[Buildroot] [PATCH 1/1] package/fastd: fix CVE-2020-27638

Fabrice Fontaine fontaine.fabrice at gmail.com
Sat Oct 31 17:26:41 UTC 2020


Hi Alexander,

Le sam. 31 oct. 2020 à 18:20, Alexander Dahl <post at lespocky.de> a écrit :
>
> Hei hei,
>
> On Sat, Oct 31, 2020 at 05:34:20PM +0100, Fabrice Fontaine wrote:
> > receive.c in fastd before v21 allows denial of service (assertion
> > failure) when receiving packets with an invalid type code.
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
>
> Acked-by: Alexander Dahl <post at lespocky.de>
>
> Note: with v21 fastd switched from CMake to Meson. I have no
> experience with Meson so far, so I might need some time for an
> upgrade. If someone else wants to step in, do not hesitate.
I prepared a patch to bump fastd to v21, I'll send it after this one is merged.
>
> Greets
> Alex
>
> > ---
> >  ...-leak-when-receiving-invalid-packets.patch | 45 +++++++++++++++++++
> >  package/fastd/fastd.mk                        |  3 ++
> >  2 files changed, 48 insertions(+)
> >  create mode 100644 package/fastd/0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch
> >
> > diff --git a/package/fastd/0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch b/package/fastd/0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch
> > new file mode 100644
> > index 0000000000..f4a44fea6d
> > --- /dev/null
> > +++ b/package/fastd/0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch
> > @@ -0,0 +1,45 @@
> > +From 737925113363b6130879729cdff9ccc46c33eaea Mon Sep 17 00:00:00 2001
> > +From: Matthias Schiffer <mschiffer at universe-factory.net>
> > +Date: Mon, 19 Oct 2020 21:08:16 +0200
> > +Subject: [PATCH] receive: fix buffer leak when receiving invalid packets
> > +
> > +For fastd versions before v20, this was just a memory leak (which could
> > +still be used for DoS, as it's remotely triggerable). With the new
> > +buffer management of fastd v20, this will trigger an assertion failure
> > +instead as soon as the buffer pool is empty.
> > +
> > +[Retrieved from:
> > +https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea]
> > +Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> > +---
> > + src/receive.c | 10 ++++++++++
> > + 1 file changed, 10 insertions(+)
> > +
> > +diff --git a/src/receive.c b/src/receive.c
> > +index 043c9f2..6bca9f4 100644
> > +--- a/src/receive.c
> > ++++ b/src/receive.c
> > +@@ -169,6 +169,11 @@ static inline void handle_socket_receive_known(
> > +
> > +     case PACKET_HANDSHAKE:
> > +             fastd_handshake_handle(sock, local_addr, remote_addr, peer, buffer);
> > ++            break;
> > ++
> > ++    default:
> > ++            fastd_buffer_free(buffer);
> > ++            pr_debug("received packet with invalid type from %P[%I]", peer, remote_addr);
> > +     }
> > + }
> > +
> > +@@ -195,6 +200,11 @@ static inline void handle_socket_receive_unknown(
> > +
> > +     case PACKET_HANDSHAKE:
> > +             fastd_handshake_handle(sock, local_addr, remote_addr, NULL, buffer);
> > ++            break;
> > ++
> > ++    default:
> > ++            fastd_buffer_free(buffer);
> > ++            pr_debug("received packet with invalid type from unknown address %I", remote_addr);
> > +     }
> > + }
> > +
> > diff --git a/package/fastd/fastd.mk b/package/fastd/fastd.mk
> > index b1261f0fa5..d556e2fbb1 100644
> > --- a/package/fastd/fastd.mk
> > +++ b/package/fastd/fastd.mk
> > @@ -12,6 +12,9 @@ FASTD_LICENSE_FILES = COPYRIGHT
> >  FASTD_CONF_OPTS = -DENABLE_LIBSODIUM=ON
> >  FASTD_DEPENDENCIES = host-bison host-pkgconf libuecc libsodium libcap
> >
> > +# 0002-receive-fix-buffer-leak-when-receiving-invalid-packets.patch
> > +FASTD_IGNORE_CVES += CVE-2020-27638
> > +
> >  ifeq ($(BR2_PACKAGE_OPENSSL),y)
> >  FASTD_CONF_OPTS += -DENABLE_OPENSSL=ON
> >  FASTD_DEPENDENCIES += openssl
> > --
> > 2.28.0
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot at busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
>
> --
> /"\ ASCII RIBBON | »With the first link, the chain is forged. The first
> \ / CAMPAIGN     | speech censured, the first thought forbidden, the
>  X  AGAINST      | first freedom denied, chains us all irrevocably.«
> / \ HTML MAIL    | (Jean-Luc Picard, quoting Judge Aaron Satie)
Best Regards,

Fabrice


More information about the buildroot mailing list