1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From 6424696d7b160c8a9ad806c4a6b0f77f0d359962 Mon Sep 17 00:00:00 2001
From: Justin Bronder <jsbronder@gmail.com>
Date: Mon, 23 Dec 2013 12:48:22 -0500
Subject: [PATCH] CVE-2013-4319: 4.x root submit fix
https://bugs.gentoo.org/show_bug.cgi?id=484320
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319
---
src/resmom/mom_process_request.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/resmom/mom_process_request.c b/src/resmom/mom_process_request.c
index 049f63f..813833f 100644
--- a/src/resmom/mom_process_request.c
+++ b/src/resmom/mom_process_request.c
@@ -238,6 +238,19 @@ void *mom_process_request(
log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
}
+ if (svr_conn[chan->sock].cn_authen != PBS_NET_CONN_FROM_PRIVIL)
+ {
+ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",
+ reqtype_to_txt(request->rq_type),
+ request->rq_host);
+
+ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
+ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
+ mom_close_client(chan->sock);
+ DIS_tcp_cleanup(chan);
+ return NULL;
+ }
+
if (!AVL_is_in_tree_no_port_compare(svr_conn[chan->sock].cn_addr, 0, okclients))
{
sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",
--
1.8.3.2
|
GitWeb
