welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security: Rhys Kidd identified a vulnerability in the handling of

Browse source 
heartbeat packets.  Drop oversize heartbeat packets.
This commit is contained in:
Brendan O'Dea 2006-12-04 20:50:02 +00:00
parent 4a2a55c66e
commit dbaf3410c4
4 changed files with 11 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Changes
View file

@ -1,4 +1,4 @@
* Thu Aug 3 2006 Brendan O'Dea <bod@optus.net> 2.2.0 * Tue Dec 5 2006 Brendan O'Dea <bod@optus.net> 2.2.0
- Only poll clifd if successfully bound. - Only poll clifd if successfully bound.
- Add "Practical VPNs" document from Liran Tal as Docs/vpn . - Add "Practical VPNs" document from Liran Tal as Docs/vpn .
- Add Multilink support from Khaled Al Hamwi. - Add Multilink support from Khaled Al Hamwi.
@ -12,6 +12,8 @@
- Fix sign problem with reporting of unknown RADIUS VSAs. - Fix sign problem with reporting of unknown RADIUS VSAs.
- Allow DNS servers to be specified either using the old or new - Allow DNS servers to be specified either using the old or new
vendor-specific Ascend formats. vendor-specific Ascend formats.
- Security: Rhys Kidd identified a vulnerability in the handling of
heartbeat packets. Drop oversize heartbeat packets.
* Tue Apr 18 2006 Brendan O'Dea <bod@optus.net> 2.1.18 * Tue Apr 18 2006 Brendan O'Dea <bod@optus.net> 2.1.18
- Don't shutdown on TerminateReq, wait for CDN. - Don't shutdown on TerminateReq, wait for CDN.

1
THANKS
View file

@ -28,3 +28,4 @@ Jonathan Yarden <jyarden@bluegrass.net>
Patrick Cole <z@amused.net> Patrick Cole <z@amused.net>
Khaled Al Hamwi <kh.alhamwi@gmail.com> Khaled Al Hamwi <kh.alhamwi@gmail.com>
Graham Maltby <gmaltby+l2tpns@iig.com.au> Graham Maltby <gmaltby+l2tpns@iig.com.au>
Rhys Kidd <rhys.kidd@staff.westnet.com.au>

8
cluster.c
View file

@ -1,6 +1,6 @@
// L2TPNS Clustering Stuff // L2TPNS Clustering Stuff
char const *cvs_id_cluster = "$Id: cluster.c,v 1.53 2006-07-17 07:53:08 bodea Exp $"; char const *cvs_id_cluster = "$Id: cluster.c,v 1.54 2006-12-04 20:50:02 bodea Exp $";
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -1453,7 +1453,11 @@ static int cluster_process_heartbeat(uint8_t *data, int size, int more, uint8_t
return -1; // Ignore it?? return -1; // Ignore it??
} }
// Ok. It's a heartbeat packet from a cluster master! if (size > sizeof(past_hearts[0].data)) {
LOG(0, 0, 0, "Received an oversize heartbeat from %s (%d)!\n", fmtaddr(addr, 0), size);
return -1;
}
if (s < sizeof(*h)) if (s < sizeof(*h))
goto shortpacket; goto shortpacket;

2
l2tpns.spec
View file

@ -43,5 +43,5 @@ rm -rf %{buildroot}
%attr(644,root,root) /usr/share/man/man[58]/* %attr(644,root,root) /usr/share/man/man[58]/*
%changelog %changelog
* Thu Aug 3 2006 Brendan O'Dea <bod@optus.net> 2.2.0-1 * Tue Dec 5 2006 Brendan O'Dea <bod@optus.net> 2.2.0-1
- 2.2.0 release, see /usr/share/doc/l2tpns-2.2.0/Changes - 2.2.0 release, see /usr/share/doc/l2tpns-2.2.0/Changes