From a2673dc53c4689798c1d70d7342cb3efadb0af74 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 19 Oct 2020 22:09:34 +0200 Subject: [PATCH] fastd: fix buffer leak when receiving invalid packets Signed-off-by: Matthias Schiffer --- net/fastd/Makefile | 2 +- ...er-leak-when-receiving-invalid-packe.patch | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 net/fastd/patches/0003-receive-fix-buffer-leak-when-receiving-invalid-packe.patch diff --git a/net/fastd/Makefile b/net/fastd/Makefile index 44b37b6ca3..f4890b5693 100644 --- a/net/fastd/Makefile +++ b/net/fastd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fastd PKG_VERSION:=18 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_MAINTAINER:=Matthias Schiffer PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz diff --git a/net/fastd/patches/0003-receive-fix-buffer-leak-when-receiving-invalid-packe.patch b/net/fastd/patches/0003-receive-fix-buffer-leak-when-receiving-invalid-packe.patch new file mode 100644 index 0000000000..b67a85c4e4 --- /dev/null +++ b/net/fastd/patches/0003-receive-fix-buffer-leak-when-receiving-invalid-packe.patch @@ -0,0 +1,42 @@ +From f6a2651fa91c472d04cb34264718f761669c8aa1 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Matthias Schiffer +Date: Mon, 19 Oct 2020 21:08:16 +0200 +Subject: [PATCH] receive: fix buffer leak when receiving invalid packets + +For fastd versions before v20, this was just a memory leak (which could +still be used for DoS, as it's remotely triggerable). With the new +buffer management of fastd v20, this will trigger an assertion failure +instead as soon as the buffer pool is empty. + +(cherry picked from commit 737925113363b6130879729cdff9ccc46c33eaea) +--- + src/receive.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/src/receive.c ++++ b/src/receive.c +@@ -186,6 +186,11 @@ static inline void handle_socket_receive + + case PACKET_HANDSHAKE: + fastd_handshake_handle(sock, local_addr, remote_addr, peer, buffer); ++ break; ++ ++ default: ++ fastd_buffer_free(buffer); ++ pr_debug("received packet with invalid type from %P[%I]", peer, remote_addr); + } + } + +@@ -211,6 +216,11 @@ static inline void handle_socket_receive + + case PACKET_HANDSHAKE: + fastd_handshake_handle(sock, local_addr, remote_addr, NULL, buffer); ++ break; ++ ++ default: ++ fastd_buffer_free(buffer); ++ pr_debug("received packet with invalid type from unknown address %I", remote_addr); + } + } + -- 2.30.2