Google Git
Sign in
android-kvm / buildroot / b9e671a558f106d57ed3c7f0cd0b89359c6b1567 / . / package / libfcgi / 0006-fix-CVE-2012-6687.patch
blob: 10d33ed58d5a25efc6ba4e3488b9d23a27954302 [file] [log] [blame]
libfcgi:add security patch for CVE-2012-6687
CVE-2012-6687 - remote attackers cause a denial of service (crash) via a large number
of connections (http://www.cvedetails.com/cve/CVE-2012-6687/).
Fix:use poll in os_unix.c instead of select to avoid problem with > 1024 connections.
This patch libfcgi_2.4.0-8.3.debian.tar.xz is pulled from the below link:
(https://launchpad.net/ubuntu/+source/libfcgi/2.4.0-8.3)
The next release of libfcgi is 2.4.1 which may have this fix is yet to be released
officially.
Signed-off-by: Anton Kortunov <toshic.toshic@gmail.com>
Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Index: b/libfcgi/os_unix.c
===================================================================
--- a/libfcgi/os_unix.c
+++ b/libfcgi/os_unix.c
@@ -42,6 +42,7 @@
#include <sys/time.h>
#include <sys/un.h>
#include <signal.h>
+#include <poll.h>
#ifdef HAVE_NETDB_H
#include <netdb.h>
@@ -103,6 +104,9 @@
static int shutdownPending = FALSE;
static int shutdownNow = FALSE;
+static int libfcgiOsClosePollTimeout = 2000;
+static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
+
void OS_ShutdownPending()
{
shutdownPending = TRUE;
@@ -168,6 +172,16 @@
if(libInitialized)
return 0;
+ char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
+ if(libfcgiOsClosePollTimeoutStr) {
+ libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
+ }
+
+ char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
+ if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
+ libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
+ }
+
asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
if(asyncIoTable == NULL) {
errno = ENOMEM;
@@ -755,19 +769,16 @@
if (shutdown(fd, 1) == 0)
{
- struct timeval tv;
- fd_set rfds;
+ struct pollfd pfd;
int rv;
char trash[1024];
- FD_ZERO(&rfds);
+ pfd.fd = fd;
+ pfd.events = POLLIN;
do
{
- FD_SET(fd, &rfds);
- tv.tv_sec = 2;
- tv.tv_usec = 0;
- rv = select(fd + 1, &rfds, NULL, NULL, &tv);
+ rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
}
while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
}
@@ -1116,13 +1127,11 @@
*/
static int is_af_unix_keeper(const int fd)
{
- struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
- fd_set read_fds;
-
- FD_ZERO(&read_fds);
- FD_SET(fd, &read_fds);
+ struct pollfd pfd;
+ pfd.fd = fd;
+ pfd.events = POLLIN;
- return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
+ return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
}
/*
Index: b/examples/Makefile.am
===================================================================
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -34,5 +34,5 @@ threaded_CFLAGS = @PTHREAD_CFLAGS@
threaded_LDFLAGS = @PTHREAD_CFLAGS@ @PTHREAD_LIBS@
echo_cpp_SOURCES = $(INCLUDE_FILES) $(INCLUDEDIR)/fcgio.h echo-cpp.cpp
-echo_cpp_LDADD = $(LIBDIR)/libfcgi++.la
+echo_cpp_LDADD = $(LIBDIR)/libfcgi++.la $(LIBDIR)/libfcgi.la