collectd: upstream fix for vulnerabity in network plugin

Backport an upstream fix for a DDoS vulnerability in the
network plugin: CVE-2017-7401

The patch has been adapted from the fix for 5.6 branch,
as 5.5 is already EoL in practice.

Run-tested with R7800/ipq806x.

Signed-off-by: Hannu Nyman <[email protected]>

diff --git a/utils/collectd/Makefile b/utils/collectd/Makefile
index 70921245eab5624d29c067ae56fb19ad7616e430..6605d4a251a477b0b65a32d2083d9226cfc0d040 100644 (file)
--- a/utils/collectd/Makefile
+++ b/utils/collectd/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=collectd
 PKG_VERSION:=5.5.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://collectd.org/files/
@@ -17,7 +17,7 @@ PKG_MD5SUM:=6f10633d0f73f99ef61472a8e377d4a058de161e80f3353b4b17d394c68f2f44
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=aclocal.m4 libltdl/aclocal.m4
-PKG_MAINTAINER:=Jo-Philipp Wich <[email protected]>
+PKG_MAINTAINER:=Jo-Philipp Wich <[email protected]>, Hannu Nyman <[email protected]>
 
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1

diff --git a/utils/collectd/patches/050-upstream-fix-for-network-plugin-ddos.patch b/utils/collectd/patches/050-upstream-fix-for-network-plugin-ddos.patch
new file mode 100644 (file)
index 0000000..d4d333e
--- /dev/null
+++ b/utils/collectd/patches/050-upstream-fix-for-network-plugin-ddos.patch
@@ -0,0 +1,50 @@
+From f6be4f9b49b949b379326c3d7002476e6ce4f211 Mon Sep 17 00:00:00 2001
+From: Pavel Rochnyack <[email protected]>
+Date: Mon, 3 Apr 2017 11:57:09 +0600
+Subject: [PATCH] network plugin: Fix endless loop DOS in parse_packet()
+
+When correct 'Signature part' is received by Collectd, configured without
+AuthFile option, condition for endless loop occurs due to missing increase
+of pointer to next unprocessed part.
+
+Fixes: CVE-2017-7401
+
+Signed-off-by: Florian Forster <[email protected]>
+
+
+--- a/src/network.c
++++ b/src/network.c
+@@ -1066,14 +1066,6 @@ static int parse_part_sign_sha256 (socke
+   buffer_len = *ret_buffer_len;
+   buffer_offset = 0;
+ 
+-  if (se->data.server.userdb == NULL)
+-  {
+-    c_complain (LOG_NOTICE, &complain_no_users,
+-        "network plugin: Received signed network packet but can't verify it "
+-        "because no user DB has been configured. Will accept it.");
+-    return (0);
+-  }
+-
+   /* Check if the buffer has enough data for this structure. */
+   if (buffer_len <= PART_SIGNATURE_SHA256_SIZE)
+     return (-ENOMEM);
+@@ -1091,6 +1083,18 @@ static int parse_part_sign_sha256 (socke
+     return (-1);
+   }
+ 
++  if (se->data.server.userdb == NULL) {
++    c_complain(
++        LOG_NOTICE, &complain_no_users,
++        "network plugin: Received signed network packet but can't verify it "
++        "because no user DB has been configured. Will accept it.");
++
++    *ret_buffer = buffer + pss_head_length;
++    *ret_buffer_len -= pss_head_length;
++
++    return (0);
++  }
++
+   /* Copy the hash. */
+   BUFFER_READ (pss.hash, sizeof (pss.hash));
+