patches/bts832577-gcry-control.dpatch: Fix improper usage of gcry_control.

A team of security researchers at Columbia University and the University of
Virginia discovered that GCrypt's gcry_control is sometimes called without
checking its return value for an error. This may cause the program to be
initialized without the desired, secure settings.

Closes: #832577

diff --git a/debian/changelog b/debian/changelog
index aa6a82c589d2be938665a21ea8b2187a4150de26..9b6f06c4d21e126dbf26ab4dc846ac7536aa457e 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,12 @@ collectd (5.1.0-3+deb7u1) UNRELEASED; urgency=high
     the function used by the network plugin to parse incoming network packets.
     Thanks to Florian Forster for reporting the bug in Debian.
     (Closes: #832507, CVE-2016-6254)
+  * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+    gcry_control. A team of security researchers at Columbia University and
+    the University of Virginia discovered that GCrypt's gcry_control is
+    sometimes called without checking its return value for an error. This may
+    cause the program to be initialized without the desired, secure settings.
+    (Closes: #832577)
 
  -- Sebastian Harl <tokkee@debian.org>  Wed, 27 Jul 2016 10:14:42 +0200
 

diff --git a/debian/patches/00list b/debian/patches/00list
index 5862f1682a65b5c517d4eaadf8e71ebfca7a5536..1e263d1ac3b03213cf0da32b07c28d8edd27d48a 100644 (file)
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -1,4 +1,5 @@
 CVE-2016-6254.dpatch
+bts832577-gcry-control.dpatch
 rrd_filter_path.dpatch
 collection_conf_path.dpatch
 bts559801_plugin_find_fix.dpatch

diff --git a/debian/patches/CVE-2016-6254.dpatch b/debian/patches/CVE-2016-6254.dpatch
index 44cdc01b7e6d2070cb343cacca494f4752a585a4..46f5443f9c4cc1be85e3e9409ce084a1414dd394 100644 (file)
--- a/debian/patches/CVE-2016-6254.dpatch
+++ b/debian/patches/CVE-2016-6254.dpatch
@@ -16,6 +16,8 @@
 ## DP: Upstream commit:
 ## DP: https://github.com/collectd/collectd/commit/b589096
 
+@DPATCH@
+
 diff a/src/network.c b/src/network.c
 --- a/src/network.c
 +++ b/src/network.c

diff --git a/debian/patches/bts832577-gcry-control.dpatch b/debian/patches/bts832577-gcry-control.dpatch
new file mode 100644 (file)
index 0000000..930e834
--- /dev/null
+++ b/debian/patches/bts832577-gcry-control.dpatch
@@ -0,0 +1,45 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## bts832577-gcry-control.dpatch by Florian Forster <octo@collectd.org>
+## Backported to 5.1.0 by Sebastian Harl <tokkee@debian.org>
+##
+## DP: network plugin, libcollectdclient: Check return value of gcry_control().
+##
+## Upstream commit:
+## https://github.com/collectd/collectd/commit/8b4fed99
+## Upstream report:
+## https://github.com/collectd/collectd/issues/1665
+
+@DPATCH@
+
+diff a/src/network.c b/src/network.c
+--- a/src/network.c
++++ b/src/network.c
+@@ -3342,6 +3342,7 @@
+ static int network_init (void)
+ {
+       static _Bool have_init = 0;
++      gcry_error_t err;
+ 
+       /* Check if we were already initialized. If so, just return - there's
+        * nothing more to do (for now, that is). */
+@@ -3350,8 +3351,18 @@
+       have_init = 1;
+ 
+ #if HAVE_LIBGCRYPT
+-      gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+-      gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
++      err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
++      if (err)
++      {
++              ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err));
++              return (-1);
++      }
++      err = gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
++      if (err)
++      {
++              ERROR ("network plugin: gcry_control (GCRYCTL_INIT_SECMEM) failed: %s", gcry_strerror (err));
++              return (-1);
++      }
+       gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ #endif
+