isc-dhcp/patches/003-ISC-Bugs_41845.patch

This patch is ISC's mitigation code for CVE-2016-2774 - see ISC-Bugs
#41845. It was ported from ISC DHCP 4.3.4.

--- old/RELNOTES    Wed Mar 30 18:40:08 2016
+++ new/RELNOTES    Wed Mar 30 18:40:07 2016
@@ -1,6 +1,6 @@
          Internet Systems Consortium DHCP Distribution
-               Version 4.1-ESV-R7-P1
-                              01 January 2016
+               Version 4.1-ESV-R7-S2
+                              29 March 2016

                  Release Notes

@@ -54,10 +54,18 @@

            Changes since 4.1-ESV-R7-P1

+! Add an option in site.h to limit the number of failover and control
+  connections the server will accept.  By default this is 200.
+  [ISC-Bugs #41845]
+  CVE: CVE-2016-2774
+
+           Changes since 4.1-ESV-R7
+
 ! Update the bounds checking when receiving a packet.
   Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
   patch.
   [ISC-Bugs #41267]
+  CVE: CVE-2015-8605

            Changes since 4.1-ESV-R6

--- old/configure   Wed Mar 30 18:40:08 2016
+++ new/configure   Wed Mar 30 18:40:08 2016
@@ -574,8 +574,8 @@
 # Identity of this package.
 PACKAGE_NAME='DHCP'
 PACKAGE_TARNAME='dhcp'
-PACKAGE_VERSION='4.1-ESV-R7-P1'
-PACKAGE_STRING='DHCP 4.1-ESV-R7-P1'
+PACKAGE_VERSION='4.1-ESV-R7'
+PACKAGE_STRING='DHCP 4.1-ESV-R7'
 PACKAGE_BUGREPORT='dhcp-users@isc.org'

 # Factoring default headers for most tests.
@@ -2125,7 +2125,7 @@

 # Define the identity of the package.
  PACKAGE='dhcp'
- VERSION='4.1-ESV-R7-P1'
+ VERSION='4.1-ESV-R7'


 cat >>confdefs.h <<_ACEOF
--- old/configure.ac    Wed Mar 30 18:40:08 2016
+++ new/configure.ac    Wed Mar 30 18:40:08 2016
@@ -1,4 +1,4 @@
-AC_INIT([DHCP], [4.1-ESV-R7-P1], [dhcp-users@isc.org])
+AC_INIT([DHCP], [4.1-ESV-R7], [dhcp-users@isc.org])

 # we specify "foreign" to avoid having to have the GNU mandated files,
 # like AUTHORS, COPYING, and such
--- old/includes/site.h Wed Mar 30 18:40:10 2016
+++ new/includes/site.h Wed Mar 30 18:40:09 2016
@@ -217,3 +217,9 @@
    require the original functionality. */

 /* #define RFC3315_PRE_ERRATA_2010_08 */
+
+/* Limit the value of a file descriptor the server will use
+   when accepting a connecting request.  This can be used to
+   limit the number of TCP connections that the server will
+   allow at one time.  A value of 0 means there is no limit.*/
+#define MAX_FD_VALUE 200
--- old/omapip/listener.c   Wed Mar 30 18:40:10 2016
+++ new/omapip/listener.c   Wed Mar 30 18:40:09 2016
@@ -3,7 +3,7 @@
    Subroutines that support the generic listener object. */

 /*
- * Copyright (c) 2012 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1999-2003 by Internet Software Consortium
  *
@@ -232,7 +232,12 @@
            return ISC_R_NORESOURCES;
        return ISC_R_UNEXPECTED;
    }
-
+
+   if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
+       close(socket);
+       return (ISC_R_NORESOURCES);
+   }
+
 #if defined (TRACING)
    /* If we're recording a trace, remember the connection. */
    if (trace_record ()) {