diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2018-01-25 23:34:18 +0100 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2018-01-25 23:34:34 +0100 |
| commit | 9a70b58bd58ff19395c55abbf0a2e620a5a56f3a (patch) | |
| tree | 595ca00a5466b7257fc1f8557ffbecd65b42e4fb /app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch | |
| parent | net-mail/mailshears: new revision to update ruby targets. (diff) | |
| download | gentoo-9a70b58bd58ff19395c55abbf0a2e620a5a56f3a.tar.gz gentoo-9a70b58bd58ff19395c55abbf0a2e620a5a56f3a.tar.bz2 gentoo-9a70b58bd58ff19395c55abbf0a2e620a5a56f3a.zip | |
app-admin/collectd: bump, fixes CVE-2017-16820 & #628540
Ebuild changes:
===============
- To address bug 628540, we no longer run collectd in
daemon mode, instead we will run collectd everywhere
in foreground and let the init system handle the PID
file.
- /run/collectd/ (default location for collectd's UNIX socket)
is now maintained using tmpfiles service.
Bug: https://bugs.gentoo.org/628540
Bug: https://bugs.gentoo.org/637538
Package-Manager: Portage-2.3.20, Repoman-2.3.6
Diffstat (limited to 'app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch')
| -rw-r--r-- | app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch b/app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch new file mode 100644 index 000000000000..0090f2940bf6 --- /dev/null +++ b/app-admin/collectd/files/collectd-5.7.2-CVE-2017-16820.patch @@ -0,0 +1,39 @@ +CVE-2017-16820: Fix double free of request PDU + +https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47 + +--- a/src/snmp.c ++++ b/src/snmp.c +@@ -1357,11 +1357,13 @@ static int csnmp_read_table(host_definition_t *host, data_definition_t *data) { + if (oid_list_todo_num == 0) { + /* The request is still empty - so we are finished */ + DEBUG("snmp plugin: all variables have left their subtree"); ++ snmp_free_pdu(req); + status = 0; + break; + } + + res = NULL; ++ /* snmp_sess_synch_response always frees our req PDU */ + status = snmp_sess_synch_response(host->sess_handle, req, &res); + if ((status != STAT_SUCCESS) || (res == NULL)) { + char *errstr = NULL; +@@ -1376,8 +1378,6 @@ static int csnmp_read_table(host_definition_t *host, data_definition_t *data) { + snmp_free_pdu(res); + res = NULL; + +- /* snmp_synch_response already freed our PDU */ +- req = NULL; + sfree(errstr); + csnmp_host_close_session(host); + +@@ -1492,9 +1492,6 @@ static int csnmp_read_table(host_definition_t *host, data_definition_t *data) { + snmp_free_pdu(res); + res = NULL; + +- if (req != NULL) +- snmp_free_pdu(req); +- req = NULL; + + if (status == 0) + csnmp_dispatch_table(host, data, instance_list_head, value_list_head); |