Commit 1356b123 authored by Leo's avatar Leo

main/*: remove stale patches

parent 95c56863
From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Mon, 3 Feb 2020 15:53:28 +1100
Subject: [PATCH] pppd: Fix bounds check in EAP code
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname). This fixes the check so we
actually avoid overflowing the rhostname array.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
pppd/eap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/eap.c b/pppd/eap.c
index 94407f5..1b93db0 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -1420,7 +1420,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
@@ -1846,7 +1846,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
--
2.25.0
--- a/pppd/plugins/pppoe/pppoe.h 2020-02-06 09:59:38.086103782 +0100
+++ b/pppd/plugins/pppoe/pppoe.h 2020-02-06 20:50:20.159705281 +0100
@@ -84,18 +84,6 @@
#include <linux/if_ether.h>
#endif
-#ifdef HAVE_NETINET_IF_ETHER_H
-#include <sys/types.h>
-
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifndef HAVE_SYS_DLPI_H
-#include <netinet/if_ether.h>
-#endif
-#endif
-
-
/* Ethernet frame types according to RFC 2516 */
#define ETH_PPPOE_DISCOVERY 0x8863
#define ETH_PPPOE_SESSION 0x8864
From 8d45443bb5c9372b4c6a362ba2f443d41c5636af Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Mon, 3 Feb 2020 16:31:42 +1100
Subject: [PATCH] pppd: Ignore received EAP messages when not doing EAP
This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet. The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets. Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
pppd/eap.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/pppd/eap.c b/pppd/eap.c
index 1b93db0..082e953 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -1328,6 +1328,12 @@ int len;
int fd;
#endif /* USE_SRP */
+ /*
+ * Ignore requests if we're not open
+ */
+ if (esp->es_client.ea_state <= eapClosed)
+ return;
+
/*
* Note: we update es_client.ea_id *only if* a Response
* message is being generated. Otherwise, we leave it the
@@ -1736,6 +1742,12 @@ int len;
u_char dig[SHA_DIGESTSIZE];
#endif /* USE_SRP */
+ /*
+ * Ignore responses if we're not open
+ */
+ if (esp->es_server.ea_state <= eapClosed)
+ return;
+
if (esp->es_server.ea_id != id) {
dbglog("EAP: discarding Response %d; expected ID %d", id,
esp->es_server.ea_id);
@@ -2047,6 +2059,12 @@ u_char *inp;
int id;
int len;
{
+ /*
+ * Ignore failure messages if we're not open
+ */
+ if (esp->es_client.ea_state <= eapClosed)
+ return;
+
if (!eap_client_active(esp)) {
dbglog("EAP unexpected failure message in state %s (%d)",
eap_state_name(esp->es_client.ea_state),
--
2.24.1
From 858976b1fc3107f1261aae337831959b511b83c2 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Sat, 4 Jan 2020 12:01:32 +1100
Subject: [PATCH] radius: Prevent buffer overflow in rc_mksid()
On some systems getpid() can return a value greater than 65535.
Increase the size of buf[] to allow for this, and use slprintf()
to make sure we never overflow it.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
pppd/plugins/radius/util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/plugins/radius/util.c b/pppd/plugins/radius/util.c
index 6f976a7..740131e 100644
--- a/pppd/plugins/radius/util.c
+++ b/pppd/plugins/radius/util.c
@@ -73,9 +73,9 @@ void rc_mdelay(int msecs)
char *
rc_mksid (void)
{
- static char buf[15];
+ static char buf[32];
static unsigned short int cnt = 0;
- sprintf (buf, "%08lX%04X%02hX",
+ slprintf(buf, sizeof(buf), "%08lX%04X%02hX",
(unsigned long int) time (NULL),
(unsigned int) getpid (),
cnt & 0xFF);
--
2.24.1
From c67893eec31f4538dec95e208bbf418cf5f2e0de Mon Sep 17 00:00:00 2001
From: Leo <thinkabit.ukim@gmail.com>
Date: Fri, 11 Dec 2020 01:15:29 -0300
Subject: [PATCH 1/2] don't depend on certifi
---
setup.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/setup.py b/setup.py
index 7ba4b2a..065eb22 100755
--- a/setup.py
+++ b/setup.py
@@ -45,7 +45,6 @@ requires = [
'chardet>=3.0.2,<5',
'idna>=2.5,<3',
'urllib3>=1.21.1,<1.27',
- 'certifi>=2017.4.17'
]
test_requirements = [
diff --git a/requests/certs.py b/requests/certs.py
index d1a378d7..4e0bffd4 100644
--- a/requests/certs.py
+++ b/requests/certs.py
@@ -12,7 +12,8 @@ If you are packaging Requests, e.g., for a Linux distribution or a managed
environment, you can change the definition of where() to return a separately
packaged CA bundle.
"""
-from certifi import where
+def where():
+ return "/etc/ssl/certs/ca-certificates.crt"
if __name__ == '__main__':
print(where())
diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c
index b384c8e..cb1d055 100644
--- a/extensions/xt_DELUDE.c
+++ b/extensions/xt_DELUDE.c
@@ -122,7 +122,7 @@ static void delude_send_reset(struct net *net, struct sk_buff *oldskb,
/* ip_route_me_harder expects skb->dst to be set */
skb_dst_set(nskb, dst_clone(skb_dst(oldskb)));
- if (ip_route_me_harder(net, nskb, addr_type))
+ if (ip_route_me_harder(net, nskb->sk, nskb, addr_type))
goto free_nskb;
else
niph = ip_hdr(nskb);
diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c
index e99312b..2ab413b 100644
--- a/extensions/xt_ECHO.c
+++ b/extensions/xt_ECHO.c
@@ -192,7 +192,7 @@ echo_tg4(struct sk_buff *oldskb, const struct xt_action_param *par)
/* ip_route_me_harder expects the skb's dst to be set */
skb_dst_set(newskb, dst_clone(skb_dst(oldskb)));
- if (ip_route_me_harder(par_net(par), newskb, RTN_UNSPEC) != 0)
+ if (ip_route_me_harder(par_net(par), par->state->sk, newskb, RTN_UNSPEC) != 0)
goto free_nskb;
newip->ttl = ip4_dst_hoplimit(skb_dst(newskb));
diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
index 4926f2e..6256e60 100644
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -265,7 +265,7 @@ static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb,
#endif
addr_type = RTN_LOCAL;
- if (ip_route_me_harder(net, nskb, addr_type))
+ if (ip_route_me_harder(net, nskb->sk, nskb, addr_type))
goto free_nskb;
else
niph = ip_hdr(nskb);
@@ -399,7 +399,7 @@ static void tarpit_tcp6(struct net *net, struct sk_buff *oldskb,
IPPROTO_TCP,
csum_partial(tcph, sizeof(struct tcphdr), 0));
- if (ip6_route_me_harder(net, nskb))
+ if (ip6_route_me_harder(net, nskb->sk, nskb))
goto free_nskb;
nskb->ip_summed = CHECKSUM_NONE;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment