Commit cdf3e55b authored by Leo's avatar Leo Committed by Leonardo Arena

main/mosquitto: add fix for a few CVEs

- CVE-2018-12546
- CVE-2018-12550
- CVE-2018-12551

Fixes #10270
Signed-off-by: default avatarLeonardo Arena <rnalrd@alpinelinux.org>
parent 83d74e47
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mosquitto
pkgver=1.4.15
pkgrel=0
pkgrel=1
pkgdesc="An Open Source MQTT v3.1 Broker"
url="http://mosquitto.org/"
arch="all"
......@@ -17,10 +17,19 @@ replaces="mosquitto-utils"
source="http://mosquitto.org/files/source/$pkgname-$pkgver.tar.gz
libressl.patch
config.patch
mosquitto.initd"
mosquitto-1.4.x-cve-2018-12550.patch
mosquitto-1.4.x-cve-2018-12551.patch
mosquitto-1.4.x-cve-2018-12546.patch
mosquitto.initd
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 1.4.15-r1:
# - CVE-2018-12546
# - CVE-2018-12550
# - CVE-2018-12551
# 1.4.15-r0:
# - CVE-2017-7652
# - CVE-2017-7651
......@@ -82,4 +91,7 @@ clients() {
sha512sums="36b06547553cf28af3ca9b728c42fc27e849c4ae84d7964572d430233ab26e2b59eee2a215ac23ddf2d0bef419e7c70e64e2a22c397fadb3e0677314d03f1100 mosquitto-1.4.15.tar.gz
53859b628f965b77f6e47910c0ceba2f2737b815131ed800dc64a80419e434d25b5ba0938ae645882e9aa5d475d4940c7d35cc6d56f54bc4937a66b32d7db4ad libressl.patch
d5442373ae6ae8bc83eee59b425fbd76e80f905b9fd2bd2ed2a37a7e156fe95a9cf477c9c4dac0975c5fd90e70884de6fb8a16aefcd37b239199d5deae50b7d2 config.patch
58cf7211781c07d25ad555e982b66aca716230698ad239b964de073bb41dc2566d2c6fde379ded18106f704aba864859e36cb39c4c85762d00b5ed4f2b5cef58 mosquitto-1.4.x-cve-2018-12550.patch
b1ba9d61ede7b7f0232811d6e2381a2943ed12a3c8b83ea2c2e1d3fce153260565f48ca900d4e0590688031013e1f425dfa8b1d89e0f1194516438b42dc158e2 mosquitto-1.4.x-cve-2018-12551.patch
e6544a171eb792ca80b3179e860474e6b19cfc99abe1d05173dac2bd310b2a8c6fcc9c6718812236ceb570f96a137f38eb621fe971cd63b8fe1178e0f2820207 mosquitto-1.4.x-cve-2018-12546.patch
16f96d8f7f3a8b06e2b2e04d42d7e0d89a931b52277fc017e4802f7a3bc85aff4dd290b1a0c40382ea8f5568d0ceb7319c031d9be916f346d805231a002b0433 mosquitto.initd"
This diff is collapsed.
Description: Fix for CVE-2018-12550
Author: Roger Light <roger@atchoo.org>
Forwarded: not-needed
Origin: upstream, https://mosquitto.org/files/cve/2018-12550/mosquitto-1.4.x_cve-2018-12550.patch
Index: mosquitto-1.4.10/src/security_default.c
===================================================================
--- mosquitto-1.4.10.orig/src/security_default.c
+++ mosquitto-1.4.10/src/security_default.c
@@ -231,7 +231,7 @@ int mosquitto_acl_check_default(struct m
char *s;
if(!db || !context || !topic) return MOSQ_ERR_INVAL;
- if(!db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS;
+ if(!db->config->acl_file && !db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS;
if(context->bridge) return MOSQ_ERR_SUCCESS;
if(!context->acl_list && !db->acl_patterns) return MOSQ_ERR_ACL_DENIED;
@@ -442,6 +442,10 @@ static int _aclfile_parse(struct mosquit
fclose(aclfile);
return 1;
}
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid line in acl_file \"%s\": %s.", db->config->acl_file, buf);
+ fclose(aclfile);
+ return 1;
}
}
}
Description: Fix for CVE-2018-12551
Author: Roger Light <roger@atchoo.org>
Forwarded: not-needed
Origin: upstream, https://mosquitto.org/files/cve/2018-12551/mosquitto-1.4.x_cve-2018-12551.patch
Index: mosquitto-1.4.10/src/security_default.c
===================================================================
--- mosquitto-1.4.10.orig/src/security_default.c
+++ mosquitto-1.4.10/src/security_default.c
@@ -556,6 +556,9 @@ static int _pwfile_parse(const char *fil
while(!feof(pwfile)){
if(fgets(buf, 256, pwfile)){
+ if(buf[0] == '#') continue;
+ if(!strchr(buf, ':')) continue;
+
username = strtok_r(buf, ":", &saveptr);
if(username){
unpwd = _mosquitto_calloc(1, sizeof(struct _mosquitto_unpwd));
@@ -588,8 +591,13 @@ static int _pwfile_parse(const char *fil
unpwd->password[len-1] = '\0';
len = strlen(unpwd->password);
}
+
+ HASH_ADD_KEYPTR(hh, *root, unpwd->username, strlen(unpwd->username), unpwd);
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_NOTICE, "Warning: Invalid line in password file '%s': %s", file, buf);
+ _mosquitto_free(unpwd->username);
+ _mosquitto_free(unpwd);
}
- HASH_ADD_KEYPTR(hh, *root, unpwd->username, strlen(unpwd->username), unpwd);
}
}
}
@@ -626,34 +634,39 @@ static int _unpwd_file_parse(struct mosq
token = strtok(NULL, "$");
if(token){
rc = _base64_decode(token, &salt, &salt_len);
- if(rc){
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password salt for user %s.", u->username);
- return MOSQ_ERR_INVAL;
- }
- u->salt = salt;
- u->salt_len = salt_len;
- token = strtok(NULL, "$");
- if(token){
- rc = _base64_decode(token, &password, &password_len);
- if(rc){
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password for user %s.", u->username);
- return MOSQ_ERR_INVAL;
+ if(rc == MOSQ_ERR_SUCCESS && salt_len == 12){
+ u->salt = salt;
+ u->salt_len = salt_len;
+ token = strtok(NULL, "$");
+ if(token){
+ rc = _base64_decode(token, &password, &password_len);
+ if(rc == MOSQ_ERR_SUCCESS && password_len == 64){
+ _mosquitto_free(u->password);
+ u->password = (char *)password;
+ u->password_len = password_len;
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
+ }
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
- _mosquitto_free(u->password);
- u->password = (char *)password;
- u->password_len = password_len;
}else{
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s.", u->username);
- return MOSQ_ERR_INVAL;
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to decode password salt for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
}else{
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s.", u->username);
- return MOSQ_ERR_INVAL;
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
}else{
- _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s.", u->username);
- return MOSQ_ERR_INVAL;
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid password hash for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
+ }else{
+ _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Missing password hash for user %s, removing entry.", u->username);
+ HASH_DEL(db->unpwd, u);
}
}
#endif
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment