aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch')
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch65
1 files changed, 0 insertions, 65 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
deleted file mode 100644
index 4836dbc2ac..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From b9f56d578ebfd649b5d829960540859ac6ca931c Mon Sep 17 00:00:00 2001
-From: Catalin Enache <catalin.enache@windriver.com>
-Date: Tue, 12 Apr 2016 18:23:31 +0300
-Subject: [PATCH] Add patch to limit the value of an fd we accept for a
- connection.
-
-By limiting the highest value we accept for an fd we limit the number
-of connections.
-
-Upstream-Status: Backport
-CVE: CVE-2016-2774
-
-Author: Shawn Routhier <sar@isc.org>
-Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
----
- includes/site.h | 6 ++++++
- omapip/listener.c | 9 +++++++--
- 3 files changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/includes/site.h b/includes/site.h
-index 9c33de3..df020c8 100644
---- a/includes/site.h
-+++ b/includes/site.h
-@@ -290,6 +290,12 @@
- this option will be removed at some time. */
- /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */
-
-+/* Limit the value of a file descriptor the serve will use
-+ when accepting a connecting request. This can be used to
-+ limit the number of TCP connections that the server will
-+ allow at one time. A value of 0 means there is no limit.*/
-+#define MAX_FD_VALUE 200
-+
- /* Include definitions for various options. In general these
- should be left as is, but if you have already defined one
- of these and prefer your definition you can comment the
-diff --git a/omapip/listener.c b/omapip/listener.c
-index 8bdcdbd..61473cf 100644
---- a/omapip/listener.c
-+++ b/omapip/listener.c
-@@ -3,7 +3,7 @@
- Subroutines that support the generic listener object. */
-
- /*
-- * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
-+ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1999-2003 by Internet Software Consortium
- *
-@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h)
- return ISC_R_NORESOURCES;
- return ISC_R_UNEXPECTED;
- }
--
-+
-+ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
-+ close(socket);
-+ return (ISC_R_NORESOURCES);
-+ }
-+
- #if defined (TRACING)
- /* If we're recording a trace, remember the connection. */
- if (trace_record ()) {
---
-2.7.4