diff options
author | Leo <thinkabit.ukim@gmail.com> | 2019-11-20 15:04:05 +0100 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2019-11-20 15:04:10 +0100 |
commit | 34eaff89c07f1ff54a178e533eea071a315e1af8 (patch) | |
tree | ea4ec8119171a5f57f2ed43ab3894ffff45f1698 | |
parent | 1c4658e647d8946733688266ebe9784f71859fb6 (diff) |
main/nfdump: fix a few CVEs
ref #10815
-rw-r--r-- | main/nfdump/APKBUILD | 25 | ||||
-rw-r--r-- | main/nfdump/CVE-2019-1010057.patch | 64 | ||||
-rw-r--r-- | main/nfdump/CVE-2019-14459.patch | 27 |
3 files changed, 102 insertions, 14 deletions
diff --git a/main/nfdump/APKBUILD b/main/nfdump/APKBUILD index cf588cf6445..d33510b1291 100644 --- a/main/nfdump/APKBUILD +++ b/main/nfdump/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=nfdump pkgver=1.6.15 -pkgrel=0 +pkgrel=1 pkgdesc="The nfdump tools collect and process netflow data on the command line." url="http://nfdump.sourceforge.net/" arch="all" @@ -18,8 +18,15 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/phaag/nfdump/archive/v$pkgve nfcapd.initd sfcapd.confd sfcapd.initd + CVE-2019-1010057.patch + CVE-2019-14459.patch " +# secfixes +# 1.6.15-r1: +# - CVE-2019-1010057 +# - CVE-2019-14459 + _builddir="$srcdir"/$pkgname-$pkgver prepare() { local i @@ -73,21 +80,11 @@ sfcapd() { "$subpkgdir"/etc/init.d/sfcapd } -md5sums="6f52c01099a2a74e451ebfb17bf92da8 nfdump-1.6.15.tar.gz -e7f9467142159da5ebbb4aa858aae142 fix-64bit-fts-compat.patch -541c45b9ac0e85ac955dd58919972b18 nfcapd.confd -a82001153dbdfa6c4125064fcc7cd090 nfcapd.initd -443ef11c9b458c12d0efea627742732c sfcapd.confd -1ac7c20be80b87fc725310747125e081 sfcapd.initd" -sha256sums="9505c0511d273b9aa3f87a5e664425689a3c7370c6ae3bbc05ff4bdb41bfd457 nfdump-1.6.15.tar.gz -8ffd9160bb5cb639cec08ac68be5cbd33ef918e41630d02c18a75e03881cb5a9 fix-64bit-fts-compat.patch -7cb26698b26f5cd6c9c6cb2b49bb7be3cc0faffe851c5ac5c78e0a41984a276f nfcapd.confd -33c3b5c42655410661f1019e3b8bccb8b875400861a945a7dd784f80520f8a97 nfcapd.initd -4559669b23534a7bec9cc9d342e7abd55316393ccb4dc57e9b335ac27bdf920c sfcapd.confd -4fd63dee5323ce4116fffffa7573bb6a0f781d36867204e7d3670c182a078c56 sfcapd.initd" sha512sums="a6bb4f2293ad85d8f16025e7272b889d3814cea2e9255dbd315ee92754675e4ee925c3ebe4e1350f2d5452d69d1d3c13ddeb656324a409c4744da1d4927fe1f2 nfdump-1.6.15.tar.gz 71a838d493658a3a8479bc9eca70a857fd8629937d4954d21c1d5453d6cc122c089f72e3e109425c902439ee8cfaa273b4089ac347d1fe926473ce6062b7c49a fix-64bit-fts-compat.patch fcb467f819f2b73ac0e13de6de4d6c94cafd3866a7a56685d5d4a048fa975135299655e896ff8370c8c5061d03ab38644623f8be455c08dfe5f630f152820148 nfcapd.confd 97e432e884dd1cc8f27c2d7398bb0320164d46dea06c64ad72fa385d190998b3d62356634962f42652daf6e31f237baa2f3f3efad47c3fc38cc6bea799db61cc nfcapd.initd abe594a95a9320bec1d6ee6af6b75cd4d176526d4b10d07aa7ed79fc292b51c341339ba8e1e468df9ec2aae138b1dd66e3a291921938217835ac33819da9d153 sfcapd.confd -7a65c80186a8708a27e90a7239d1b44ee919c3bbf8cd1ca07ef5d35a623d0dce5eac516b65ba7a98c5fcfab5bad6c15e1f03af38a06eb6280afd1c1f0f52cee4 sfcapd.initd" +7a65c80186a8708a27e90a7239d1b44ee919c3bbf8cd1ca07ef5d35a623d0dce5eac516b65ba7a98c5fcfab5bad6c15e1f03af38a06eb6280afd1c1f0f52cee4 sfcapd.initd +c57441c5ec04c9b57ae65816731f0960459ab317ca579f2fcc85d5f0f76009e9f01462191e2ca6d3c79adbdf0c6e57633ae67c9f9eb65ef3063385e992ccfba6 CVE-2019-1010057.patch +6964077020f2273cdb80a6ed72f001c3f5e7241c412681f59e0dd0a2d629d5d549e52e474401e7c7906cff3176440c5d5c419b87c36fa87107f70f45944dc105 CVE-2019-14459.patch" diff --git a/main/nfdump/CVE-2019-1010057.patch b/main/nfdump/CVE-2019-1010057.patch new file mode 100644 index 00000000000..3a7ae479108 --- /dev/null +++ b/main/nfdump/CVE-2019-1010057.patch @@ -0,0 +1,64 @@ +diff --git a/bin/nfdump.c b/bin/nfdump.c +index ba8d92f..9f653f8 100644 +--- a/bin/nfdump.c ++++ b/bin/nfdump.c +@@ -559,7 +559,10 @@ int v1_map_done = 0; + exit(255); + } + } +- ConvertCommonV0((void *)record_ptr, (common_record_t *)ConvertBuffer); ++ if ( !ConvertCommonV0((void *)record_ptr, (common_record_t *)ConvertBuffer) ) { ++ LogError("Corrupt data file. Unable to decode at %s line %d\n", __FILE__, __LINE__); ++ exit(255); ++ } + flow_record = (common_record_t *)ConvertBuffer; + dbg_printf("Converted type %u to %u record\n", CommonRecordV0Type, CommonRecordType); + case CommonRecordType: { +diff --git a/bin/nffile_inline.c b/bin/nffile_inline.c +index 58225aa..4a9ca25 100755 +--- a/bin/nffile_inline.c ++++ b/bin/nffile_inline.c +@@ -49,7 +49,7 @@ static inline void AppendToBuffer(nffile_t *nffile, void *record, size_t require + + static inline void CopyV6IP(uint32_t *dst, uint32_t *src); + +-static inline void ConvertCommonV0(void *record, common_record_t *flow_record); ++static inline int ConvertCommonV0(void *record, common_record_t *flow_record); + + static inline void ExpandRecord_v2(common_record_t *input_record, extension_info_t *extension_info, exporter_info_record_t *exporter_info, master_record_t *output_record ); + +@@ -88,11 +88,13 @@ static inline void CopyV6IP(uint32_t *dst, uint32_t *src) { + dst[3] = src[3]; + } // End of CopyV6IP + +-static inline void ConvertCommonV0(void *record, common_record_t *flow_record) { ++static inline int ConvertCommonV0(void *record, common_record_t *flow_record) { + common_record_v0_t *flow_record_v0 = (common_record_v0_t *)record; + + // copy v0 common record + memcpy((void *)flow_record, record, COMMON_RECORDV0_DATA_SIZE); ++ if ( flow_record_v0->size <= COMMON_RECORDV0_DATA_SIZE ) ++ return 0; + memcpy((void *)flow_record->data, (void *)flow_record_v0->data, flow_record_v0->size - COMMON_RECORDV0_DATA_SIZE); + + // fix record differences +@@ -102,6 +104,7 @@ common_record_v0_t *flow_record_v0 = (common_record_v0_t *)record; + flow_record->exporter_sysid = flow_record_v0->exporter_sysid; + flow_record->reserved = 0; + ++ return 1; + } // End of ConvertCommonV0 + + /* +diff --git a/bin/nfx.c b/bin/nfx.c +index fa84afe..ceea74e 100755 +--- a/bin/nfx.c ++++ b/bin/nfx.c +@@ -542,6 +542,7 @@ int i, extension_size, max_elements; + int id = map->ex_id[i]; + if ( id > Max_num_extensions ) { + printf("PANIC! - Verify map id %i: ERROR: element id %i out of range [%i]!\n", map->map_id, id, Max_num_extensions); ++ exit(255); + } + extension_size += extension_descriptor[id].size; + i++; diff --git a/main/nfdump/CVE-2019-14459.patch b/main/nfdump/CVE-2019-14459.patch new file mode 100644 index 00000000000..6e10f0dcbe1 --- /dev/null +++ b/main/nfdump/CVE-2019-14459.patch @@ -0,0 +1,27 @@ +diff --git a/bin/ipfix.c b/bin/ipfix.c +index f998b72..604fe25 100644 +--- a/bin/ipfix.c ++++ b/bin/ipfix.c +@@ -1067,6 +1067,13 @@ ipfix_template_record_t *ipfix_template_record; + while ( size_left ) { + uint32_t id, count; + ++ if ( size_left < 4 ) { ++ LogError("Process_ipfix [%u] Template withdraw size error at %s line %u" , ++ exporter->info.id, __FILE__, __LINE__, strerror (errno)); ++ size_left = 0; ++ continue; ++ } ++ + // map next record. + ipfix_template_record = (ipfix_template_record_t *)DataPtr; + size_left -= 4; +@@ -1146,7 +1153,7 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa + uint16_t id, length; + int Enterprise; + +- if ( size_left && size_left < 4 ) { ++ if ( size_left < 4 ) { + LogError("Process_ipfix [%u] Template size error at %s line %u" , + exporter->info.id, __FILE__, __LINE__, strerror (errno)); + return; |