[Buildroot] [PATCH 1/1] libfcgi:add security patch for CVE-2012-6687

[Buildroot] [PATCH 1/1] libfcgi:add security patch for CVE-2012-6687

[niranjan.reddy]

Fix-CVE-2012-6687 - remote attackers cause a denial of service (crash)
via a large number of connections (http://www.cvedetails.com/cve/CVE-2012-6687/).
use poll in os_unix.c instead of select to avoid problem with > 1024 connections.
The patch libfcgi_2.4.0-8.3.debian.tar.xz is taken from the below link:
(https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)
The next release of libfcgi is 2.4.1 which may have this fix is yet to be released
officially.

Signed-off-by: niranjan.reddy <niranjan.reddy@rockwellcollins.com>
---
 package/libfcgi/0006-fix-CVE-2012-6687.patch | 103 +++++++++++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 package/libfcgi/0006-fix-CVE-2012-6687.patch

diff --git a/package/libfcgi/0006-fix-CVE-2012-6687.patch b/package/libfcgi/0006-fix-CVE-2012-6687.patch
new file mode 100644
index 0000000..a8ea847
--- /dev/null
+++ b/package/libfcgi/0006-fix-CVE-2012-6687.patch
@@ -0,0 +1,103 @@
+libfcgi:add security patch for CVE-2012-6687
+CVE-2012-6687 - remote attackers cause a denial of service (crash) via a large number 
+of connections (http://www.cvedetails.com/cve/CVE-2012-6687/).
+Fix:use poll in os_unix.c instead of select to avoid problem with > 1024 connections.
+This patch libfcgi_2.4.0-8.3.debian.tar.xz is pulled from the below link:
+(https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)
+The next release of libfcgi is 2.4.1 which may have this fix is yet to be released 
+officially.
+
+Signed-off-by: niranjan.reddy <niranjan.reddy@rockwellcollins.com>
+
+Index: b/libfcgi/os_unix.c
+===================================================================
+--- a/libfcgi/os_unix.c
++++ b/libfcgi/os_unix.c
+@@ -42,6 +42,7 @@
+ #include <sys/time.h>
+ #include <sys/un.h>
+ #include <signal.h>
++#include <poll.h>
+ 
+ #ifdef HAVE_NETDB_H
+ #include <netdb.h>
+@@ -103,6 +104,9 @@
+ static int shutdownPending = FALSE;
+ static int shutdownNow = FALSE;
+ 
++static int libfcgiOsClosePollTimeout = 2000;
++static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
++
+ void OS_ShutdownPending()
+ {
+     shutdownPending = TRUE;
+@@ -168,6 +172,16 @@
+     if(libInitialized)
+         return 0;
+ 
++    char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
++    if(libfcgiOsClosePollTimeoutStr) {
++        libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
++    }
++
++    char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
++    if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
++        libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
++    }
++
+     asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
+     if(asyncIoTable == NULL) {
+         errno = ENOMEM;
+@@ -755,19 +769,16 @@
+ 
+     if (shutdown(fd, 1) == 0)
+     {
+-        struct timeval tv;
+-        fd_set rfds;
++        struct pollfd pfd;
+         int rv;
+         char trash[1024];
+ 
+-        FD_ZERO(&rfds);
++        pfd.fd = fd;
++        pfd.events = POLLIN;
+ 
+         do 
+         {
+-            FD_SET(fd, &rfds);
+-            tv.tv_sec = 2;
+-            tv.tv_usec = 0;
+-            rv = select(fd + 1, &rfds, NULL, NULL, &tv);
++            rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
+         }
+         while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
+     }
+@@ -1116,13 +1127,11 @@
+  */
+ static int is_af_unix_keeper(const int fd)
+ {
+-    struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
+-    fd_set read_fds;
+-
+-    FD_ZERO(&read_fds);
+-    FD_SET(fd, &read_fds);
++    struct pollfd pfd;
++    pfd.fd = fd;
++    pfd.events = POLLIN;
+ 
+-    return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
++    return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
+ }
+ 
+ /*
+
+Index: b/examples/Makefile.am
+===================================================================
+--- a/examples/Makefile.am
++++ b/examples/Makefile.am
+@@ -34,5 +34,5 @@ threaded_CFLAGS    = @PTHREAD_CFLAGS@
+ threaded_LDFLAGS   = @PTHREAD_CFLAGS@ @PTHREAD_LIBS@
+ 
+ echo_cpp_SOURCES = $(INCLUDE_FILES) $(INCLUDEDIR)/fcgio.h echo-cpp.cpp
+-echo_cpp_LDADD   = $(LIBDIR)/libfcgi++.la
++echo_cpp_LDADD   = $(LIBDIR)/libfcgi++.la $(LIBDIR)/libfcgi.la
-- 
2.5.0

[Buildroot] [PATCH 1/1] libfcgi:add security patch for CVE-2012-6687

[Thomas Petazzoni]

Hello Niranjan,

Could you fix your mail configuration so that your From is:

	Niranjan Reddy <niranjan.reddy@rockwellcollins.com>

Indeed, the From: field gets used as the Git author.

