From 274d9afa3258e3e5914f59258330ddad3405b5f0 Mon Sep 17 00:00:00 2001 From: Sebastian Harl Date: Wed, 27 Jul 2016 10:35:39 +0200 Subject: [PATCH] patches/bts832577-gcry-control.dpatch: Fix improper usage of gcry_control. A team of security researchers at Columbia University and the University of Virginia discovered that GCrypt's gcry_control is sometimes called without checking its return value for an error. This may cause the program to be initialized without the desired, secure settings. Closes: #832577 --- debian/changelog | 6 +++ debian/patches/00list | 1 + debian/patches/CVE-2016-6254.dpatch | 2 + debian/patches/bts832577-gcry-control.dpatch | 45 ++++++++++++++++++++ 4 files changed, 54 insertions(+) create mode 100644 debian/patches/bts832577-gcry-control.dpatch diff --git a/debian/changelog b/debian/changelog index aa6a82c..9b6f06c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,12 @@ collectd (5.1.0-3+deb7u1) UNRELEASED; urgency=high the function used by the network plugin to parse incoming network packets. Thanks to Florian Forster for reporting the bug in Debian. (Closes: #832507, CVE-2016-6254) + * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of + gcry_control. A team of security researchers at Columbia University and + the University of Virginia discovered that GCrypt's gcry_control is + sometimes called without checking its return value for an error. This may + cause the program to be initialized without the desired, secure settings. + (Closes: #832577) -- Sebastian Harl Wed, 27 Jul 2016 10:14:42 +0200 diff --git a/debian/patches/00list b/debian/patches/00list index 5862f16..1e263d1 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -1,4 +1,5 @@ CVE-2016-6254.dpatch +bts832577-gcry-control.dpatch rrd_filter_path.dpatch collection_conf_path.dpatch bts559801_plugin_find_fix.dpatch diff --git a/debian/patches/CVE-2016-6254.dpatch b/debian/patches/CVE-2016-6254.dpatch index 44cdc01..46f5443 100644 --- a/debian/patches/CVE-2016-6254.dpatch +++ b/debian/patches/CVE-2016-6254.dpatch @@ -16,6 +16,8 @@ ## DP: Upstream commit: ## DP: https://github.com/collectd/collectd/commit/b589096 +@DPATCH@ + diff a/src/network.c b/src/network.c --- a/src/network.c +++ b/src/network.c diff --git a/debian/patches/bts832577-gcry-control.dpatch b/debian/patches/bts832577-gcry-control.dpatch new file mode 100644 index 0000000..930e834 --- /dev/null +++ b/debian/patches/bts832577-gcry-control.dpatch @@ -0,0 +1,45 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## bts832577-gcry-control.dpatch by Florian Forster +## Backported to 5.1.0 by Sebastian Harl +## +## DP: network plugin, libcollectdclient: Check return value of gcry_control(). +## +## Upstream commit: +## https://github.com/collectd/collectd/commit/8b4fed99 +## Upstream report: +## https://github.com/collectd/collectd/issues/1665 + +@DPATCH@ + +diff a/src/network.c b/src/network.c +--- a/src/network.c ++++ b/src/network.c +@@ -3342,6 +3342,7 @@ + static int network_init (void) + { + static _Bool have_init = 0; ++ gcry_error_t err; + + /* Check if we were already initialized. If so, just return - there's + * nothing more to do (for now, that is). */ +@@ -3350,8 +3351,18 @@ + have_init = 1; + + #if HAVE_LIBGCRYPT +- gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); +- gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0); ++ err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); ++ if (err) ++ { ++ ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err)); ++ return (-1); ++ } ++ err = gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0); ++ if (err) ++ { ++ ERROR ("network plugin: gcry_control (GCRYCTL_INIT_SECMEM) failed: %s", gcry_strerror (err)); ++ return (-1); ++ } + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + #endif + -- 2.30.2