Compare commits
12 Commits
bb1c8e4834
...
620d6b4cdf
| Author | SHA1 | Date | |
|---|---|---|---|
|
620d6b4cdf | ||
|
|
7ef8fad0c0 | ||
|
|
58886543b8 | ||
|
|
231f3f4b1d | ||
|
|
0380f77d83 | ||
|
|
40fad8d453 | ||
|
|
9622a2edd8 | ||
|
|
0ee0322e52 | ||
|
|
f7d05320b8 | ||
|
|
96f5fa6f4a | ||
|
|
08d1e70509 | ||
|
|
eb1d37aa7a |
91
CVE-2021-3570.patch
Normal file
91
CVE-2021-3570.patch
Normal file
@ -0,0 +1,91 @@
|
||||
From ce15e4de5926724557e8642ec762a210632f15ca Mon Sep 17 00:00:00 2001
|
||||
From: Richard Cochran <richardcochran@gmail.com>
|
||||
Date: Sat, 17 Apr 2021 15:15:18 -0700
|
||||
Subject: [PATCH] Validate the messageLength field of incoming messages.
|
||||
|
||||
The PTP messageLength field is redundant because the length of a PTP
|
||||
message is precisely determined by the message type and the appended
|
||||
TLVs. The current implementation validates the sizes of both the main
|
||||
message (according to the fixed header length and fixed length by
|
||||
type) and the TLVs (by using the 'L' of the TLV).
|
||||
|
||||
However, when forwarding a message, the messageLength field is used.
|
||||
If a message arrives with a messageLength field larger than the actual
|
||||
message size, the code will read and possibly write data beyond the
|
||||
allocated buffer.
|
||||
|
||||
Fix the issue by validating the field on ingress. This prevents
|
||||
reading and sending data past the message buffer when forwarding a
|
||||
management message or other messages when operating as a transparent
|
||||
clock, and it also prevents a memory corruption in msg_post_recv()
|
||||
after forwarding a management message.
|
||||
|
||||
Reported-by: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
|
||||
---
|
||||
msg.c | 18 ++++++++++++------
|
||||
1 file changed, 12 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/msg.c b/msg.c
|
||||
index d1619d49..5ae8ebbf 100644
|
||||
--- a/msg.c
|
||||
+++ b/msg.c
|
||||
@@ -186,7 +186,7 @@ static int suffix_post_recv(struct ptp_message *msg, int len)
|
||||
{
|
||||
uint8_t *ptr = msg_suffix(msg);
|
||||
struct tlv_extra *extra;
|
||||
- int err;
|
||||
+ int err, suffix_len = 0;
|
||||
|
||||
if (!ptr)
|
||||
return 0;
|
||||
@@ -204,12 +204,14 @@ static int suffix_post_recv(struct ptp_message *msg, int len)
|
||||
tlv_extra_recycle(extra);
|
||||
return -EBADMSG;
|
||||
}
|
||||
+ suffix_len += sizeof(struct TLV);
|
||||
len -= sizeof(struct TLV);
|
||||
ptr += sizeof(struct TLV);
|
||||
if (extra->tlv->length > len) {
|
||||
tlv_extra_recycle(extra);
|
||||
return -EBADMSG;
|
||||
}
|
||||
+ suffix_len += extra->tlv->length;
|
||||
len -= extra->tlv->length;
|
||||
ptr += extra->tlv->length;
|
||||
err = tlv_post_recv(extra);
|
||||
@@ -219,7 +221,7 @@ static int suffix_post_recv(struct ptp_message *msg, int len)
|
||||
}
|
||||
msg_tlv_attach(msg, extra);
|
||||
}
|
||||
- return 0;
|
||||
+ return suffix_len;
|
||||
}
|
||||
|
||||
static void suffix_pre_send(struct ptp_message *msg)
|
||||
@@ -337,7 +339,7 @@ void msg_get(struct ptp_message *m)
|
||||
|
||||
int msg_post_recv(struct ptp_message *m, int cnt)
|
||||
{
|
||||
- int pdulen, type, err;
|
||||
+ int err, pdulen, suffix_len, type;
|
||||
|
||||
if (cnt < sizeof(struct ptp_header))
|
||||
return -EBADMSG;
|
||||
@@ -422,9 +424,13 @@ int msg_post_recv(struct ptp_message *m, int cnt)
|
||||
break;
|
||||
}
|
||||
|
||||
- err = suffix_post_recv(m, cnt - pdulen);
|
||||
- if (err)
|
||||
- return err;
|
||||
+ suffix_len = suffix_post_recv(m, cnt - pdulen);
|
||||
+ if (suffix_len < 0) {
|
||||
+ return suffix_len;
|
||||
+ }
|
||||
+ if (pdulen + suffix_len != m->header.messageLength) {
|
||||
+ return -EBADMSG;
|
||||
+ }
|
||||
|
||||
return 0;
|
||||
}
|
||||
26
CVE-2021-3571.patch
Normal file
26
CVE-2021-3571.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From d61d77e163dbee247819f3d88593ba111577af15 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Fri, 26 Mar 2021 09:57:43 +0100
|
||||
Subject: [PATCH] tc: Fix length of follow-up message of one-step sync.
|
||||
|
||||
Convert the length of the generated follow-up message to network order.
|
||||
This fixes reading and sending of data past the message buffer.
|
||||
|
||||
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
---
|
||||
tc.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tc.c b/tc.c
|
||||
index d9e4853..2e3830c 100644
|
||||
--- a/tc.c
|
||||
+++ b/tc.c
|
||||
@@ -452,7 +452,7 @@ int tc_fwd_sync(struct port *q, struct ptp_message *msg)
|
||||
}
|
||||
fup->header.tsmt = FOLLOW_UP | (msg->header.tsmt & 0xf0);
|
||||
fup->header.ver = msg->header.ver;
|
||||
- fup->header.messageLength = sizeof(struct follow_up_msg);
|
||||
+ fup->header.messageLength = htons(sizeof(struct follow_up_msg));
|
||||
fup->header.domainNumber = msg->header.domainNumber;
|
||||
fup->header.sourcePortIdentity = msg->header.sourcePortIdentity;
|
||||
fup->header.sequenceId = msg->header.sequenceId;
|
||||
36
README.en.md
36
README.en.md
@ -1,36 +0,0 @@
|
||||
# linuxptp
|
||||
|
||||
#### Description
|
||||
{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
|
||||
|
||||
#### Software Architecture
|
||||
Software architecture description
|
||||
|
||||
#### Installation
|
||||
|
||||
1. xxxx
|
||||
2. xxxx
|
||||
3. xxxx
|
||||
|
||||
#### Instructions
|
||||
|
||||
1. xxxx
|
||||
2. xxxx
|
||||
3. xxxx
|
||||
|
||||
#### Contribution
|
||||
|
||||
1. Fork the repository
|
||||
2. Create Feat_xxx branch
|
||||
3. Commit your code
|
||||
4. Create Pull Request
|
||||
|
||||
|
||||
#### Gitee Feature
|
||||
|
||||
1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
|
||||
2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
|
||||
3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
|
||||
4. The most valuable open source project [GVP](https://gitee.com/gvp)
|
||||
5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
|
||||
6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
|
||||
39
README.md
39
README.md
@ -1,39 +0,0 @@
|
||||
# linuxptp
|
||||
|
||||
#### 介绍
|
||||
{**以下是码云平台说明,您可以替换此简介**
|
||||
码云是 OSCHINA 推出的基于 Git 的代码托管平台(同时支持 SVN)。专为开发者提供稳定、高效、安全的云端软件开发协作平台
|
||||
无论是个人、团队、或是企业,都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
|
||||
|
||||
#### 软件架构
|
||||
软件架构说明
|
||||
|
||||
|
||||
#### 安装教程
|
||||
|
||||
1. xxxx
|
||||
2. xxxx
|
||||
3. xxxx
|
||||
|
||||
#### 使用说明
|
||||
|
||||
1. xxxx
|
||||
2. xxxx
|
||||
3. xxxx
|
||||
|
||||
#### 参与贡献
|
||||
|
||||
1. Fork 本仓库
|
||||
2. 新建 Feat_xxx 分支
|
||||
3. 提交代码
|
||||
4. 新建 Pull Request
|
||||
|
||||
|
||||
#### 码云特技
|
||||
|
||||
1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md
|
||||
2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com)
|
||||
3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
|
||||
4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目
|
||||
5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
|
||||
6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
|
||||
35
Remove-bogus-command-line-option.patch
Normal file
35
Remove-bogus-command-line-option.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 1b7a1e2cda1da59cee9aea38009663cdaf278487 Mon Sep 17 00:00:00 2001
|
||||
From: Richard Cochran <richardcochran@gmail.com>
|
||||
Date: Mon, 25 Mar 2019 06:04:40 -0700
|
||||
Subject: [PATCH] ptp4l: Remove bogus command line option.
