Module Name:src
Committed By: martin
Date: Fri Apr 26 19:47:23 UTC 2019
Modified Files:
src/external/bsd/dhcpcd/dist [netbsd-7]: configure
src/external/bsd/dhcpcd/dist/src [netbsd-7]: auth.c dhcp.c dhcp6.c
Added Files:
src/external/bsd/dhcpcd/dist/compat [netbsd-7]: consttime_memequal.h
Log Message:
Apply patch, requested by roy in ticket #1690:
external/bsd/dhcpcd/dist/configure
external/bsd/dhcpcd/dist/src/auth.c
external/bsd/dhcpcd/dist/src/dhcp.c
external/bsd/dhcpcd/dist/src/dhcp6.c
external/bsd/dhcpcd/dist/compat/consttime_memequal.h
Security fixes for dhcpcd:
Fix a potential buffer overflow reading NA/TA addresses.
Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED.
Use consttime_memequal(3) to compare hashes.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.8.2.2 -r1.1.1.8.2.3 \
src/external/bsd/dhcpcd/dist/configure
cvs rdiff -u -r0 -r1.1.1.1.4.2 \
src/external/bsd/dhcpcd/dist/compat/consttime_memequal.h
cvs rdiff -u -r1.1.1.5.4.2 -r1.1.1.5.4.3 \
src/external/bsd/dhcpcd/dist/src/auth.c
cvs rdiff -u -r1.11.4.3 -r1.11.4.4 src/external/bsd/dhcpcd/dist/src/dhcp.c
cvs rdiff -u -r1.1.1.12.4.3 -r1.1.1.12.4.4 \
src/external/bsd/dhcpcd/dist/src/dhcp6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/dhcpcd/dist/configure
diff -u src/external/bsd/dhcpcd/dist/configure:1.1.1.8.2.2 src/external/bsd/dhcpcd/dist/configure:1.1.1.8.2.3
--- src/external/bsd/dhcpcd/dist/configure:1.1.1.8.2.2 Fri Jul 27 10:43:19 2018
+++ src/external/bsd/dhcpcd/dist/configure Fri Apr 26 19:47:23 2019
@@ -13,6 +13,7 @@ IPV4LL=
INET6=
ARC4RANDOM=
CLOSEFROM=
+CONSTTIME_MEMEQUAL=
STRLCPY=
UDEV=
OS=
@@ -845,6 +846,27 @@ if [ "$STRTOI" = no ]; then
echo "#include \"compat/strtoi.h\"" >>$CONFIG_H
fi
+if [ -z "$CONSTTIME_MEMEQUAL" ]; then
+ printf "Testing for consttime_memequal ... "
+ cat <_consttime_memequal.c
+#include
+int main(void) {
+ return consttime_memequal("deadbeef", "deadbeef", 8);
+}
+EOF
+ if $XCC _consttime_memequal.c -o _consttime_memequal 2>&3; then
+ CONSTTIME_MEMEQUAL=yes
+ else
+ CONSTTIME_MEMEQUAL=no
+ fi
+ echo "$CONSTTIME_MEMEQUAL"
+ rm -f _consttime_memequal.c _consttime_memequal
+fi
+if [ "$CONSTTIME_MEMEQUAL" = no ]; then
+ echo "#include \"compat/consttime_memequal.h\"" \
+ >>$CONFIG_H
+fi
+
if [ -z "$DPRINTF" ]; then
printf "Testing for dprintf ... "
cat <_dprintf.c
Index: src/external/bsd/dhcpcd/dist/src/auth.c
diff -u src/external/bsd/dhcpcd/dist/src/auth.c:1.1.1.5.4.2 src/external/bsd/dhcpcd/dist/src/auth.c:1.1.1.5.4.3
--- src/external/bsd/dhcpcd/dist/src/auth.c:1.1.1.5.4.2 Fri Jul 27 10:43:20 2018
+++ src/external/bsd/dhcpcd/dist/src/auth.c Fri Apr 26 19:47:23 2019
@@ -354,7 +354,7 @@ gottoken:
}
free(mm);
- if (memcmp(d, &hmac_code, dlen)) {
+ if (!consttime_memequal(d, &hmac_code, dlen)) {
errno = EPERM;
return NULL;
}
Index: src/external/bsd/dhcpcd/dist/src/dhcp.c
diff -u src/external/bsd/dhcpcd/dist/src/dhcp.c:1.11.4.3 src/external/bsd/dhcpcd/dist/src/dhcp.c:1.11.4.4
--- src/external/bsd/dhcpcd/dist/src/dhcp.c:1.11.4.3 Sat Aug 25 15:03:00 2018
+++ src/external/bsd/dhcpcd/dist/src/dhcp.c Fri Apr 26 19:47:23 2019
@@ -212,6 +212,12 @@ get_option(struct dhcpcd_ctx *ctx,
}
l = *p++;
+ /* Check we can read the option data, if present */
+ if (p + l > e) {
+ errno = EINVAL;
+ return NULL;
+ }
+
if (o == DHO_OPTSOVERLOADED) {
/* Ensure we only get this option once by setting
* the last bit as well as the value.
@@ -246,10 +252,6 @@ get_option(struct dhcpcd_ctx *ctx,
bp += ol;
}
ol = l;
- if (p + ol >= e) {
-errno = EINVAL;
-return NULL;
- }
op = p;
bl += ol;
}
Index: src/external/bsd/dhcpcd/dist/src/dhcp6.c
diff -u src/external/bsd/dhcpcd/dist/src/dhcp6.c:1.1.1.12.4.3 src/external/bsd/dhcpcd/dist/src/dhcp6.c:1.1.1.12.4.4
--- src/external/bsd/dhcpcd/dist/src/dhcp6.c:1.1.1.12.4.3 Sat Aug 25 15:03:00 2018
+++ src/external/bsd/dhcpcd/dist/src/dhcp6.c Fri Apr 26 19:47:23 2019
@@ -2015,12 +2015,12 @@ dhcp6_findna(struct interface *ifp, uint
nd = o + ol;
l -= (size_t)(nd - d);
d = nd;
- if (ol < 24) {
+ if (ol < sizeof(ia)) {
errno = EINVAL;
logerrx("%s: IA Address option truncated", ifp->name);
continue;
}
- memcpy(&ia, o, ol);
+ memcpy(&ia, o, sizeof(ia));
ia.pltime = ntohl(ia.pltime);
ia.vltime = ntohl(ia.vltime);
/* RFC 3315 22.6 */
Added files:
Index: src/external/bsd/dhcpcd/dist/compat/consttime_memequal.h
diff -u /dev/null src/external/bsd/dhcpcd/dist/compat/consttime_memequal.h:1.1.1.1.4.2
--- /dev/null Fri Apr 26 19:47:23 2019
+++ src/external/bsd/dhcpcd/dist/compat/consttime_memequal.h Fri Apr 26 19:47:23 2019
@@ -0,0 +1,28 @@
+/*
+ * Written by Matthias Drochner .
+ * Public domain.
+ */
+
+#ifndef CONSTTIME_MEMEQUAL_H
+#define CONSTTIME_MEMEQU