On Fri,  5 Feb 2016 10:59:40 +0530, niranjan.reddy wrote:
> Fix-CVE-2012-6687 - remote attackers cause a denial of service (crash)
> via a large number of connections (http://www.cvedetails.com/cve/CVE-2012-6687/).
> use poll in os_unix.c instead of select to avoid problem with > 1024 connections.
> The patch libfcgi_2.4.0-8.3.debian.tar.xz is taken from the below link:
> (https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)

I don't understand, I had a look at this Debian tarball, and couldn't
spot the fix. Also below, you're signing off the patch, which seems to
indicate your are the author of it.

Could you clarify ?

> The next release of libfcgi is 2.4.1 which may have this fix is yet to be released
> officially.
> 
> Signed-off-by: niranjan.reddy <niranjan.reddy@rockwellcollins.com>

Please use Niranjan Reddy and not niranjan.reddy.

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] [PATCH 1/1] libfcgi:add security patch for CVE-2012-6687

[Niranjan Reddy]

Hello Thomas,

Thanks for your inputs . I'll change my mail configuration as :

 Niranjan Reddy <niranjan.reddy@rockwellcollins.com> .

 You can find the patch in the debain/patches folder with file name "poll".

Anton Kortunov <toshic.toshic@gmail.com> is the author of the patch and
i'll change it .

Thanks,
Niranjan Reddy.
Rockwell Collins


On Sat, Feb 6, 2016 at 3:52 AM, Thomas Petazzoni <
thomas.petazzoni@free-electrons.com> wrote:

> Hello Niranjan,
>
> Could you fix your mail configuration so that your From is:
>
>         Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
>
> Indeed, the From: field gets used as the Git author.
>
> On Fri,  5 Feb 2016 10:59:40 +0530, niranjan.reddy wrote:
> > Fix-CVE-2012-6687 - remote attackers cause a denial of service (crash)
> > via a large number of connections (
> http://www.cvedetails.com/cve/CVE-2012-6687/).
> > use poll in os_unix.c instead of select to avoid problem with > 1024
> connections.
> > The patch libfcgi_2.4.0-8.3.debian.tar.xz is taken from the below link:
> > (https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)
>
> I don't understand, I had a look at this Debian tarball, and couldn't
> spot the fix. Also below, you're signing off the patch, which seems to
> indicate your are the author of it.
>
> Could you clarify ?
>
> > The next release of libfcgi is 2.4.1 which may have this fix is yet to
> be released
> > officially.
> >
> > Signed-off-by: niranjan.reddy <niranjan.reddy@rockwellcollins.com>
>
> Please use Niranjan Reddy and not niranjan.reddy.
>
> Thanks,
>
> Thomas
> --
> Thomas Petazzoni, CTO, Free Electrons
> Embedded Linux, Kernel and Android engineering
> http://free-electrons.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20160208/80b92848/attachment.html>

[Buildroot] [PATCH 1/1] libfcgi:add security patch for CVE-2012-6687

[Thomas Petazzoni]

Dear Niranjan Reddy,

On Mon, 8 Feb 2016 11:45:58 +0530, Niranjan Reddy wrote:

> Thanks for your inputs . I'll change my mail configuration as :
> 
>  Niranjan Reddy <niranjan.reddy@rockwellcollins.com> .
> 
>  You can find the patch in the debain/patches folder with file name "poll".
> 
> Anton Kortunov <toshic.toshic@gmail.com> is the author of the patch and
> i'll change it .

OK. So you will resend an updated version of your patch, right?

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] [PATCH 1/1] libfcgi:add security patch for CVE-2012-6687

[Niranjan Reddy]

Yes .

Thanks,
Niranjan

On Mon, Feb 8, 2016 at 1:49 PM, Thomas Petazzoni <
thomas.petazzoni@free-electrons.com> wrote:

> Dear Niranjan Reddy,
>
> On Mon, 8 Feb 2016 11:45:58 +0530, Niranjan Reddy wrote:
>
> > Thanks for your inputs . I'll change my mail configuration as :
> >
> >  Niranjan Reddy <niranjan.reddy@rockwellcollins.com> .
> >
> >  You can find the patch in the debain/patches folder with file name
> "poll".
> >
> > Anton Kortunov <toshic.toshic@gmail.com> is the author of the patch and
> > i'll change it .
>
> OK. So you will resend an updated version of your patch, right?
>
> Thanks!
>
> Thomas
> --
> Thomas Petazzoni, CTO, Free Electrons
> Embedded Linux, Kernel and Android engineering
> http://free-electrons.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20160208/8565b695/attachment.html>