From 937de6f7c31917e339571615df888d62d8fdf0c5 Mon Sep 17 00:00:00 2001 From: Brian C. Lane Date: Jan 24 2012 18:15:10 +0000 Subject: - Upstream patch to fix buffer overflow with too many open fd's (#784301) https://projects.duckcorp.org/issues/269 - Switched spec to use git to apply patches --- diff --git a/0001-Setup-bip-for-Fedora-s-paths.patch b/0001-Setup-bip-for-Fedora-s-paths.patch new file mode 100644 index 0000000..6a365c6 --- /dev/null +++ b/0001-Setup-bip-for-Fedora-s-paths.patch @@ -0,0 +1,43 @@ +From 0e357353d1c3052f44db7b1e833d569998c99337 Mon Sep 17 00:00:00 2001 +From: Fedora Ninjas +Date: Tue, 24 Jan 2012 09:54:31 -0800 +Subject: [PATCH 1/3] Setup bip for Fedora's paths + +--- + samples/bip.conf | 6 +++--- + 1 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/samples/bip.conf b/samples/bip.conf +index 6761688..7edb36c 100644 +--- a/samples/bip.conf ++++ b/samples/bip.conf +@@ -9,7 +9,7 @@ ip = "0.0.0.0"; + # be sure to set the password to the value + # specified in the network you want to connect to. + # Port is 6667 by default. +-port = 7778; ++#port = 7778; + + # If you set this to true, you'll only be able to connect to bip + # with a SSL capable IRC client. Be sure to generate a certificate +@@ -21,7 +21,7 @@ client_side_ssl = false; + #client_side_ssl_pem = "/path/to/pemfile"; + + # Define where the pidfile should be stored. Defaults to /bip.pid +-#pid_file="/var/run/bip/bip.pid"; ++pid_file="/var/run/bip/bip.pid"; + + # Uncomment this line to disable logging and backlogging. + #log = false +@@ -37,7 +37,7 @@ log_level = 3; + # This is where logs go. Channel and private messages will use that + # configuration value as a prefix, and then log_format to determine + # full log filename. +-#log_root = "/var/proxy/logs"; ++log_root = "/var/log/bip"; + + # Uncomment this line to disable bip's internal messages logging. + # This is not recommended, a better option is to reduce log_level. +-- +1.7.6.5 + diff --git a/0002-Throttle-joins-to-prevent-flooding.patch b/0002-Throttle-joins-to-prevent-flooding.patch new file mode 100644 index 0000000..39f1208 --- /dev/null +++ b/0002-Throttle-joins-to-prevent-flooding.patch @@ -0,0 +1,56 @@ +From eb5a5e987969282ab7c1414e058ca17838d39b45 Mon Sep 17 00:00:00 2001 +From: Fedora Ninjas +Date: Tue, 24 Jan 2012 09:56:56 -0800 +Subject: [PATCH 2/3] Throttle joins to prevent flooding + +--- + src/irc.c | 6 +++++- + src/irc.h | 1 + + 2 files changed, 6 insertions(+), 1 deletions(-) + +diff --git a/src/irc.c b/src/irc.c +index c890ed6..631af6f 100644 +--- a/src/irc.c ++++ b/src/irc.c +@@ -16,6 +16,7 @@ + #include + #include + #include ++#include + #include "util.h" + #include "irc.h" + #include "bip.h" +@@ -213,6 +214,8 @@ static void irc_server_join(struct link_server *s) + WRITE_LINE1(CONN(s), NULL, "JOIN", ci->name); + else + WRITE_LINE2(CONN(s), NULL, "JOIN", ci->name, ci->key); ++ ++ usleep(1000 * JOIN_THROTTLE_MSEC); + } + } + +@@ -951,7 +954,8 @@ static int irc_cli_mode(struct link_client *ic, struct line *line) + + /* This is a wild guess and that sucks. */ + if (!irc_line_elem_equals(line, 0, "MODE") || +- strchr(irc_line_elem(line, 2), 'b') == NULL) ++ (strchr(irc_line_elem(line, 2), 'b') == NULL && ++ strchr(irc_line_elem(line, 2), 'q') == NULL)) + return OK_COPY; + + ++ic->who_count; +diff --git a/src/irc.h b/src/irc.h +index 006aa08..a4964ef 100644 +--- a/src/irc.h ++++ b/src/irc.h +@@ -28,6 +28,7 @@ + #define P_SERV "b.i.p" + #define S_PING "BIPPING" + #define P_IRCMASK "-bip!bip@" P_SERV ++#define JOIN_THROTTLE_MSEC 300 + + struct server { + char *host; +-- +1.7.6.5 + diff --git a/0003-Buffer-Overflow-check-against-the-implicit-size-of-s.patch b/0003-Buffer-Overflow-check-against-the-implicit-size-of-s.patch new file mode 100644 index 0000000..25ad10f --- /dev/null +++ b/0003-Buffer-Overflow-check-against-the-implicit-size-of-s.patch @@ -0,0 +1,129 @@ +From a26cf2be67971b752c120fd3bbee9e7211159184 Mon Sep 17 00:00:00 2001 +From: Pierre-Louis Bonicoli +Date: Sat, 7 Jan 2012 11:41:02 +0100 +Subject: [PATCH 3/3] Buffer Overflow: check against the implicit size of + select() arrays + +Reported by Julien Tinnes (Fix #269) +exit is called when the listening socket can not be created +--- + src/bip.c | 2 +- + src/connection.c | 46 ++++++++++++++++++++++++++++++++++++++-------- + src/irc.c | 7 ++++--- + 3 files changed, 43 insertions(+), 12 deletions(-) + +diff --git a/src/bip.c b/src/bip.c +index a361847..4c37570 100644 +--- a/src/bip.c ++++ b/src/bip.c +@@ -1312,7 +1312,7 @@ int main(int argc, char **argv) + close(fd); + + bip.listener = listen_new(conf_ip, conf_port, conf_css); +- if (!bip.listener) ++ if (!bip.listener || bip.listener->connected == CONN_ERROR) + fatal("Could not create listening socket"); + + for (;;) { +diff --git a/src/connection.c b/src/connection.c +index c793e18..cb8d976 100644 +--- a/src/connection.c ++++ b/src/connection.c +@@ -124,6 +124,18 @@ static void connect_trynext(connection_t *cn) + continue; + } + ++ if (cn->handle >= FD_SETSIZE) { ++ mylog(LOG_WARN, "too many fd used, close socket %d", ++ cn->handle); ++ ++ if (close(cn->handle) == -1) ++ mylog(LOG_WARN, "Error on socket close: %s", ++ strerror(errno)); ++ ++ cn->handle = -1; ++ break; ++ } ++ + socket_set_nonblock(cn->handle); + + if (cn->connecting_data->src) { +@@ -789,13 +801,8 @@ list_t *wait_event(list_t *cn_list, int *msec, int *nc) + /* + * This shouldn't happen ! just in case... + */ +- if (cn->handle < 0) { +- mylog(LOG_WARN, "wait_event invalid socket %d", +- cn->handle); +- if (cn_is_connected(cn)) +- cn->connected = CONN_ERROR; +- continue; +- } ++ if (cn->handle < 0 || cn->handle >= FD_SETSIZE) ++ fatal("wait_event invalid socket %d", cn->handle); + + /* exceptions are OOB and disconnections */ + FD_SET(cn->handle, &fds_except); +@@ -966,6 +973,18 @@ static void create_listening_socket(char *hostname, char *port, + continue; + } + ++ if (cn->handle >= FD_SETSIZE) { ++ mylog(LOG_WARN, "too many fd used, close listening socket %d", ++ cn->handle); ++ ++ if (close(cn->handle) == -1) ++ mylog(LOG_WARN, "Error on socket close: %s", ++ strerror(errno)); ++ ++ cn->handle = -1; ++ break; ++ } ++ + if (setsockopt(cn->handle, SOL_SOCKET, SO_REUSEADDR, + (char *)&multi_client, + sizeof(multi_client)) < 0) { +@@ -1113,10 +1132,21 @@ connection_t *accept_new(connection_t *cn) + + mylog(LOG_DEBUG, "Trying to accept new client on %d", cn->handle); + err = accept(cn->handle, &sa, &sa_len); ++ + if (err < 0) { +- mylog(LOG_ERROR, "accept failed: %s", strerror(errno)); ++ fatal("accept failed: %s", strerror(errno)); ++ } ++ ++ if (err >= FD_SETSIZE) { ++ mylog(LOG_WARN, "too many client connected, close %d", err); ++ ++ if (close(err) == -1) ++ mylog(LOG_WARN, "Error on socket close: %s", ++ strerror(errno)); ++ + return NULL; + } ++ + socket_set_nonblock(err); + + conn = connection_init(cn->anti_flood, cn->ssl, cn->timeout, 0); +diff --git a/src/irc.c b/src/irc.c +index 631af6f..0b7726a 100644 +--- a/src/irc.c ++++ b/src/irc.c +@@ -2448,9 +2448,10 @@ void bip_on_event(bip_t *bip, connection_t *conn) + + if (conn == bip->listener) { + struct link_client *n = irc_accept_new(conn); +- assert(n); +- list_add_last(&bip->conn_list, CONN(n)); +- list_add_last(&bip->connecting_client_list, n); ++ if (n) { ++ list_add_last(&bip->conn_list, CONN(n)); ++ list_add_last(&bip->connecting_client_list, n); ++ } + return; + } + +-- +1.7.6.5 + diff --git a/bip-conf.patch b/bip-conf.patch deleted file mode 100644 index ef09db1..0000000 --- a/bip-conf.