rpms/torque
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2013-4319 (RHBZ #1005918, #1005919)

Browse Source
This commit is contained in:
Haïkel Guémar 2014-10-02 01:23:53 +02:00
parent c0d765d32c
commit d0272b2de3
2 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
CVE-2013-4319.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/src/server/process_request.c b/src/server/process_request.c
index 4817ed0..6b4c955 100644
--- a/src/server/process_request.c
+++ b/src/server/process_request.c
@@ -679,6 +679,21 @@ void process_request(
log_buffer);
}
+ if (svr_conn[sfds].cn_authen != PBS_NET_CONN_FROM_PRIVIL)
+ {
+ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",
+ reqtype_to_txt(request->rq_type),
+ request->rq_host);
+
+ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, id, log_buffer);
+
+ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
+
+ close_client(sfds);
+
+ return;
+ }
+
/* if (!tfind(svr_conn[sfds].cn_addr, &okclients)) */
if (!AVL_is_in_tree(svr_conn[sfds].cn_addr, 0, okclients))
{

12
torque.spec
View File

@ -71,7 +71,7 @@
Name: torque Name: torque
Version: 3.0.4 Version: 3.0.4
Release: 5%{?dist} Release: 6%{?dist}
Summary: Tera-scale Open-source Resource and QUEue manager Summary: Tera-scale Open-source Resource and QUEue manager
Source0: %{name}-%{version}.tar.gz Source0: %{name}-%{version}.tar.gz
Source2: xpbs.desktop Source2: xpbs.desktop
@ -95,6 +95,10 @@ Patch2: torque-initd-hangs-rhbz-744138.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1029752 # https://bugzilla.redhat.com/show_bug.cgi?id=1029752
# Patch retrieved from: https://github.com/adaptivecomputing/torque/commit/64da0af7ed27284f3397081313850bba270593db # Patch retrieved from: https://github.com/adaptivecomputing/torque/commit/64da0af7ed27284f3397081313850bba270593db
Patch3: CVE-2013-4495.patch Patch3: CVE-2013-4495.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1005919
# Patch based on: http://www.adaptivecomputing.com/torquepatch/fix_mom_priv_2.5.patch
Patch4: CVE-2013-4319.patch
License: OpenPBS and TORQUEv1.1 License: OpenPBS and TORQUEv1.1
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://www.adaptivecomputing.com/products/open-source/torque/ URL: http://www.adaptivecomputing.com/products/open-source/torque/
@ -351,6 +355,7 @@ DRMAA is "Distributed Resource Management Application API"
%patch1 -p 1 %patch1 -p 1
%patch2 -p 1 %patch2 -p 1
%patch3 -p 1 %patch3 -p 1
%patch4 -p 1
install -pm 644 %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} \ install -pm 644 %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} \
%{SOURCE6} %{SOURCE8} . %{SOURCE6} %{SOURCE8} .
# rm x bit on some documentation. # rm x bit on some documentation.
@ -800,7 +805,10 @@ fi
%endif %endif
%changelog %changelog
* Fri Sep 5 2014 Haïkel Guémar <hguemar@fedoraproject.org> - 3.0.4-5 * Wed Oct 01 2014 Haïkel Guémar <hguemar@fedoraproject.org> - 3.0.4-6
- Fix CVE-2013-4319 (RHBZ #1005918, #1005919)
* Fri Sep 05 2014 Haïkel Guémar <hguemar@fedoraproject.org> - 3.0.4-5
- Fix CVE-2013-4495 (RHBZ #1029752) - Fix CVE-2013-4495 (RHBZ #1029752)
* Fri Aug 16 2013 Orion Poplawski <orion@cora.nwra.com> - 3.0.4-4 * Fri Aug 16 2013 Orion Poplawski <orion@cora.nwra.com> - 3.0.4-4