--- /dev/null
+From f6be4f9b49b949b379326c3d7002476e6ce4f211 Mon Sep 17 00:00:00 2001
+From: Pavel Rochnyack <pavel2000@ngs.ru>
+Date: Mon, 3 Apr 2017 11:57:09 +0600
+Subject: [PATCH] network plugin: Fix endless loop DOS in parse_packet()
+
+When correct 'Signature part' is received by Collectd, configured without
+AuthFile option, condition for endless loop occurs due to missing increase
+of pointer to next unprocessed part.
+
+Fixes: CVE-2017-7401
+
+Signed-off-by: Florian Forster <octo@collectd.org>
+
+
+--- a/src/network.c
++++ b/src/network.c
+@@ -1003,14 +1003,6 @@ static int parse_part_sign_sha256(socken
+ buffer_len = *ret_buffer_len;
+ buffer_offset = 0;
+
+- if (se->data.server.userdb == NULL) {
+- c_complain(
+- LOG_NOTICE, &complain_no_users,
+- "network plugin: Received signed network packet but can't verify it "
+- "because no user DB has been configured. Will accept it.");
+- return (0);
+- }
+-
+ /* Check if the buffer has enough data for this structure. */
+ if (buffer_len <= PART_SIGNATURE_SHA256_SIZE)
+ return (-ENOMEM);
+@@ -1027,6 +1019,18 @@ static int parse_part_sign_sha256(socken
+ return (-1);
+ }
+
++ if (se->data.server.userdb == NULL) {
++ c_complain(
++ LOG_NOTICE, &complain_no_users,
++ "network plugin: Received signed network packet but can't verify it "
++ "because no user DB has been configured. Will accept it.");
++
++ *ret_buffer = buffer + pss_head_length;
++ *ret_buffer_len -= pss_head_length;
++
++ return (0);
++ }
++
+ /* Copy the hash. */
+ BUFFER_READ(pss.hash, sizeof(pss.hash));
+
# For the turbostat plugin
have_asm_msrindex_h="no"
AC_CHECK_HEADERS(asm/msr-index.h, [have_asm_msrindex_h="yes"])
-@@ -5946,6 +5949,7 @@ plugin_interface="no"
+@@ -5943,6 +5946,7 @@ plugin_interface="no"
plugin_ipmi="no"
plugin_ipvs="no"
plugin_irq="no"
plugin_load="no"
plugin_log_logstash="no"
plugin_memory="no"
-@@ -6416,6 +6420,7 @@ AC_PLUGIN([ipmi], [$plugi
+@@ -6413,6 +6417,7 @@ AC_PLUGIN([ipmi], [$plugi
AC_PLUGIN([iptables], [$with_libiptc], [IPTables rule counters])
AC_PLUGIN([ipvs], [$plugin_ipvs], [IPVS connection statistics])
AC_PLUGIN([irq], [$plugin_irq], [IRQ statistics])
AC_PLUGIN([java], [$with_java], [Embed the Java Virtual Machine])
AC_PLUGIN([load], [$plugin_load], [System load])
AC_PLUGIN([log_logstash], [$plugin_log_logstash], [Logstash json_event compatible logging])
-@@ -6797,6 +6802,7 @@ AC_MSG_RESULT([ libyajl . . . . . . .
+@@ -6794,6 +6799,7 @@ AC_MSG_RESULT([ libyajl . . . . . . .
AC_MSG_RESULT([ oracle . . . . . . . $with_oracle])
AC_MSG_RESULT([ protobuf-c . . . . . $have_protoc_c])
AC_MSG_RESULT([ protoc 3 . . . . . . $have_protoc3])
AC_MSG_RESULT()
AC_MSG_RESULT([ Features:])
AC_MSG_RESULT([ daemon mode . . . . . $enable_daemon])
-@@ -6853,6 +6859,7 @@ AC_MSG_RESULT([ ipmi . . . . . . . .
+@@ -6850,6 +6856,7 @@ AC_MSG_RESULT([ ipmi . . . . . . . .
AC_MSG_RESULT([ iptables . . . . . . $enable_iptables])
AC_MSG_RESULT([ ipvs . . . . . . . . $enable_ipvs])
AC_MSG_RESULT([ irq . . . . . . . . . $enable_irq])
projects / feed / packages.git / commitdiff