Revert "Security fix CVE-2012-3955"

This reverts commit 5db2ea2fb3a8fd0ece5512188d39594f50b436b6.
2025-02-23 13:32:48 +00:00 · 2012-09-20 17:49:36 +07:00 · 2012-09-20 17:49:36 +07:00 · bb3be569e3
commit bb3be569e3
parent 5315df66ac
2 changed files with 1 additions and 126 deletions
--- a/dhcp-4.1.1-P1-CVE-2012-3955.patch
+++ b/dhcp-4.1.1-P1-CVE-2012-3955.patch
@ -1,121 +0,0 @@
-diff -rup dhcp-4.1-ESV-R6/server/dhcpv6.c dhcp-4.1-ESV-R7/server/dhcpv6.c
--- dhcp-4.1-ESV-R6/server/dhcpv6.c	2012-07-13 08:11:52.000000000 +0200
-+++ dhcp-4.1-ESV-R7/server/dhcpv6.c	2012-08-23 20:23:54.000000000 +0200
-@@ -1830,9 +1830,6 @@ reply_process_ia_na(struct reply_state *
- 			ia_reference(&tmp->ia, reply->ia, MDL);
- 
- 			/* Commit 'hard' bindings. */
-			tmp->hard_lifetime_end_time =
-				tmp->soft_lifetime_end_time;
-			tmp->soft_lifetime_end_time = 0;
- 			renew_lease6(tmp->ipv6_pool, tmp);
- 			schedule_lease_timeout(tmp->ipv6_pool);
- 
-@@ -2489,9 +2486,6 @@ reply_process_ia_ta(struct reply_state *
- 			ia_reference(&tmp->ia, reply->ia, MDL);
- 
- 			/* Commit 'hard' bindings. */
-			tmp->hard_lifetime_end_time =
-				tmp->soft_lifetime_end_time;
-			tmp->soft_lifetime_end_time = 0;
- 			renew_lease6(tmp->ipv6_pool, tmp);
- 			schedule_lease_timeout(tmp->ipv6_pool);
- 
-@@ -3359,9 +3353,6 @@ reply_process_ia_pd(struct reply_state *
- 			ia_reference(&tmp->ia, reply->ia, MDL);
- 
- 			/* Commit 'hard' bindings. */
-			tmp->hard_lifetime_end_time =
-				tmp->soft_lifetime_end_time;
-			tmp->soft_lifetime_end_time = 0;
- 			renew_lease6(tmp->ipv6_pool, tmp);
- 			schedule_lease_timeout(tmp->ipv6_pool);
- 		}
-diff -rup dhcp-4.1-ESV-R6/server/mdb6.c dhcp-4.1-ESV-R7/server/mdb6.c
--- dhcp-4.1-ESV-R6/server/mdb6.c	2012-07-13 08:11:52.000000000 +0200
-+++ dhcp-4.1-ESV-R7/server/mdb6.c	2012-08-23 20:23:54.000000000 +0200
-@@ -375,6 +378,8 @@ void
- ia_remove_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt,
- 		   const char *file, int line) {
- 	int i, j;
-+        if (ia == NULL || iasubopt == NULL)
-+            return;
- 
- 	for (i=0; i<ia->num_iasubopt; i++) {
- 		if (ia->iasubopt[i] == iasubopt) {
-@@ -1234,29 +1239,49 @@ move_lease_to_active(struct ipv6_pool *p
- 	return insert_result;
- }
- 
-/*
- * Renew an lease in the pool.
-+/*!
-+ * \brief Renew a lease in the pool.
-+ *
-+ * The hard_lifetime_end_time of the lease should be set to
-+ * the current expiration time.
-+ * The soft_lifetime_end_time of the lease should be set to
-+ * the desired expiration time.
-+ *
-+ * This routine will compare the two and call the correct
-+ * heap routine to move the lease.  If the lease is active
-+ * and the new expiration time is greater (the normal case)
-+ * then we call isc_heap_decreased() as a larger time is a
-+ * lower priority.  If the new expiration time is less then
-+ * we call isc_heap_increased().
-+ *
-+ * If the lease is abandoned then it will be on the active list
-+ * and we will always call isc_heap_increased() as the previous
-+ * expiration would have been all 1s (as close as we can get
-+ * to infinite).
-+ *
-+ * If the lease is moving to active we call that routine
-+ * which will move it from the inactive list to the active list.
-  *
- * To do this, first set the new hard_lifetime_end_time for the resource,
- * and then invoke renew_lease6() on it.
-+ * \param pool a pool the lease belongs to
-+ * \param lease the lease to be renewed
-  *
- * WARNING: lease times must only be extended, never reduced!!!
-+ * \return result of the renew operation (ISC_R_SUCCESS if successful,
-+           ISC_R_NOMEMORY when run out of memory)
-  */
- isc_result_t
- renew_lease6(struct ipv6_pool *pool, struct iasubopt *lease) {
-	/*
-	 * If we're already active, then we can just move our expiration
-	 * time down the heap. 
-	 *
-	 * If we're abandoned then we are already on the active list
-	 * but we need to retag the lease and move our expiration
-	 * from infinite to the current value
-	 *
-	 * Otherwise, we have to move from the inactive heap to the 
-	 * active heap.
-	 */
-+	time_t old_end_time = lease->hard_lifetime_end_time;
-+	lease->hard_lifetime_end_time = lease->soft_lifetime_end_time;
-+	lease->soft_lifetime_end_time = 0;
-+
- 	if (lease->state == FTS_ACTIVE) {
-		isc_heap_decreased(pool->active_timeouts, lease->heap_index);
-+		if (old_end_time <= lease->hard_lifetime_end_time) {
-+			isc_heap_decreased(pool->active_timeouts,
-+					   lease->heap_index);
-+		} else {
-+			isc_heap_increased(pool->active_timeouts,
-+					   lease->heap_index);
-+		}
- 		return ISC_R_SUCCESS;
- 	} else if (lease->state == FTS_ABANDONED) {
- 		char tmp_addr[INET6_ADDRSTRLEN];
-@@ -1382,7 +1407,7 @@ release_lease6(struct ipv6_pool *pool, s
-  * Create a prefix by hashing the input, and using that for
-  * the part subject to allocation.
-  */
-static void
-+void
- build_prefix6(struct in6_addr *pref, 
- 	      const struct in6_addr *net_start_pref,
- 	      int pool_bits, int pref_bits,
--- a/dhcp.spec
+++ b/dhcp.spec
@ -5,7 +5,7 @@ Summary:	The ISC DHCP (Dynamic Host Configuration Protocol) server/relay agent/c
 Name:		dhcp
 Epoch:		3
 Version:	4.2.1
-Release:	%mkrel 0.%{pver}.3
+Release:	%mkrel 0.%{pver}.2
 License:	Distributable
 Group:		System/Servers
 URL:		https://www.isc.org/software/dhcp
@ -31,7 +31,6 @@ Patch7:		dhcp-4.1.1-prevent_wireless_deassociation.patch
 # redhat bug #587070
 Patch9:		dhcp-4.1.1-useless-wait.patch
 Patch10:	dhcp-4.2.1-P1-CVE-2011-2748,2749.diff
-Patch11:	dhcp-4.1.1-P1-CVE-2012-3955.patch
 BuildRequires:	perl groff-for-man
 BuildRequires:	openldap-devel
 Provides:	dhcpd
@ -340,9 +339,6 @@ rm -rf %{buildroot}


 %changelog
-* Wed Sep 19 2012 Kuzma Kazygashev <kuzma.kazygashev@rosalab.ru>
- Security fix for CVE-2012-3955
-
 * Thu Aug 18 2011 Oden Eriksson <oeriksson@mandriva.com> 3:4.2.1-0.P1.2mdv2011.0
 + Revision: 695144
 - actually use the correct friggin patch...