| [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 1.28-6-gb5658f4 |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
This is an automated email from git. It was enerated because a ref
change was pushed to the repository "chrony/chrony.git".
The branch, master has been updated
via b5658f4d9c3d024fd93644f58fb0b47c7e0fa78e (commit)
via ad58baa13bcd045e2bc6b9298ea38647f6454b34 (commit)
via c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3 (commit)
via 7712455d9aa33d0db0945effaa07e900b85987b1 (commit)
from a9a5f98406c77dbfd4faa1c209b29992940b056f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b5658f4d9c3d024fd93644f58fb0b47c7e0fa78e
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Jul 31 15:04:12 2013 +0200
Update NEWS
commit ad58baa13bcd045e2bc6b9298ea38647f6454b34
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Jul 31 15:03:27 2013 +0200
Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
Support for the SUBNETS_ACCESSED and CLIENT_ACCESSES commands was
enabled in chronyd, but in chronyc it was always disabled and the
CLIENT_ACCESSES_BY_INDEX command was used instead. As there is no plan
to enable it in the future, remove the support completely.
commit c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Jul 31 15:02:09 2013 +0200
Don't send uninitialized data in command replies
The RPY_SUBNETS_ACCESSED and RPY_CLIENT_ACCESSES command replies can
contain uninitalized data from stack when the client logging is disabled
or a bad subnet is requested. These commands were never used by chronyc
and they require the client to be authenticated since version 1.25.
commit 7712455d9aa33d0db0945effaa07e900b85987b1
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Jul 31 15:01:15 2013 +0200
Fix buffer overflow when processing crafted command packets
When the length of the REQ_SUBNETS_ACCESSED, REQ_CLIENT_ACCESSES
command requests and the RPY_SUBNETS_ACCESSED, RPY_CLIENT_ACCESSES,
RPY_CLIENT_ACCESSES_BY_INDEX, RPY_MANUAL_LIST command replies is
calculated, the number of items stored in the packet is not validated.
A crafted command request/reply can be used to crash the server/client.
Only clients allowed by cmdallow (by default only localhost) can crash
the server.
With chrony versions 1.25 and 1.26 this bug has a smaller security
impact as the server requires the clients to be authenticated in order
to process the subnet and client accesses commands. In 1.27 and 1.28,
however, the invalid calculated length is included also in the
authentication check which may cause another crash.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 14 ++++
candm.h | 29 +--------
client.c | 204 +----------------------------------------------------------
cmdmon.c | 156 ++++++++-------------------------------------
pktlength.c | 38 +++---------
5 files changed, 53 insertions(+), 388 deletions(-)
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.