summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJustin Bronder <jsbronder@gentoo.org>2013-12-23 18:01:37 +0000
committerJustin Bronder <jsbronder@gentoo.org>2013-12-23 18:01:37 +0000
commit62c7626fe01e0af7044c2df8951ce2693f642496 (patch)
treeb22ef9ed637b6b32443e18d2bdb0e3dc5b8b149c /sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch
parentStable for HPPA (bug #475480). (diff)
downloadhistorical-62c7626fe01e0af7044c2df8951ce2693f642496.tar.gz
historical-62c7626fe01e0af7044c2df8951ce2693f642496.tar.bz2
historical-62c7626fe01e0af7044c2df8951ce2693f642496.zip
Add patches for CVE-2013-4319 (#484320).
Package-Manager: portage-2.2.7/cvs/Linux x86_64 Manifest-Sign-Key: 0x4D7043C9
Diffstat (limited to 'sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch')
-rw-r--r--sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch38
1 files changed, 38 insertions, 0 deletions
diff --git a/sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch b/sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch
new file mode 100644
index 000000000000..3614e42721de
--- /dev/null
+++ b/sys-cluster/torque/files/CVE-2013-4319-4.x-root-submit-fix.patch
@@ -0,0 +1,38 @@
+From 6424696d7b160c8a9ad806c4a6b0f77f0d359962 Mon Sep 17 00:00:00 2001
+From: Justin Bronder <jsbronder@gmail.com>
+Date: Mon, 23 Dec 2013 12:48:22 -0500
+Subject: [PATCH] CVE-2013-4319: 4.x root submit fix
+
+https://bugs.gentoo.org/show_bug.cgi?id=484320
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319
+---
+ src/resmom/mom_process_request.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/resmom/mom_process_request.c b/src/resmom/mom_process_request.c
+index 049f63f..813833f 100644
+--- a/src/resmom/mom_process_request.c
++++ b/src/resmom/mom_process_request.c
+@@ -238,6 +238,19 @@ void *mom_process_request(
+ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
+ }
+
++ if (svr_conn[chan->sock].cn_authen != PBS_NET_CONN_FROM_PRIVIL)
++ {
++ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",
++ reqtype_to_txt(request->rq_type),
++ request->rq_host);
++
++ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
++ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
++ mom_close_client(chan->sock);
++ DIS_tcp_cleanup(chan);
++ return NULL;
++ }
++
+ if (!AVL_is_in_tree_no_port_compare(svr_conn[chan->sock].cn_addr, 0, okclients))
+ {
+ sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",
+--
+1.8.3.2
+