Commit f946af50 authored by Natanael Copa's avatar Natanael Copa

main/freeradius: security fix for CVE-2012-3547

fixes #1386
parent e6d18144
From 51cb058c6a9472585622582d16e01c5540627c25 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 13 Oct 2009 12:53:38 +0000
Subject: [PATCH] Fix detection of TLS for uClibc
On uClibc the configure script will wrongly detect that TLS is
available. This happends becuase the variable val in the test program
is optimized away and missing during link time.
This patch make sure that the variable val is not optimized away so
configure correctly will detect that TLS is missing on uClibc.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
---
acinclude.m4 | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/acinclude.m4 b/acinclude.m4
index 6025474..100e5b0 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -382,7 +382,7 @@ m4_pushdef([AC_OUTPUT],
AC_DEFUN([FR_TLS],
[
AC_MSG_CHECKING(for TLS)
- AC_RUN_IFELSE([AC_LANG_SOURCE([[ static __thread int val; int main() { return 0; } ]])],[have_tls=yes],[have_tls=no],[have_tls=no ])
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[ static __thread int val; int main(int argc, char *argv[]) { return val = argc; } ]])],[have_tls=yes],[have_tls=no],[have_tls=no ])
AC_MSG_RESULT($have_tls)
if test "$have_tls" = "yes"; then
AC_DEFINE([HAVE_THREAD_TLS],[1],[Define if the compiler supports __thread])
--
1.6.4.4
......@@ -2,7 +2,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=freeradius
pkgver=2.1.12
pkgrel=2
pkgrel=3
pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
url="http://freeradius.org/"
arch="all"
......@@ -17,6 +17,7 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-ldap $pkgname-lib
$pkgname-mssql $pkgname-mysql $pkgname-oracle $pkgname-perl
$pkgname-postgresql $pkgname-python $pkgname-radclient $pkgname-unixodbc"
source="ftp://ftp.freeradius.org/pub/freeradius/$pkgname-server-$pkgver.tar.gz
CVE-2012-3547.patch
freeradius.confd
freeradius.initd
"
......@@ -25,11 +26,12 @@ _builddir="$srcdir"/$pkgname-server-$pkgver
prepare() {
cd "$_builddir"
# for i in ../*.patch; do
# msg "Applying $i"
# patch -p1 -i $i || return 1
# done
for i in "$srcdir"; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
# we dont have libnsl
sed -i 's/nsl, //g' configure.in || return 1
......@@ -166,5 +168,6 @@ unixodbc() {
}
md5sums="dcbaed16df8ccff672ba132a08bf8510 freeradius-server-2.1.12.tar.gz
8473b8eeb4107c2e6181829553e4c7b3 CVE-2012-3547.patch
fc6693f3df5a0694610110287a28568a freeradius.confd
5443a250d7bd0e89985e356fcdf38024 freeradius.initd"
Index: freeradius-2.1.12+dfsg/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
===================================================================
--- freeradius-2.1.12+dfsg.orig/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2011-09-30 16:12:07.000000000 +0200
+++ freeradius-2.1.12+dfsg/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2012-09-11 19:36:21.000000000 +0200
@@ -531,7 +531,7 @@
*/
buf[0] = '\0';
asn_time = X509_get_notAfter(client_cert);
- if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) {
+ if ((lookup <= 1) && asn_time && (asn_time->length < sizeof(buf))) {
memcpy(buf, (char*) asn_time->data, asn_time->length);
buf[asn_time->length] = '\0';
pairadd(&handler->certs,
diff -Nru freeradius-server-2.1.6.orig/src/main/event.c freeradius-server-2.1.6/src/main/event.c
--- freeradius-server-2.1.6.orig/src/main/event.c 2009-05-18 13:13:55.000000000 +0200
+++ freeradius-server-2.1.6/src/main/event.c 2009-09-05 07:52:42.000000000 +0200
@@ -1667,7 +1667,9 @@
*/
request->num_proxied_requests = 1;
request->num_proxied_responses = 0;
+#ifdef HAVE_PTHREAD_H
request->child_pid = NO_SUCH_CHILD_PID;
+#endif
update_event_timestamp(request->proxy, request->proxy_when.tv_sec);
diff -ru freeradius-server-2.1.7.orig/Make.inc.in freeradius-server-2.1.7/Make.inc.in
--- freeradius-server-2.1.7.orig/Make.inc.in 2009-10-09 08:38:58.000000000 +0000
+++ freeradius-server-2.1.7/Make.inc.in 2009-10-09 08:39:15.000000000 +0000
@@ -10,6 +10,7 @@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
libdir = @libdir@
+pkglibdir = @libdir@/freeradius
bindir = @bindir@
sbindir = @sbindir@
docdir = @docdir@
diff -ru freeradius-server-2.1.7.orig/raddb/radiusd.conf.in freeradius-server-2.1.7/raddb/radiusd.conf.in
--- freeradius-server-2.1.7.orig/raddb/radiusd.conf.in 2009-10-09 08:38:58.000000000 +0000
+++ freeradius-server-2.1.7/raddb/radiusd.conf.in 2009-10-09 08:39:15.000000000 +0000
@@ -103,7 +103,7 @@
# make
# make install
#
-libdir = @libdir@
+libdir = @libdir@/freeradius
# pidfile: Where to place the PID of the RADIUS server.
#
diff -ru freeradius-server-2.1.7.orig/src/modules/Makefile freeradius-server-2.1.7/src/modules/Makefile
--- freeradius-server-2.1.7.orig/src/modules/Makefile 2009-10-09 08:38:58.000000000 +0000
+++ freeradius-server-2.1.7/src/modules/Makefile 2009-10-09 08:39:15.000000000 +0000
@@ -12,7 +12,7 @@
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
install:
- $(INSTALL) -d -m 755 $(R)$(libdir)
+ $(INSTALL) -d -m 755 $(R)$(pkglibdir)
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
clean:
diff -ru freeradius-server-2.1.7.orig/src/modules/rules.mak freeradius-server-2.1.7/src/modules/rules.mak
--- freeradius-server-2.1.7.orig/src/modules/rules.mak 2009-10-09 08:38:58.000000000 +0000
+++ freeradius-server-2.1.7/src/modules/rules.mak 2009-10-09 08:40:56.000000000 +0000
@@ -123,7 +123,7 @@
$(TARGET).la: $(LT_OBJS)
$(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
-module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \
- -rpath $(libdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS)
+ -rpath $(pkglibdir) $^ $(LIBRADIUS) $(RLM_LIBS) $(LIBS)
#######################################################################
#
@@ -164,13 +164,13 @@
# Do any module-specific installation.
#
# If there isn't a TARGET defined, then don't do anything.
-# Otherwise, install the libraries into $(libdir)
+# Otherwise, install the libraries into $(pkglibdir)
#
install:
@[ "x$(RLM_INSTALL)" = "x" ] || $(MAKE) $(MFLAGS) $(RLM_INSTALL)
if [ "x$(TARGET)" != "x" ]; then \
$(LIBTOOL) --mode=install $(INSTALL) -c \
- $(TARGET).la $(R)$(libdir)/$(TARGET).la || exit $$?; \
+ $(TARGET).la $(R)$(pkglibdir)/$(TARGET).la || exit $$?; \
rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; \
ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la || exit $$?; \
fi
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment