rpms
/
dhcp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix for CVE-2022-2928 

Resolves: #2132249
This commit is contained in:
Martin Osvald 2022-10-10 15:22:02 +02:00
parent ddbab808e4
commit e71e58f4fd
2 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2022-2928.patch Normal file
View File

@ -0,0 +1,32 @@
diff --git a/common/options.c b/common/options.c
index a53484e..40238f7 100644
--- a/common/options.c
+++ b/common/options.c
@@ -4499,6 +4499,8 @@ add_option(struct option_state *options,
if (!option_cache_allocate(&oc, MDL)) {
log_error("No memory for option cache adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
return 0;
}
@@ -4510,6 +4512,8 @@ add_option(struct option_state *options,
MDL)) {
log_error("No memory for constant data adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
option_cache_dereference(&oc, MDL);
return 0;
}
@@ -4518,6 +4522,9 @@ add_option(struct option_state *options,
save_option(&dhcp_universe, options, oc);
option_cache_dereference(&oc, MDL);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
+
return 1;
}

8
dhcp.spec
View File

@ -15,7 +15,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.4.2
Release: 17.b1%{?dist}
Release: 18.b1%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
@ -64,6 +64,7 @@ Patch28: 0028-Fix-for-CVE-2021-25217.patch
Patch29: 0029-Use-system-getaddrinfo-for-dhcp.patch
Patch30: CVE-2021-25220.patch
Patch31: omshell-hmac-sha512-support.patch
Patch32: CVE-2022-2928.patch
BuildRequires: autoconf
@ -200,7 +201,7 @@ This package contains doxygen-generated documentation.
%prep
%setup -n dhcp-%{DHCPVERSION}
pushd bind
tar -xvf bind.tar.gz
tar -xf bind.tar.gz
ln -s bind-9* bind
popd
%autopatch -p1
@ -514,6 +515,9 @@ done
%endif
%changelog
* Mon Oct 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-18.b1
- Fix for CVE-2022-2928
* Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-17.b1
- omshell: add support for hmac-sha512 algorithm (#2083553)