This fixes: CVE-2014-3158 and some other bugs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 42525
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ppp
-PKG_VERSION:=2.4.6
+PKG_VERSION:=2.4.7
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=ftp://ftp.samba.org/pub/ppp/
-PKG_MD5SUM:=3434d2cc9327167a0723aaaa8670083b
+PKG_MD5SUM:=78818f40e6d33a1d1de68a1551f6595a
PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org>
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
"Enable multilink operation", OPT_PRIO | 1 },
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -317,6 +317,8 @@ extern bool tune_kernel; /* May alter ke
+@@ -318,6 +318,8 @@ extern bool tune_kernel; /* May alter ke
extern int connect_delay; /* Time to delay after connect script */
extern int max_data_rate; /* max bytes/sec through charshunt */
extern int req_unit; /* interface unit number to use */
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
-@@ -453,6 +453,13 @@ int generic_establish_ppp (int fd)
+@@ -458,6 +458,13 @@ int generic_establish_ppp (int fd)
if (new_style_driver) {
int flags;
} else {
--- a/pppd/ipv6cp.c
+++ b/pppd/ipv6cp.c
-@@ -1243,7 +1243,7 @@ ipv6cp_up(f)
+@@ -1232,7 +1232,7 @@ ipv6cp_up(f)
}
}
} else {
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -584,7 +584,7 @@ void demand_conf __P((void)); /* config
+@@ -585,7 +585,7 @@ void demand_conf __P((void)); /* config
void demand_block __P((void)); /* set all NPs to queue up packets */
void demand_unblock __P((void)); /* set all NPs to pass packets */
void demand_discard __P((void)); /* set all NPs to discard packets */
.B nodeflate
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -664,7 +664,7 @@ int sif6addr __P((int, eui64_t, eui64_t
+@@ -667,7 +667,7 @@ int sif6addr __P((int, eui64_t, eui64_t
int cif6addr __P((int, eui64_t, eui64_t));
/* Remove an IPv6 address from i/f */
#endif
/* Delete default route through i/f */
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
-@@ -206,6 +206,8 @@ static unsigned char inbuf[512]; /* buff
-
+@@ -207,6 +207,8 @@ static unsigned char inbuf[512]; /* buff
static int if_is_up; /* Interface has been marked up */
+ static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */
static int have_default_route; /* Gateway for default route added */
+static struct rtentry old_def_rt; /* Old default route */
+static int default_rt_repl_rest; /* replace and restore old default rt */
static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */
static char proxy_arp_dev[16]; /* Device for proxy arp entry */
static u_int32_t our_old_addr; /* for detecting address changes */
-@@ -1544,6 +1546,9 @@ static int read_route_table(struct rtent
+@@ -1552,6 +1554,9 @@ static int read_route_table(struct rtent
p = NULL;
}
SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16);
SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16);
SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16);
-@@ -1613,20 +1618,51 @@ int have_route_to(u_int32_t addr)
+@@ -1621,20 +1626,51 @@ int have_route_to(u_int32_t addr)
/********************************************************************
*
* sifdefaultroute - assign a default route through the address given.
}
memset (&rt, 0, sizeof (rt));
-@@ -1641,10 +1677,16 @@ int sifdefaultroute (int unit, u_int32_t
+@@ -1649,10 +1685,16 @@ int sifdefaultroute (int unit, u_int32_t
rt.rt_flags = RTF_UP;
if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) {
have_default_route = 1;
return 1;
-@@ -1675,11 +1717,21 @@ int cifdefaultroute (int unit, u_int32_t
+@@ -1683,11 +1725,21 @@ int cifdefaultroute (int unit, u_int32_t
rt.rt_flags = RTF_UP;
if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) {
if (still_ppp()) {
}
--- a/pppd/sys-solaris.c
+++ b/pppd/sys-solaris.c
-@@ -2036,12 +2036,18 @@ cifaddr(u, o, h)
+@@ -2039,12 +2039,18 @@ cifaddr(u, o, h)
* sifdefaultroute - assign a default route through the address given.
*/
int
"Enable multilink operation", OPT_PRIO | 1 },
--- a/pppd/ipv6cp.c
+++ b/pppd/ipv6cp.c
-@@ -1303,7 +1303,7 @@ ipv6cp_up(f)
+@@ -1269,7 +1269,7 @@ ipv6cp_up(f)
*/
if (ipv6cp_script_state == s_down && ipv6cp_script_pid == 0) {
ipv6cp_script_state = s_up;
}
}
-@@ -1357,7 +1357,7 @@ ipv6cp_down(f)
+@@ -1321,7 +1321,7 @@ ipv6cp_down(f)
/* Execute the ipv6-down script */
if (ipv6cp_script_state == s_up && ipv6cp_script_pid == 0) {
ipv6cp_script_state = s_down;
}
}
-@@ -1400,13 +1400,13 @@ ipv6cp_script_done(arg)
+@@ -1364,13 +1364,13 @@ ipv6cp_script_done(arg)
case s_up:
if (ipv6cp_fsm[0].state != OPENED) {
ipv6cp_script_state = s_down;
}
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -319,6 +319,8 @@ extern int max_data_rate; /* max bytes/s
+@@ -320,6 +320,8 @@ extern int max_data_rate; /* max bytes/s
extern int req_unit; /* interface unit number to use */
extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */
extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */
#ifdef MAXOCTETS
{ "maxoctets", o_int, &maxoctets,
"Set connection traffic limit",
-@@ -1488,6 +1504,29 @@ callfile(argv)
+@@ -1493,6 +1509,29 @@ callfile(argv)
return ok;
}
/*
* Limits.
*/
-@@ -316,6 +320,7 @@ extern char *record_file; /* File to rec
+@@ -317,6 +321,7 @@ extern char *record_file; /* File to rec
extern bool sync_serial; /* Device is synchronous serial device */
extern int maxfail; /* Max # of unsuccessful connection attempts */
extern char linkname[MAXPATHLEN]; /* logical name for link */
static int tty_disc = N_TTY; /* The TTY discipline */
static int ppp_disc = N_PPP; /* The PPP discpline */
static int initfdflags = -1; /* Initial file descriptor flags for fd */
-@@ -615,7 +619,8 @@ void generic_disestablish_ppp(int dev_fd
+@@ -620,7 +624,8 @@ void generic_disestablish_ppp(int dev_fd
*/
static int make_ppp_unit()
{
if (ppp_dev_fd >= 0) {
dbglog("in make_ppp_unit, already had /dev/ppp open?");
-@@ -638,6 +643,30 @@ static int make_ppp_unit()
+@@ -643,6 +648,30 @@ static int make_ppp_unit()
}
if (x < 0)
error("Couldn't create new ppp unit: %m");
&& memcmp(vd.dptr, key.dptr, vd.dsize) == 0;
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
-@@ -693,6 +693,16 @@ void cfg_bundle(int mrru, int mtru, int
+@@ -698,6 +698,16 @@ void cfg_bundle(int mrru, int mtru, int
add_fd(ppp_dev_fd);
}
/*
* make_new_bundle - create a new PPP unit (i.e. a bundle)
* and connect our channel to it. This should only get called
-@@ -711,6 +721,8 @@ void make_new_bundle(int mrru, int mtru,
+@@ -716,6 +726,8 @@ void make_new_bundle(int mrru, int mtru,
/* set the mrru and flags */
cfg_bundle(mrru, mtru, rssn, tssn);
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
-@@ -1748,6 +1748,7 @@ int cifdefaultroute (int unit, u_int32_t
+@@ -1756,6 +1756,7 @@ int cifdefaultroute (int unit, u_int32_t
SIN_ADDR(rt.rt_genmask) = 0L;
}
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
-@@ -1702,6 +1702,9 @@ int sifdefaultroute (int unit, u_int32_t
+@@ -1710,6 +1710,9 @@ int sifdefaultroute (int unit, u_int32_t
memset (&rt, 0, sizeof (rt));
SET_SA_FAMILY (rt.rt_dst, AF_INET);
rt.rt_dev = ifname;
if (kernel_version > KVERSION(2,1,0)) {
-@@ -1709,7 +1712,7 @@ int sifdefaultroute (int unit, u_int32_t
+@@ -1717,7 +1720,7 @@ int sifdefaultroute (int unit, u_int32_t
SIN_ADDR(rt.rt_genmask) = 0L;
}
static char loop_name[20];
static unsigned char inbuf[512]; /* buffer for chars read from loopback */
-@@ -213,8 +213,8 @@ static int looped; /* 1 if using loop
+@@ -214,8 +214,8 @@ static int looped; /* 1 if using loop
static int link_mtu; /* mtu for the link (not bundle) */
static struct utsname utsname; /* for the kernel version */
#define MAX_IFS 100
