Renew an lease in the pool. >+/*! >+ * \brief Renew a lease in the pool. >+ * >+ * The hard_lifetime_end_time of the lease should be set to >+ * the current expiration time. >+ * The soft_lifetime_end_time of the lease should be set to >+ * the desired expiration time. >+ * >+ * This routine will compare the two and call the correct >+ * heap routine to move the lease. If the lease is active >+ * and the new expiration time is greater (the normal case) >+ * then we call isc_heap_decreased() as a larger time is a >+ * lower priority. If the new expiration time is less then >+ * we call isc_heap_increased(). >+ * >+ * If the lease is abandoned then it will be on the active list >+ * and we will always call isc_heap_increased() as the previous >+ * expiration would have been all 1s (as close as we can get >+ * to infinite). >+ * >+ * If the lease is moving to active we call that routine >+ * which will move it from the inactive list to the active list. > * >- * To do this, first set the new hard_lifetime_end_time for the resource, >- * and then invoke renew_lease6() on it. >+ * \param pool a pool the lease belongs to >+ * \param lease the lease to be renewed > * >- * WARNING: lease times must only be extended, never reduced!!! >+ * \return result of the renew operation (ISC_R_SUCCESS if successful, >+ ISC_R_NOMEMORY when run out of memory) > */ > isc_result_t > renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) { >- /* >- * If we're already active, then we can just move our expiration >- * time down the heap. >- * >- * If we're abandoned then we are already on the active list >- * but we need to retag the lease and move our expiration >- * from infinite to the current value >- * >- * Otherwise, we have to move from the inactive heap to the >- * active heap. >- */ >+ time_t old_end_time = lease->hard_lifetime_end_time; >+ lease->hard_lifetime_end_time = lease->soft_lifetime_end_time; >+ lease->soft_lifetime_end_time = 0; >+ > if (lease->state == FTS_ACTIVE) { >- isc_heap_decreased(pool->active_timeouts, lease->heap_index); >+ if (old_end_time <= lease->hard_lifetime_end_time) { >+ isc_heap_decreased(pool->active_timeouts, >+ lease->heap_index); >+ } else { >+ isc_heap_increased(pool->active_timeouts, >+ lease->heap_index); >+ } > return ISC_R_SUCCESS; > } else if (lease->state == FTS_ABANDONED) { > char tmp_addr[INET6_ADDRSTRLEN]; >@@ -1382,7 +1407,7 @@ release_lease6(struct ipv6_pool *pool, s > * Create a prefix by hashing the input, and using that for > * the part subject to allocation. > */ >-static void >+void > build_prefix6(struct in6_addr *pref, > const struct in6_addr *net_start_pref, > int pool_bits, int pref_bits,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=613622">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 856766
:
612210
| 613622