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- samples/bip.conf.orig 2008-05-15 15:45:04.000000000 +0100 -+++ samples/bip.conf 2008-05-15 15:48:43.000000000 +0100 -@@ -9,7 +9,7 @@ - # be sure to set the password to the value - # specified in the network you want to connect to. - # Port is 6667 by default. --port = 7778; -+#port = 7778; - - # If you set this to true, you'll only be able to connect to bip - # with a SSL capable IRC client. Be sure to generate a certificate -@@ -21,7 +21,7 @@ - #client_side_ssl_pem = "/path/to/pemfile"; - - # Define where the pidfile should be stored. Defaults to /bip.pid --#pid_file="/var/run/bip/bip.pid"; -+pid_file="/var/run/bip/bip.pid"; - - # Uncomment this line to disable logging and backlogging. - #log = false -@@ -37,7 +37,7 @@ - # This is where logs go. Channel and private messages will use that - # configuration value as a prefix, and then log_format to determine - # full log filename. --#log_root = "/var/proxy/logs"; -+log_root = "/var/log/bip"; - - # Uncomment this line to disable bip's internal messages logging. - # This is not recommended, a better option is to reduce log_level. diff --git a/bip-fn-ircd7.patch b/bip-fn-ircd7.patch deleted file mode 100644 index 272cdbb..0000000 --- a/bip-fn-ircd7.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/src/irc.c b/src/irc.c -index 556bf97..a5cc039 100644 ---- a/src/irc.c -+++ b/src/irc.c -@@ -16,6 +16,7 @@ - #include - #include - #include -+#include - #include "util.h" - #include "irc.h" - #include "bip.h" -@@ -206,6 +207,8 @@ static void irc_server_join(struct link_server *s) - WRITE_LINE1(CONN(s), NULL, "JOIN", ci->name); - else - WRITE_LINE2(CONN(s), NULL, "JOIN", ci->name, ci->key); -+ -+ usleep(1000 * JOIN_THROTTLE_MSEC); - } - } - -@@ -944,7 +947,8 @@ static int irc_cli_mode(struct link_client *ic, struct line *line) - - /* This is a wild guess and that sucks. */ - if (!irc_line_elem_equals(line, 0, "MODE") || -- strchr(irc_line_elem(line, 2), 'b') == NULL) -+ (strchr(irc_line_elem(line, 2), 'b') == NULL && -+ strchr(irc_line_elem(line, 2), 'q') == NULL)) - return OK_COPY; - - ++ic->who_count; -diff --git a/src/irc.h b/src/irc.h -index c0c3373..f474b25 100644 ---- a/src/irc.h -+++ b/src/irc.h -@@ -28,6 +28,7 @@ - #define P_SERV "b.i.p" - #define S_PING "BIPPING" - #define P_IRCMASK "-bip!bip@" P_SERV -+#define JOIN_THROTTLE_MSEC 300 - - struct server { - char *host; diff --git a/bip.spec b/bip.spec index 6fa1057..5c9c4a1 100644 --- a/bip.spec +++ b/bip.spec @@ -1,6 +1,6 @@ Name: bip Version: 0.8.8 -Release: 3%{?dist} +Release: 4%{?dist} Summary: IRC Bouncer Group: Applications/Internet License: GPLv2+ @@ -11,8 +11,9 @@ Source0: https://projects.duckcorp.org/attachments/download/20/bip-%{version}.ta # http://bugzilla.redhat.com/show_bug.cgi?id=707294 Source2: bip-tmpfs.conf Source3: bip.service -Patch0: bip-conf.patch -Patch1: bip-fn-ircd7.patch +Patch0: 0001-Setup-bip-for-Fedora-s-paths.patch +Patch1: 0002-Throttle-joins-to-prevent-flooding.patch +Patch2: 0003-Buffer-Overflow-check-against-the-implicit-size-of-s.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -22,6 +23,7 @@ BuildRequires: flex BuildRequires: m4 BuildRequires: openssl-devel BuildRequires: systemd-units +BuildRequires: git Requires(post): systemd-sysv Requires(post): systemd-units Requires(preun): systemd-units @@ -38,8 +40,13 @@ while you were away. %prep %setup -q -%patch0 -p0 -%patch1 -p1 +git init +git config user.email "bip-owner@fedoraproject.org" +git config user.name "Fedora Ninjas" +git add . +git commit -a -q -m "%{version} baseline." +git am %{patches} + iconv -f iso-8859-1 -t utf-8 -o ChangeLog{.utf8,} mv ChangeLog{.utf8,} @@ -119,6 +126,11 @@ fi %{_unitdir}/bip.service %changelog +* Tue Jan 24 2012 Brian C. Lane - 0.8.8-4 +- Upstream patch to fix buffer overflow with too many open fd's (#784301) + https://projects.duckcorp.org/issues/269 +- Switched spec to use git to apply patches + * Thu Jan 12 2012 Fedora Release Engineering - 0.8.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild