Security fix for CVE-2012-5645

freeciv: DoS (memory exhaustion or excessive CPU consumption) via malformed network packets
2012-12-18 20:09:08 +00:00 · 2012-12-18 20:09:08 +00:00 · 6a39409e47
commit 6a39409e47
parent 9aa94f3d19
2 changed files with 29 additions and 1 deletions
--- a/games/freeciv/Makefile
+++ b/games/freeciv/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.89 2012/06/15 08:32:15 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.90 2012/12/18 20:09:08 jasper Exp $

 COMMENT-main=	Civilization clone for X11; multiplayer; game server
 COMMENT-client=	Freeciv client
@ -7,6 +7,7 @@ COMMENT-share=	shared data files for Freeciv
 VERSION=	2.2.7
 DISTNAME=	freeciv-${VERSION}
 PKGNAME-main=	freeciv-server-${VERSION}
+REVISION-main=	0
 PKGNAME-client=	freeciv-client-${VERSION}
 PKGNAME-share=	freeciv-share-${VERSION}
 REVISION-client=2
--- a/games/freeciv/patches/patch-common_packets_c
+++ b/games/freeciv/patches/patch-common_packets_c
@ -0,0 +1,27 @@
+$OpenBSD: patch-common_packets_c,v 1.1 2012/12/18 20:09:08 jasper Exp $
+
+Security fix for CVE-2012-5645
+freeciv: DoS (memory exhaustion or excessive CPU consumption) via malformed network packets
+
+Backported from:
+http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21670
+
+--- common/packets.c.orig	Sat Jul 16 21:12:04 2011
+++ common/packets.c	Tue Dec 18 21:03:04 2012
+@@ -363,6 +363,16 @@ void *get_packet_from_connection(struct connection *pc
+     return NULL;		/* not all data has been read */
+   }
+ 
+  if (whole_packet_len < header_size) {
+    freelog(LOG_ERROR, "The packet size is reported to be less than header alone. "
+                "The connection will be closed now.");
+    CLOSE_FUN close_callback = close_socket_get_callback();
+    assert(close_callback);
+    (*close_callback) (pc);
+    
+    return NULL;
+  }
+  
+ #ifdef USE_COMPRESSION
+   if (compressed_packet) {
+     uLong compressed_size = whole_packet_len - header_size;