Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:saltstack:bundle:testing
saltbundle-zeromq
CVE-2020-15166.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-15166.patch of Package saltbundle-zeromq
From 6557497b7095399424fe24e83bd936a3d54d4175 Mon Sep 17 00:00:00 2001 From: Doron Somech <somdoron@gmail.com> Date: Wed, 13 May 2020 17:32:06 +0300 Subject: [PATCH] problem: zeromq connects peer before handshake is completed Solution: delay connecting the peer pipe until the handshake is completed (cherry picked from commit e7f0090b161ce6344f6bd35009816a925c070b09) Conflicts: src/i_engine.hpp src/norm_engine.hpp src/pgm_receiver.hpp src/pgm_sender.hpp src/raw_engine.cpp src/session_base.cpp src/session_base.hpp src/stream_engine_base.cpp src/stream_engine_base.hpp src/udp_engine.hpp src/ws_engine.cpp src/zmtp_engine.cpp --- src/i_engine.hpp | 4 ++++ src/ipc_connecter.cpp | 2 +- src/ipc_listener.cpp | 2 +- src/norm_engine.hpp | 2 ++ src/pgm_receiver.hpp | 1 + src/pgm_sender.hpp | 1 + src/session_base.cpp | 19 +++++++++++++------ src/session_base.hpp | 1 + src/socks_connecter.cpp | 2 +- src/stream_engine.cpp | 12 ++++++++++-- src/stream_engine.hpp | 8 +++++++- src/tcp_connecter.cpp | 2 +- src/tcp_listener.cpp | 2 +- src/tipc_connecter.cpp | 2 +- src/tipc_listener.cpp | 2 +- src/udp_engine.hpp | 2 ++ 16 files changed, 48 insertions(+), 16 deletions(-) Index: zeromq-4.2.3/src/i_engine.hpp =================================================================== --- zeromq-4.2.3.orig/src/i_engine.hpp +++ zeromq-4.2.3/src/i_engine.hpp @@ -41,6 +41,10 @@ namespace zmq { virtual ~i_engine () {} + // Indicate if the engine has an handshake stage. + // If engine has handshake stage, engine must call session.engine_ready when the handshake is complete. + virtual bool has_handshake_stage () = 0; + // Plug the engine to the session. virtual void plug (zmq::io_thread_t *io_thread_, class session_base_t *session_) = 0; Index: zeromq-4.2.3/src/ipc_connecter.cpp =================================================================== --- zeromq-4.2.3.orig/src/ipc_connecter.cpp +++ zeromq-4.2.3/src/ipc_connecter.cpp @@ -123,7 +123,7 @@ void zmq::ipc_connecter_t::out_event () } // Create the engine object for this connection. stream_engine_t *engine = new (std::nothrow) - stream_engine_t (fd, options, endpoint); + stream_engine_t (fd, options, endpoint, !options.raw_socket); alloc_assert (engine); // Attach the engine to the corresponding session object. Index: zeromq-4.2.3/src/ipc_listener.cpp =================================================================== --- zeromq-4.2.3.orig/src/ipc_listener.cpp +++ zeromq-4.2.3/src/ipc_listener.cpp @@ -172,7 +172,7 @@ void zmq::ipc_listener_t::in_event () // Create the engine object for this connection. stream_engine_t *engine = new (std::nothrow) - stream_engine_t (fd, options, endpoint); + stream_engine_t (fd, options, endpoint, !options.raw_socket); alloc_assert (engine); // Choose I/O thread to run connecter in. Given that we are already Index: zeromq-4.2.3/src/norm_engine.hpp =================================================================== --- zeromq-4.2.3.orig/src/norm_engine.hpp +++ zeromq-4.2.3/src/norm_engine.hpp @@ -27,6 +27,8 @@ namespace zmq int init(const char* network_, bool send, bool recv); void shutdown(); + bool has_handshake_stage () { return false; }; + // i_engine interface implementation. // Plug the engine to the session. virtual void plug (zmq::io_thread_t *io_thread_, Index: zeromq-4.2.3/src/pgm_receiver.hpp =================================================================== --- zeromq-4.2.3.orig/src/pgm_receiver.hpp +++ zeromq-4.2.3/src/pgm_receiver.hpp @@ -58,6 +58,7 @@ namespace zmq int init (bool udp_encapsulation_, const char *network_); // i_engine interface implementation. + bool has_handshake_stage () { return false; }; void plug (zmq::io_thread_t *io_thread_, zmq::session_base_t *session_); void terminate (); Index: zeromq-4.2.3/src/pgm_sender.hpp =================================================================== --- zeromq-4.2.3.orig/src/pgm_sender.hpp +++ zeromq-4.2.3/src/pgm_sender.hpp @@ -57,6 +57,7 @@ namespace zmq int init (bool udp_encapsulation_, const char *network_); // i_engine interface implementation. + bool has_handshake_stage () { return false; }; void plug (zmq::io_thread_t *io_thread_, zmq::session_base_t *session_); void terminate (); Index: zeromq-4.2.3/src/session_base.cpp =================================================================== --- zeromq-4.2.3.orig/src/session_base.cpp +++ zeromq-4.2.3/src/session_base.cpp @@ -280,7 +280,8 @@ void zmq::session_base_t::read_activated } if (unlikely (engine == NULL)) { - pipe->check_read (); + if (pipe) + pipe->check_read (); return; } @@ -383,7 +384,18 @@ bool zmq::session_base_t::zap_enabled () void zmq::session_base_t::process_attach (i_engine *engine_) { zmq_assert (engine_ != NULL); + zmq_assert (!engine); + engine = engine_; + + if (!engine_->has_handshake_stage ()) + engine_ready (); + + // Plug in the engine. + engine->plug (io_thread, this); +} +void zmq::session_base_t::engine_ready () +{ // Create the pipe if it does not exist yet. if (!pipe && !is_terminating ()) { object_t *parents [2] = {this, socket}; @@ -412,11 +424,6 @@ void zmq::session_base_t::process_attach // Ask socket to plug into the remote end of the pipe. send_bind (socket, pipes [1]); } - - // Plug in the engine. - zmq_assert (!engine); - engine = engine_; - engine->plug (io_thread, this); } void zmq::session_base_t::engine_error ( Index: zeromq-4.2.3/src/session_base.hpp =================================================================== --- zeromq-4.2.3.orig/src/session_base.hpp +++ zeromq-4.2.3/src/session_base.hpp @@ -67,6 +67,7 @@ namespace zmq virtual void reset (); void flush (); void engine_error (zmq::stream_engine_t::error_reason_t reason); + void engine_ready (); // i_pipe_events interface implementation. void read_activated (zmq::pipe_t *pipe_); Index: zeromq-4.2.3/src/socks_connecter.cpp =================================================================== --- zeromq-4.2.3.orig/src/socks_connecter.cpp +++ zeromq-4.2.3/src/socks_connecter.cpp @@ -151,7 +151,7 @@ void zmq::socks_connecter_t::in_event () else { // Create the engine object for this connection. stream_engine_t *engine = new (std::nothrow) - stream_engine_t (s, options, endpoint); + stream_engine_t (s, options, endpoint, !options.raw_socket); alloc_assert (engine); // Attach the engine to the corresponding session object. Index: zeromq-4.2.3/src/stream_engine.cpp =================================================================== --- zeromq-4.2.3.orig/src/stream_engine.cpp +++ zeromq-4.2.3/src/stream_engine.cpp @@ -63,7 +63,8 @@ #include "wire.hpp" zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_, - const std::string &endpoint_) : + const std::string &endpoint_, + bool has_handshake_stage_) : s (fd_), as_server(false), handle((handle_t)NULL), @@ -78,6 +79,7 @@ zmq::stream_engine_t::stream_engine_t (f greeting_size (v2_greeting_size), greeting_bytes_read (0), session (NULL), + _has_handshake_stage (has_handshake_stage_), options (options_), endpoint (endpoint_), plugged (false), @@ -290,9 +292,12 @@ void zmq::stream_engine_t::in_event () zmq_assert (!io_error); // If still handshaking, receive and process the greeting message. - if (unlikely (handshaking)) + if (unlikely (handshaking)) { if (!handshake ()) return; + else if (mechanism == NULL && _has_handshake_stage) + session->engine_ready (); + } zmq_assert (decoder); @@ -839,6 +844,9 @@ void zmq::stream_engine_t::mechanism_rea has_heartbeat_timer = true; } + if (_has_handshake_stage) + session->engine_ready (); + if (options.recv_routing_id) { msg_t routing_id; mechanism->peer_routing_id (&routing_id); Index: zeromq-4.2.3/src/stream_engine.hpp =================================================================== --- zeromq-4.2.3.orig/src/stream_engine.hpp +++ zeromq-4.2.3/src/stream_engine.hpp @@ -69,10 +69,12 @@ namespace zmq }; stream_engine_t (fd_t fd_, const options_t &options_, - const std::string &endpoint); + const std::string &endpoint, + bool has_handshake_stage); ~stream_engine_t (); // i_engine interface implementation. + bool has_handshake_stage () { return _has_handshake_stage; }; void plug (zmq::io_thread_t *io_thread_, zmq::session_base_t *session_); void terminate (); @@ -176,6 +178,10 @@ namespace zmq // The session this engine is attached to. zmq::session_base_t *session; + // Indicate if engine has an handshake stage, if it does, engine must call session.engine_ready + // when handshake is completed. + bool _has_handshake_stage; + options_t options; // String representation of endpoint Index: zeromq-4.2.3/src/tcp_connecter.cpp =================================================================== --- zeromq-4.2.3.orig/src/tcp_connecter.cpp +++ zeromq-4.2.3/src/tcp_connecter.cpp @@ -156,7 +156,7 @@ void zmq::tcp_connecter_t::out_event () // Create the engine object for this connection. stream_engine_t *engine = new (std::nothrow) - stream_engine_t (fd, options, endpoint); + stream_engine_t (fd, options, endpoint, !options.raw_socket); alloc_assert (engine); // Attach the engine to the corresponding session object. Index: zeromq-4.2.3/src/tcp_listener.cpp =================================================================== --- zeromq-4.2.3.orig/src/tcp_listener.cpp +++ zeromq-4.2.3/src/tcp_listener.cpp @@ -108,7 +108,7 @@ void zmq::tcp_listener_t::in_event () // Create the engine object for this connection. stream_engine_t *engine = new (std::nothrow) - stream_engine_t (fd, options, endpoint); + stream_engine_t (fd, options, endpoint, !options.raw_socket); alloc_assert (engine); // Choose I/O thread to run connecter in. Given that we are already Index: zeromq-4.2.3/src/tipc_connecter.cpp =================================================================== --- zeromq-4.2.3.orig/src/tipc_connecter.cpp +++ zeromq-4.2.3/src/tipc_connecter.cpp @@ -123,7 +123,7 @@ void zmq::tipc_connecter_t::out_event () return; } // Create the engine object for this connection. - stream_engine_t *engine = new (std::nothrow) stream_engine_t (fd, options, endpoint); + stream_engine_t *engine = new (std::nothrow) stream_engine_t (fd, options, endpoint, !options.raw_socket); alloc_assert (engine); // Attach the engine to the corresponding session object. Index: zeromq-4.2.3/src/tipc_listener.cpp =================================================================== --- zeromq-4.2.3.orig/src/tipc_listener.cpp +++ zeromq-4.2.3/src/tipc_listener.cpp @@ -91,7 +91,7 @@ void zmq::tipc_listener_t::in_event () } // Create the engine object for this connection. - stream_engine_t *engine = new (std::nothrow) stream_engine_t (fd, options, endpoint); + stream_engine_t *engine = new (std::nothrow) stream_engine_t (fd, options, endpoint, !options.raw_socket); alloc_assert (engine); // Choose I/O thread to run connecter in. Given that we are already Index: zeromq-4.2.3/src/udp_engine.hpp =================================================================== --- zeromq-4.2.3.orig/src/udp_engine.hpp +++ zeromq-4.2.3/src/udp_engine.hpp @@ -23,6 +23,8 @@ namespace zmq int init (address_t *address_, bool send_, bool recv_); + bool has_handshake_stage () { return false; }; + // i_engine interface implementation. // Plug the engine to the session. void plug (zmq::io_thread_t *io_thread_, class session_base_t *session_);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor