Mail archive
alpine-aports

[alpine-aports] [PATCH v3.1] main/zeromq: security upgrade - fixes #4295

From: Sergey Lukin <sergej.lukin_at_gmail.com>
Date: Mon, 12 Dec 2016 14:03:55 +0000

CVE-2014-9721
---
 main/zeromq/APKBUILD            |  24 ++-
 main/zeromq/CVE-2014-9721.patch | 416 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 431 insertions(+), 9 deletions(-)
 create mode 100644 main/zeromq/CVE-2014-9721.patch
diff --git a/main/zeromq/APKBUILD b/main/zeromq/APKBUILD
index 6373f45..f43e99a 100644
--- a/main/zeromq/APKBUILD
+++ b/main/zeromq/APKBUILD
_at_@ -1,8 +1,9 @@
 # Contributor: Natanael Copa <ncopa_at_alpinelinux.org>
+# Contributor: Sergey Lukin <sergej.lukin_at_gmail.com>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=zeromq
 pkgver=4.0.5
-pkgrel=0
+pkgrel=1
 pkgdesc="The ZeroMQ messaging library and tools"
 url="http://www.zeromq.org/"
 arch="all"
_at_@ -11,11 +12,13 @@ depends=
 makedepends="util-linux-dev openpgm-dev perl python autoconf automake"
 install=
 subpackages="$pkgname-dev $pkgname-doc libzmq"
-source="http://download.zeromq.org/zeromq-$pkgver.tar.gz"
+source="http://download.zeromq.org/zeromq-$pkgver.tar.gz
+	CVE-2014-9721.patch
+	"
 
-_builddir="$srcdir"/$pkgname-$pkgver
+builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
-	cd "$_builddir"
+	cd "$builddir"
 	for i in $source; do
 		case $i in
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
_at_@ -25,7 +28,7 @@ prepare() {
 }
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
_at_@ -39,7 +42,7 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 	rm -f "$pkgdir"/usr/lib/*.la
 }
_at_@ -50,6 +53,9 @@ libzmq() {
 	mv "$pkgdir"/usr/lib/libzmq.so.* "$subpkgdir"/usr/lib/
 }
 
-md5sums="73c39f5eb01b9d7eaf74a5d899f1d03d  zeromq-4.0.5.tar.gz"
-sha256sums="3bc93c5f67370341428364ce007d448f4bb58a0eaabd0a60697d8086bc43342b  zeromq-4.0.5.tar.gz"
-sha512sums="0d928ed688ed940d460fa8f8d574a9819dccc4e030d735a8c7db71b59287ee50fa741a08249e356c78356b03c2174f2f2699f05aa7dc3d380ed47d8d7bab5408  zeromq-4.0.5.tar.gz"
+md5sums="73c39f5eb01b9d7eaf74a5d899f1d03d  zeromq-4.0.5.tar.gz
+320491e2ef2ab0f3e980a30e25fc2563  CVE-2014-9721.patch"
+sha256sums="3bc93c5f67370341428364ce007d448f4bb58a0eaabd0a60697d8086bc43342b  zeromq-4.0.5.tar.gz
+5cf92b204709e97043ddf9b5ae7ed36bda835c5f9831de02209451589f054427  CVE-2014-9721.patch"
+sha512sums="0d928ed688ed940d460fa8f8d574a9819dccc4e030d735a8c7db71b59287ee50fa741a08249e356c78356b03c2174f2f2699f05aa7dc3d380ed47d8d7bab5408  zeromq-4.0.5.tar.gz
+eefc48fa851059092c09e4e22125e9a25f6da1506624dd4b1417c974f630e798bcd54257214c9fc4de6d2f92fb4a8b78607b6400e8d09c64284b566e3bfc0d98  CVE-2014-9721.patch"
diff --git a/main/zeromq/CVE-2014-9721.patch b/main/zeromq/CVE-2014-9721.patch
new file mode 100644
index 0000000..788ddc7
--- /dev/null
+++ b/main/zeromq/CVE-2014-9721.patch
_at_@ -0,0 +1,416 @@
+https://bugs.alpinelinux.org/issues/4295
+https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51
+http://www.openwall.com/lists/oss-security/2015/05/07/8
+
+
+--- a/src/session_base.cpp
+--- b/src/session_base.cpp
+_at_@ -323,6 +323,14 @@ int zmq::session_base_t::zap_connect ()
+     return 0;
+ }
+ 
++bool zmq::session_base_t::zap_enabled ()
++{
++    return (
++         options.mechanism != ZMQ_NULL ||
++        (options.mechanism == ZMQ_NULL && options.zap_domain.length() > 0)
++    );
++}
++
+ void zmq::session_base_t::process_attach (i_engine *engine_)
+ {
+     zmq_assert (engine_ != NULL);
+
+
+--- a/src/session_base.hpp
+--- b/src/session_base.hpp
+_at_@ -68,7 +68,8 @@ namespace zmq
+         int push_msg (msg_t *msg_);
+ 
+         int zap_connect ();
+-
++        bool zap_enabled ();
++        
+         //  Fetches a message. Returns 0 if successful; -1 otherwise.
+         //  The caller is responsible for freeing the message when no
+         //  longer used.
+
+
+--- a/src/stream_engine.cpp
+--- b/src/stream_engine.cpp
+_at_@ -464,6 +464,11 @@ bool zmq::stream_engine_t::handshake ()
+     //  Is the peer using ZMTP/1.0 with no revision number?
+     //  If so, we send and receive rest of identity message
+     if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) {
++        if (session->zap_enabled ()) {
++            //  Reject ZMTP 1.0 connections if ZAP is enabled
++            error ();
++            return false;
++        }
+         encoder = new (std::nothrow) v1_encoder_t (out_batch_size);
+         alloc_assert (encoder);
+ 
+_at_@ -505,6 +510,11 @@ bool zmq::stream_engine_t::handshake ()
+     }
+     else
+     if (greeting_recv [revision_pos] == ZMTP_1_0) {
++        if (session->zap_enabled ()) {
++            //  Reject ZMTP 1.0 connections if ZAP is enabled
++            error ();
++            return false;
++        }
+         encoder = new (std::nothrow) v1_encoder_t (
+             out_batch_size);
+         alloc_assert (encoder);
+_at_@ -515,6 +525,11 @@ bool zmq::stream_engine_t::handshake ()
+     }
+     else
+     if (greeting_recv [revision_pos] == ZMTP_2_0) {
++        if (session->zap_enabled ()) {
++            //  Reject ZMTP 1.0 connections if ZAP is enabled
++            error ();
++            return false;
++        }
+         encoder = new (std::nothrow) v2_encoder_t (out_batch_size);
+         alloc_assert (encoder);
+ 
+
+
+--- a/tests/test_security_curve.cpp
+--- b/tests/test_security_curve.cpp
+_at_@ -18,12 +18,23 @@
+ */
+ 
+ #include "testutil.hpp"
++#if defined (ZMQ_HAVE_WINDOWS)
++#   include <winsock2.h>
++#   include <ws2tcpip.h>
++#   include <stdexcept>
++#   define close closesocket
++#else
++#   include <sys/socket.h>
++#   include <netinet/in.h>
++#   include <arpa/inet.h>
++#   include <unistd.h>
++#endif
+ 
+ //  We'll generate random test keys at startup
+-static char client_public [40];
+-static char client_secret [40];
+-static char server_public [40];
+-static char server_secret [40];
++static char client_public [41];
++static char client_secret [41];
++static char server_public [41];
++static char server_secret [41];
+ 
+ //  --------------------------------------------------------------------------
+ //  This methods receives and validates ZAP requestes (allowing or denying
+ _at_@ -46,7 +57,7 @@ static void zap_handler (void *handler)
+         int size = zmq_recv (handler, client_key, 32, 0);
+         assert (size == 32);
+ 
+-        char client_key_text [40];
++        char client_key_text [41];
+         zmq_z85_encode (client_key_text, client_key, 32);
+ 
+         assert (streq (version, "1.0"));
+_at_@ -181,8 +192,8 @@ int main (void)
+ 
+     //  Check CURVE security with bogus client credentials
+     //  This must be caught by the ZAP handler
+-    char bogus_public [40];
+-    char bogus_secret [40];
++    char bogus_public [41];
++    char bogus_secret [41];
+     zmq_curve_keypair (bogus_public, bogus_secret);
+ 
+     client = zmq_socket (ctx, ZMQ_DEALER);
+_at_@ -217,7 +228,46 @@ int main (void)
+     assert (rc == 0);
+     expect_bounce_fail (server, client);
+     close_zero_linger (client);
+-    
++
++    // Unauthenticated messages from a vanilla socket shouldn't be received
++    struct sockaddr_in ip4addr;
++    int s;
++
++    ip4addr.sin_family = AF_INET;
++    ip4addr.sin_port = htons (9998);
++    inet_pton (AF_INET, "127.0.0.1", &ip4addr.sin_addr);
++
++    s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
++    rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr));
++    assert (rc > -1);
++    // send anonymous ZMTP/1.0 greeting
++    send (s, "\x01\x00", 2, 0);
++    // send sneaky message that shouldn't be received
