![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0720412)
raw | patch | inline | side by side (parent: 0720412)
| author | Sebastian Harl <sh@tokkee.org> | |
| Thu, 28 Jul 2016 20:24:10 +0000 (22:24 +0200) | ||
| committer | Sebastian Harl <sh@tokkee.org> | |
| Thu, 28 Jul 2016 20:24:10 +0000 (22:24 +0200) |
| debian/patches/CVE-2016-6254.dpatch | patch | blob | history | |
| debian/patches/bts832577-gcry-control.dpatch | patch | blob | history |
index 46f5443f9c4cc1be85e3e9409ce084a1414dd394..b46639357123ff911ecaded4e3abbaca0489f636 100644 (file)
diff a/src/network.c b/src/network.c
--- a/src/network.c
+++ b/src/network.c
-@@ -1392,6 +1392,7 @@
+@@ -1430,6 +1430,7 @@
printed_ignore_warning = 1;
}
buffer = ((char *) buffer) + pkg_length;
continue;
}
#endif /* HAVE_LIBGCRYPT */
-@@ -1419,6 +1420,7 @@
+@@ -1457,6 +1458,7 @@
printed_ignore_warning = 1;
}
buffer = ((char *) buffer) + pkg_length;
continue;
}
#endif /* HAVE_LIBGCRYPT */
-@@ -1560,6 +1562,7 @@
+@@ -1598,6 +1600,7 @@
DEBUG ("network plugin: parse_packet: Unknown part"
" type: 0x%04hx", pkg_type);
buffer = ((char *) buffer) + pkg_length;
diff --git a/debian/patches/bts832577-gcry-control.dpatch b/debian/patches/bts832577-gcry-control.dpatch
index 930e8346f65f8c3413557eec1cbcc443d7ae02b2..2c70e2a25280c8f1db54a6477cc98182202b8100 100644 (file)
#! /bin/sh /usr/share/dpatch/dpatch-run
## bts832577-gcry-control.dpatch by Florian Forster <octo@collectd.org>
-## Backported to 5.1.0 by Sebastian Harl <tokkee@debian.org>
+## and Sebastian Harl <tokkee@debian.org>
##
## DP: network plugin, libcollectdclient: Check return value of gcry_control().
##
-## Upstream commit:
+## Upstream commits:
## https://github.com/collectd/collectd/commit/8b4fed99
+## https://github.com/collectd/collectd/commit/262915c4
+## https://github.com/collectd/collectd/commit/a3000cbe
## Upstream report:
## https://github.com/collectd/collectd/issues/1665
@DPATCH@
+diff a/src/libcollectdclient/network_buffer.c b/src/libcollectdclient/network_buffer.c
+--- a/src/libcollectdclient/network_buffer.c
++++ b/src/libcollectdclient/network_buffer.c
+@@ -131,12 +131,15 @@
+ need_init = 0;
+
+ #if HAVE_LIBGCRYPT
+- gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
++ if (gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread))
++ return (0);
+
+ if (!gcry_check_version (GCRYPT_VERSION))
+ return (0);
+
+- gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
++ if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
++ return (0);
++
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+
+ result = 1;
diff a/src/network.c b/src/network.c
--- a/src/network.c
+++ b/src/network.c
-@@ -3342,6 +3342,7 @@
- static int network_init (void)
+@@ -493,13 +493,15 @@
+ } /* }}} int network_dispatch_notification */
+
+ #if HAVE_LIBGCRYPT
+-static void network_init_gcrypt (void) /* {{{ */
++static int network_init_gcrypt (void) /* {{{ */
{
- static _Bool have_init = 0;
-+ gcry_error_t err;
++ gcry_error_t err;
++
+ /* http://lists.gnupg.org/pipermail/gcrypt-devel/2003-August/000458.html
+ * Because you can't know in a library whether another library has
+ * already initialized the library */
+ if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
+- return;
++ return (0);
- /* Check if we were already initialized. If so, just return - there's
- * nothing more to do (for now, that is). */
-@@ -3350,8 +3351,18 @@
+ /* http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html
+ * To ensure thread-safety, it's important to set GCRYCTL_SET_THREAD_CBS
+@@ -508,11 +510,25 @@
+ * above doesn't count, as it doesn't implicitly initalize Libgcrypt.
+ *
+ * tl;dr: keep all these gry_* statements in this exact order please. */
+- gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
++ err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
++ if (err)
++ {
++ ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err));
++ return (-1);
++ }
++
+ gcry_check_version (NULL);
+- gcry_control (GCRYCTL_INIT_SECMEM, 32768);
++
++ err = gcry_control (GCRYCTL_INIT_SECMEM, 32768);
++ if (err)
++ {
++ ERROR ("network plugin: gcry_control (GCRYCTL_INIT_SECMEM) failed: %s", gcry_strerror (err));
++ return (-1);
++ }
++
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
+-} /* }}} void network_init_gcrypt */
++ return (0);
++} /* }}} int network_init_gcrypt */
+
+ static gcry_cipher_hd_t network_get_aes256_cypher (sockent_t *se, /* {{{ */
+ const void *iv, size_t iv_size, const char *username)
+@@ -2050,7 +2066,12 @@
+ {
+ if (se->data.client.security_level > SECURITY_LEVEL_NONE)
+ {
+- network_init_gcrypt ();
++ if (network_init_gcrypt () < 0)
++ {
++ ERROR ("network plugin: Cannot configure client socket with "
++ "security: Failed to initialize crypto library.");
++ return (-1);
++ }
+
+ if ((se->data.client.username == NULL)
+ || (se->data.client.password == NULL))
+@@ -2070,7 +2091,12 @@
+ {
+ if (se->data.server.security_level > SECURITY_LEVEL_NONE)
+ {
+- network_init_gcrypt ();
++ if (network_init_gcrypt () < 0)
++ {
++ ERROR ("network plugin: Cannot configure server socket with "
++ "security: Failed to initialize crypto library.");
++ return (-1);
++ }
+
+ if (se->data.server.auth_file == NULL)
+ {
+@@ -3395,7 +3421,11 @@
have_init = 1;
#if HAVE_LIBGCRYPT
-- gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-- gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
-+ err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-+ if (err)
-+ {
-+ ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err));
-+ return (-1);
-+ }
-+ err = gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
-+ if (err)
+- network_init_gcrypt ();
++ if (network_init_gcrypt () < 0)
+ {
-+ ERROR ("network plugin: gcry_control (GCRYCTL_INIT_SECMEM) failed: %s", gcry_strerror (err));
++ ERROR ("network plugin: Failed to initialize crypto library.");
+ return (-1);
+ }
- gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
+ if (network_config_stats != 0)