Better validation of ipsetnames for CVE-2024-41184
Resolves: RHEL-49558
This commit is contained in:
Christine Caulfield
parent
887f807d15
commit
b571464fa7
@ -11,12 +11,13 @@
|
||||
Name: keepalived
|
||||
Summary: High Availability monitor built upon LVS, VRRP and service pollers
|
||||
Version: 2.2.8
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2+
|
||||
URL: http://www.keepalived.org/
|
||||
|
||||
Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
|
||||
Source1: keepalived.service
|
||||
Patch0: validate-ipset-names-better.patch
|
||||
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
@ -56,7 +57,7 @@ can be used independently or all together to provide resilient
|
||||
infrastructures.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
%configure \
|
||||
@ -109,6 +110,10 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
|
||||
%{_mandir}/man8/keepalived.8*
|
||||
|
||||
%changelog
|
||||
* Mon Dec 2 2024 Christine Caulfield <ccaulfie@redhat.com> - 2.2.8-4
|
||||
- Better validation of ipsetnames for CVE-2024-41184
|
||||
Resolves: RHEL-49558
|
||||
|
||||
* Fri Jun 30 2023 Ryan O'Hara <rohara@redhat.com> - 2.2.8-2
|
||||
- Fix keepalived.conf installation (#2215308)
|
||||
|
||||
|
||||
94
validate-ipset-names-better.patch
Normal file
94
validate-ipset-names-better.patch
Normal file
@ -0,0 +1,94 @@
|
||||
Version of this patch from upstream
|
||||
|
||||
--- keepalived-2.2.8/keepalived/core/commit e78513fe0ce5d83c226ea2c0bd222f375c2438e7
|
||||
Author: Quentin Armitage <quentin@armitage.org.uk>
|
||||
Date: Fri Jul 12 15:16:47 2024 +0100
|
||||
|
||||
vrrp: Handle empty ipset names with vrrp_ipsets keyword
|
||||
|
||||
We now handle empty ipset names and return a config error.
|
||||
|
||||
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
|
||||
|
||||
|
||||
global_parser.c 2023-04-01 18:39:25.000000000 +0100
|
||||
+++ keepalived-2.2.8.patched/keepalived/core/global_parser.c 2024-11-28 08:56:17.445615602 +0000
|
||||
@@ -1086,6 +1086,22 @@
|
||||
}
|
||||
}
|
||||
#ifdef _HAVE_LIBIPSET_
|
||||
+static bool
|
||||
+check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name)
|
||||
+{
|
||||
+ if (strlen(strvec_slot(strvec, entry)) >= IPSET_MAXNAMELEN - 1) {
|
||||
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name too long - ignored", log_name);
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (strlen(strvec_slot(strvec, entry)) == 0) {
|
||||
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name empty - ignored", log_name);
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
static void
|
||||
vrrp_ipsets_handler(const vector_t *strvec)
|
||||
{
|
||||
@@ -1103,17 +1119,13 @@
|
||||
return;
|
||||
}
|
||||
|
||||
- if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) {
|
||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored");
|
||||
+ if (!check_valid_ipset_name(strvec, 1, "address"))
|
||||
return;
|
||||
- }
|
||||
global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1));
|
||||
|
||||
if (vector_size(strvec) >= 3) {
|
||||
- if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) {
|
||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored");
|
||||
+ if (!check_valid_ipset_name(strvec, 2, "IPv6 address"))
|
||||
return;
|
||||
- }
|
||||
global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2));
|
||||
}
|
||||
else {
|
||||
@@ -1124,10 +1136,8 @@
|
||||
global_data->vrrp_ipset_address6 = STRDUP(set_name);
|
||||
}
|
||||
if (vector_size(strvec) >= 4) {
|
||||
- if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) {
|
||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored");
|
||||
+ if (!check_valid_ipset_name(strvec, 3, "IPv6 address_iface"))
|
||||
return;
|
||||
- }
|
||||
global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3));
|
||||
}
|
||||
else {
|
||||
@@ -1142,10 +1152,8 @@
|
||||
}
|
||||
|
||||
if (vector_size(strvec) >= 5) {
|
||||
- if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) {
|
||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored");
|
||||
+ if (!check_valid_ipset_name(strvec, 4, "IGMP"))
|
||||
return;
|
||||
- }
|
||||
global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4));
|
||||
}
|
||||
else {
|
||||
@@ -1156,10 +1164,8 @@
|
||||
global_data->vrrp_ipset_igmp = STRDUP(set_name);
|
||||
}
|
||||
if (vector_size(strvec) >= 6) {
|
||||
- if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) {
|
||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored");
|
||||
+ if (!check_valid_ipset_name(strvec, 5, "MLD"))
|
||||
return;
|
||||
- }
|
||||
global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5));
|
||||
}
|
||||
else {
|
||||
Loading…
Reference in New Issue
Block a user