-@@ -1443,11 +1443,12 @@ int ccp_fatal_error (int unit)
+@@ -1451,11 +1451,12 @@ int ccp_fatal_error (int unit)
*
* path_to_procfs - find the path to the proc file system mount point
*/
struct mntent *mntent;
FILE *fp;
-@@ -1469,6 +1470,7 @@ static char *path_to_procfs(const char *
+@@ -1477,6 +1478,7 @@ static char *path_to_procfs(const char *
fclose (fp);
}
}
strlcpy(proc_path + proc_path_len, tail,
sizeof(proc_path) - proc_path_len);
-@@ -2121,15 +2123,19 @@ int ppp_available(void)
+@@ -2129,15 +2131,19 @@ int ppp_available(void)
int my_version, my_modification, my_patch;
int osmaj, osmin, ospatch;
/* XXX should get from driver */
driver_version = 2;
-@@ -2189,6 +2195,7 @@ int ppp_available(void)
+@@ -2197,6 +2203,7 @@ int ppp_available(void)
if (ok && ((ifr.ifr_hwaddr.sa_family & ~0xFF) != ARPHRD_PPP))
ok = 0;
/*
* This is the PPP device. Validate the version of the driver at this
-@@ -2684,6 +2691,7 @@ get_pty(master_fdp, slave_fdp, slave_nam
+@@ -2730,6 +2737,7 @@ get_pty(master_fdp, slave_fdp, slave_nam
}
#endif /* TIOCGPTN */
if (sfd < 0) {
/* the old way - scan through the pty name space */
for (i = 0; i < 64; ++i) {
-@@ -2702,6 +2710,7 @@ get_pty(master_fdp, slave_fdp, slave_nam
+@@ -2748,6 +2756,7 @@ get_pty(master_fdp, slave_fdp, slave_nam
}
}
}
info("RP-PPPoE plugin version %s compiled against pppd %s",
--- a/pppd/plugins/pppol2tp/pppol2tp.c
+++ b/pppd/plugins/pppol2tp/pppol2tp.c
-@@ -500,12 +500,7 @@ static void pppol2tp_cleanup(void)
+@@ -486,12 +486,7 @@ static void pppol2tp_cleanup(void)
void plugin_init(void)
{
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
-@@ -316,7 +316,6 @@ extern int holdoff; /* Dead time before
+@@ -317,7 +317,6 @@ extern int holdoff; /* Dead time before
extern bool holdoff_specified; /* true if user gave a holdoff value */
extern bool notty; /* Stdin/out is not a tty */
extern char *pty_socket; /* Socket to connect to pty */
extern char linkname[MAXPATHLEN]; /* logical name for link */
--- a/pppd/tty.c
+++ b/pppd/tty.c
-@@ -145,7 +145,7 @@ char *disconnect_script = NULL; /* Scrip
+@@ -146,7 +146,7 @@ char *disconnect_script = NULL; /* Scrip
char *welcomer = NULL; /* Script to run after phys link estab. */
char *ptycommand = NULL; /* Command to run on other side of pty */
bool notty = 0; /* Stdin/out is not a tty */
int max_data_rate; /* max bytes/sec through charshunt */
bool sync_serial = 0; /* Device is synchronous serial device */
char *pty_socket = NULL; /* Socket to connect to pty */
-@@ -201,8 +201,10 @@ option_t tty_options[] = {
+@@ -202,8 +202,10 @@ option_t tty_options[] = {
"Send and receive over socket, arg is host:port",
OPT_PRIO | OPT_DEVNAM },
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
-@@ -2259,6 +2259,7 @@ int ppp_available(void)
+@@ -2267,6 +2267,7 @@ int ppp_available(void)
void logwtmp (const char *line, const char *name, const char *host)
{
struct utmp ut, *utp;
pid_t mypid = getpid();
#if __GLIBC__ < 2
-@@ -2324,6 +2325,7 @@ void logwtmp (const char *line, const ch
+@@ -2332,6 +2333,7 @@ void logwtmp (const char *line, const ch
close (wtmp);
}
#endif
+++ /dev/null
-Index: ppp-2.4.6/pppd/chap_ms.c
-===================================================================
---- ppp-2.4.6.orig/pppd/chap_ms.c 2014-07-29 00:38:03.073968867 +0100
-+++ ppp-2.4.6/pppd/chap_ms.c 2014-07-29 00:41:52.897964689 +0100
-@@ -382,7 +382,7 @@
- unsigned char *private)
- {
- const struct chapms2_response_cache_entry *cache_entry;
-- unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH];
-+ unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH+1];
-
- challenge++; /* skip length, should be 16 */
- *response++ = MS_CHAP2_RESPONSE_LEN;