From: Brendan O'Dea Date: Mon, 4 Dec 2006 20:50:02 +0000 (+0000) Subject: Security: Rhys Kidd identified a vulnerability in the handling of X-Git-Tag: 2.2.1-2fdn3.1~19^2^2~1^2~19 X-Git-Url: http://git.sameswireless.fr/l2tpns.git/commitdiff_plain/dbaf3410c4be2a9ce6cf2f71e18b7ea4facb9bbb?ds=inline Security: Rhys Kidd identified a vulnerability in the handling of heartbeat packets. Drop oversize heartbeat packets. --- diff --git a/Changes b/Changes index a37c50e..05c4f9f 100644 --- a/Changes +++ b/Changes @@ -1,4 +1,4 @@ -* Thu Aug 3 2006 Brendan O'Dea 2.2.0 +* Tue Dec 5 2006 Brendan O'Dea 2.2.0 - Only poll clifd if successfully bound. - Add "Practical VPNs" document from Liran Tal as Docs/vpn . - Add Multilink support from Khaled Al Hamwi. @@ -12,6 +12,8 @@ - Fix sign problem with reporting of unknown RADIUS VSAs. - Allow DNS servers to be specified either using the old or new vendor-specific Ascend formats. +- Security: Rhys Kidd identified a vulnerability in the handling of + heartbeat packets. Drop oversize heartbeat packets. * Tue Apr 18 2006 Brendan O'Dea 2.1.18 - Don't shutdown on TerminateReq, wait for CDN. diff --git a/THANKS b/THANKS index 5fbe93a..bc38c6d 100644 --- a/THANKS +++ b/THANKS @@ -28,3 +28,4 @@ Jonathan Yarden Patrick Cole Khaled Al Hamwi Graham Maltby +Rhys Kidd diff --git a/cluster.c b/cluster.c index ab4d914..fb71070 100644 --- a/cluster.c +++ b/cluster.c @@ -1,6 +1,6 @@ // L2TPNS Clustering Stuff -char const *cvs_id_cluster = "$Id: cluster.c,v 1.53 2006-07-17 07:53:08 bodea Exp $"; +char const *cvs_id_cluster = "$Id: cluster.c,v 1.54 2006-12-04 20:50:02 bodea Exp $"; #include #include @@ -1453,7 +1453,11 @@ static int cluster_process_heartbeat(uint8_t *data, int size, int more, uint8_t return -1; // Ignore it?? } - // Ok. It's a heartbeat packet from a cluster master! + if (size > sizeof(past_hearts[0].data)) { + LOG(0, 0, 0, "Received an oversize heartbeat from %s (%d)!\n", fmtaddr(addr, 0), size); + return -1; + } + if (s < sizeof(*h)) goto shortpacket; diff --git a/l2tpns.spec b/l2tpns.spec index d2a563b..dc03660 100644 --- a/l2tpns.spec +++ b/l2tpns.spec @@ -43,5 +43,5 @@ rm -rf %{buildroot} %attr(644,root,root) /usr/share/man/man[58]/* %changelog -* Thu Aug 3 2006 Brendan O'Dea 2.2.0-1 +* Tue Dec 5 2006 Brendan O'Dea 2.2.0-1 - 2.2.0 release, see /usr/share/doc/l2tpns-2.2.0/Changes