|
||||
|
||||
Commit c8107c8d ("config: Add a configuration option for TC mode.")
|
||||
added a new TC mode. An early version of the patch series included a
|
||||
new '-t' command line option, but this was dropped considering the
|
||||
fact that long options are always available. IOW the TC user can
|
||||
simply add '--clock_type=P2P_TC' to the command line, making the
|
||||
single dash option redundant.
|
||||
|
||||
This patch fixes the misleading usage message by removing the
|
||||
non-existing option.
|
||||
|
||||
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
|
||||
---
|
||||
ptp4l.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/ptp4l.c b/ptp4l.c
|
||||
index 9ef8169..d53970f 100644
|
||||
--- a/ptp4l.c
|
||||
+++ b/ptp4l.c
|
||||
@@ -59,7 +59,6 @@ static void usage(char *progname)
|
||||
" -p [dev] PTP hardware clock device to use, default auto\n"
|
||||
" (ignored for SOFTWARE/LEGACY HW time stamping)\n"
|
||||
" -s slave only mode (overrides configuration file)\n"
|
||||
- " -t transparent clock\n"
|
||||
" -l [num] set the logging level to 'num'\n"
|
||||
" -m print messages to stdout\n"
|
||||
" -q do not print messages to the syslog\n"
|
||||
--
|
||||
2.27.0
|
||||
|
||||
BIN
linuxptp-2.0.tgz
Normal file
BIN
linuxptp-2.0.tgz
Normal file
Binary file not shown.
97
linuxptp.spec
Normal file
97
linuxptp.spec
Normal file
@ -0,0 +1,97 @@
|
||||
Name: linuxptp
|
||||
Version: 2.0
|
||||
Release: 6
|
||||
Summary: Linuxptp is an implementation of the Precision Time Protocol (PTP)
|
||||
Group: System Environment/Base
|
||||
License: GPLv2+
|
||||
URL: http://linuxptp.sourceforge.net/
|
||||
Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tgz
|
||||
Source1: phc2sys.service
|
||||
Source2: ptp4l.service
|
||||
|
||||
patch0000: CVE-2021-3571.patch
|
||||
Patch0001: CVE-2021-3570.patch
|
||||
# https://github.com/richardcochran/linuxptp/commit/1b7a1e2cda1da59cee9aea38009663cdaf278487
|
||||
Patch0002: Remove-bogus-command-line-option.patch
|
||||
|
||||
BuildRequires: gcc gcc-c++ systemd git net-tools
|
||||
|
||||
|
||||
%description
|
||||
Linuxptp is an implementation of the Precision Time Protocol (PTP) according to
|
||||
IEEE standard 1588 for Linux. The dual design goals are to provide a robust
|
||||
implementation of the standard and to use the most relevant and modern Application
|
||||
Programming Interfaces (API) offered by the Linux kernel. Supporting legacy APIs
|
||||
and other platforms is not a goal.
|
||||
|
||||
|
||||
%package help
|
||||
Summary: Help files for %{name}
|
||||
BuildArch: noarch
|
||||
|
||||
|
||||
%description help
|
||||
Help files for %{name}
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -n %{name}-%{version} -p1
|
||||
|
||||
%build
|
||||
%make_build EXTRA_CFLAGS="$RPM_OPT_FLAGS" \
|
||||
EXTRA_LDFLAGS="$RPM_LD_FLAGS"
|
||||
|
||||
|
||||
%install
|
||||
%makeinstall
|
||||
|
||||
mkdir -p %{buildroot}{%{_sysconfdir}/sysconfig,%{_unitdir}}
|
||||
install -m 644 -p configs/default.cfg %{buildroot}%{_sysconfdir}/ptp4l.conf
|
||||
install -m 644 -p %{SOURCE1} %{SOURCE2} %{buildroot}%{_unitdir}
|
||||
|
||||
echo 'OPTIONS="-f /etc/ptp4l.conf -i eth0"' > \
|
||||
%{buildroot}%{_sysconfdir}/sysconfig/ptp4l
|
||||
echo 'OPTIONS="-a -r"' > %{buildroot}%{_sysconfdir}/sysconfig/phc2sys
|
||||
%post
|
||||
%systemd_post phc2sys.service ptp4l.service
|
||||
|
||||
%preun
|
||||
%systemd_preun phc2sys.service ptp4l.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart phc2sys.service ptp4l.service
|
||||
|
||||
|
||||
%files
|
||||
%doc README.org configs
|
||||
%license COPYING
|
||||
%config(noreplace) %{_sysconfdir}/ptp4l.conf
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/phc2sys
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/ptp4l
|
||||
%{_unitdir}/phc2sys.service
|
||||
%{_unitdir}/ptp4l.service
|
||||
%{_sbindir}/hwstamp_ctl
|
||||
%{_sbindir}/nsm
|
||||
%{_sbindir}/phc2sys
|
||||
%{_sbindir}/phc_ctl
|
||||
%{_sbindir}/pmc
|
||||
%{_sbindir}/ptp4l
|
||||
%{_sbindir}/timemaster
|
||||
|
||||
|
||||
%files help
|
||||
%{_mandir}/man8/*.8*
|
||||
|
||||
%changelog
|
||||
* Tue Jan 30 2024 yaoxin <yao_xin001@hoperun.com> - 2.0-6
|
||||
- Remove bogus command line option
|
||||
|
||||
* Wed Sep 22 2021 yaoxin <yaoxin30@huawei.com> - 2.0-5
|
||||
- Fix CVE-2021-3570
|
||||
|
||||
* Wed Jul 14 2021 houyingchao <houyingchao@huawei.com> - 2.0-4
|
||||
- fix CVE-2021-3571
|
||||
|
||||
* Thu Nov 28 2019 openEuler BuildTeam<buildteam@openeuler.org> 2.0-3
|
||||
- Package Init
|
||||
|
||||
4
linuxptp.yaml
Normal file
4
linuxptp.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
version_control: git
|
||||
src_repo: https://git.code.sf.net/p/linuxptp/code
|
||||
tag_prefix: ^v
|
||||
seperator: .
|
||||
11
phc2sys.service
Normal file
11
phc2sys.service
Normal file
@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=PTP: Synchronize two clocks
|
||||
After=ntpdate.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
EnvironmentFile=-/etc/sysconfig/phc2sys
|
||||
ExecStart=/usr/sbin/phc2sys $OPTIONS
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
10
ptp4l.service
Normal file
10
ptp4l.service
Normal file
@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=PTP: Boundary/Ordinary Clock
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
EnvironmentFile=-/etc/sysconfig/ptp4l
|
||||
ExecStart=/usr/sbin/ptp4l $OPTIONS
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
x
Reference in New Issue
Block a user