++    send (s, "\x08\x00sneaky\0", 9, 0);
++    int timeout = 150;
++    zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));
++    char *buf = s_recv (server);
++    if (buf != NULL) {
++        printf ("Received unauthenticated message: %s\n", buf);
++        assert (buf == NULL);
++    }
++    close (s);
++
++    //  Check return codes for invalid buffer sizes
++    client = zmq_socket (ctx, ZMQ_DEALER);
++    assert (client);
++    errno = 0;
++    rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 123);
++    assert (rc == -1 && errno == EINVAL);
++    errno = 0;
++    rc = zmq_setsockopt (client, ZMQ_CURVE_PUBLICKEY, client_public, 123);
++    assert (rc == -1 && errno == EINVAL);
++    errno = 0;
++    rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, client_secret, 123);
++    assert (rc == -1 && errno == EINVAL);
++    rc = zmq_close (client);
++    assert (rc == 0);
++
+     //  Shutdown
+     rc = zmq_close (server);
+     assert (rc == 0);
+
+
+--- a/tests/test_security_null.cpp
+--- b/tests/test_security_null.cpp
+_at_@ -1,5 +1,5 @@
+ /*
+-    Copyright (c) 2007-2013 Contributors as noted in the AUTHORS file
++    Copyright (c) 2007-2014 Contributors as noted in the AUTHORS file
+ 
+     This file is part of 0MQ.
+ 
+_at_@ -18,6 +18,17 @@
+ */
+ 
+ #include "testutil.hpp"
++#if defined (ZMQ_HAVE_WINDOWS)
++#   include <winsock2.h>
++#   include <ws2tcpip.h>
++#   include <stdexcept>
++#   define close closesocket
++#else
++#   include <sys/socket.h>
++#   include <netinet/in.h>
++#   include <arpa/inet.h>
++#   include <unistd.h>
++#endif
+ 
+ static void
+ zap_handler (void *handler)
+_at_@ -27,6 +38,7 @@ zap_handler (void *handler)
+         char *version = s_recv (handler);
+         if (!version)
+             break;          //  Terminating
++
+         char *sequence = s_recv (handler);
+         char *domain = s_recv (handler);
+         char *address = s_recv (handler);
+_at_@ -57,7 +69,7 @@ zap_handler (void *handler)
+         free (identity);
+         free (mechanism);
+     }
+-    zmq_close (handler);
++    close_zero_linger (handler);
+ }
+ 
+ int main (void)
+_at_@ -76,72 +88,89 @@ int main (void)
+     void *zap_thread = zmq_threadstart (&zap_handler, handler);
+ 
+     //  We bounce between a binding server and a connecting client
++    
++    //  We first test client/server with no ZAP domain
++    //  Libzmq does not call our ZAP handler, the connect must succeed
+     void *server = zmq_socket (ctx, ZMQ_DEALER);
+     assert (server);
+     void *client = zmq_socket (ctx, ZMQ_DEALER);
+     assert (client);
+-    
+-    //  We first test client/server with no ZAP domain
+-    //  Libzmq does not call our ZAP handler, the connect must succeed
+     rc = zmq_bind (server, "tcp://127.0.0.1:9000");
+     assert (rc == 0);
+-    rc = zmq_connect (client, "tcp://localhost:9000");
++    rc = zmq_connect (client, "tcp://127.0.0.1:9000");
+     assert (rc == 0);
+     bounce (server, client);
+-    zmq_unbind (server, "tcp://127.0.0.1:9000");
+-    zmq_disconnect (client, "tcp://localhost:9000");
+-    
++    close_zero_linger (client);
++    close_zero_linger (server);
++
+     //  Now define a ZAP domain for the server; this enables 
+     //  authentication. We're using the wrong domain so this test
+     //  must fail.
+-    //  **************************************************************
+-    //  PH: the following causes libzmq to get confused, so that the
+-    //  next step fails. To reproduce, uncomment this block. Note that
+-    //  even creating a new client/server socket pair, the behaviour
+-    //  does not change.
+-    //  **************************************************************
+-    //  Destroying the old sockets and creating new ones isn't needed,
+-    //  but it shows that the problem isn't related to specific sockets.
+-    //close_zero_linger (client);
+-    //close_zero_linger (server);
+-    //server = zmq_socket (ctx, ZMQ_DEALER);
+-    //assert (server);
+-    //client = zmq_socket (ctx, ZMQ_DEALER);
+-    //assert (client);
+-    ////  The above code should not be required
+-    //rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, "WRONG", 5);
+-    //assert (rc == 0);
+-    //rc = zmq_bind (server, "tcp://127.0.0.1:9001");
+-    //assert (rc == 0);
+-    //rc = zmq_connect (client, "tcp://localhost:9001");
+-    //assert (rc == 0);
+-    //expect_bounce_fail (server, client);
+-    //zmq_unbind (server, "tcp://127.0.0.1:9001");
+-    //zmq_disconnect (client, "tcp://localhost:9001");
+-    
++    server = zmq_socket (ctx, ZMQ_DEALER);
++    assert (server);
++    client = zmq_socket (ctx, ZMQ_DEALER);
++    assert (client);
++    rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, "WRONG", 5);
++    assert (rc == 0);
++    rc = zmq_bind (server, "tcp://127.0.0.1:9001");
++    assert (rc == 0);
++    rc = zmq_connect (client, "tcp://127.0.0.1:9001");
++    assert (rc == 0);
++    expect_bounce_fail (server, client);
++    close_zero_linger (client);
++    close_zero_linger (server);
++
+     //  Now use the right domain, the test must pass
++    server = zmq_socket (ctx, ZMQ_DEALER);
++    assert (server);
++    client = zmq_socket (ctx, ZMQ_DEALER);
++    assert (client);
+     rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, "TEST", 4);
+     assert (rc == 0);
+     rc = zmq_bind (server, "tcp://127.0.0.1:9002");
+     assert (rc == 0);
+-    rc = zmq_connect (client, "tcp://localhost:9002");
++    rc = zmq_connect (client, "tcp://127.0.0.1:9002");
+     assert (rc == 0);
+-    //  **************************************************************
+-    //  PH: it fails here; though the ZAP reply is 200 OK, and
+-    //  null_mechanism.cpp correctly parses that, the connection
+-    //  never succeeds and the test hangs.
+-    //  **************************************************************
+     bounce (server, client);
+-    zmq_unbind (server, "tcp://127.0.0.1:9002");
+-    zmq_disconnect (client, "tcp://localhost:9002");
+-    
+-    //  Shutdown
+     close_zero_linger (client);
+     close_zero_linger (server);
+-    rc = zmq_ctx_term (ctx);
++
++    // Unauthenticated messages from a vanilla socket shouldn't be received
++    server = zmq_socket (ctx, ZMQ_DEALER);
++    assert (server);
++    rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, "WRONG", 5);
+     assert (rc == 0);
++    rc = zmq_bind (server, "tcp://127.0.0.1:9003");
++    assert (rc == 0);
++
++    struct sockaddr_in ip4addr;
++    int s;
++
++    ip4addr.sin_family = AF_INET;
++    ip4addr.sin_port = htons(9003);
++    inet_pton(AF_INET, "127.0.0.1", &ip4addr.sin_addr);
+ 
+-    //  Wait until ZAP handler terminates.
++    s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
++    rc = connect (s, (struct sockaddr*) &ip4addr, sizeof ip4addr);
++    assert (rc > -1);
++    // send anonymous ZMTP/1.0 greeting
++    send (s, "\x01\x00", 2, 0);
++    // send sneaky message that shouldn't be received
++    send (s, "\x08\x00sneaky\0", 9, 0);
++    int timeout = 150;
++    zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));
++    char *buf = s_recv (server);
++    if (buf != NULL) {
++        printf ("Received unauthenticated message: %s\n", buf);
++        assert (buf == NULL);
++    }
++    close (s);
++    close_zero_linger (server);
++
++    //  Shutdown
++    rc = zmq_ctx_term (ctx);
++    assert (rc == 0);
++    //  Wait until ZAP handler terminates
+     zmq_threadclose (zap_thread);
+ 
+     return 0;
+
+
+--- a/tests/test_security_plain.cpp
+--- b/tests/test_security_plain.cpp
+_at_@ -1,5 +1,5 @@
+ /*
+-    Copyright (c) 2007-2013 Contributors as noted in the AUTHORS file
++    Copyright (c) 2007-2014 Contributors as noted in the AUTHORS file
+ 
+     This file is part of 0MQ.
+ 
+_at_@ -18,6 +18,17 @@
+ */
+ 
+ #include "testutil.hpp"
++#if defined (ZMQ_HAVE_WINDOWS)
++#   include <winsock2.h>
++#   include <ws2tcpip.h>
++#   include <stdexcept>
++#   define close closesocket
++#else
++#   include <sys/socket.h>
++#   include <netinet/in.h>
++#   include <arpa/inet.h>
++#   include <unistd.h>
++#endif
+ 
+ static void
+ zap_handler (void *ctx)
+_at_@ -137,6 +148,30 @@ int main (void)
+     expect_bounce_fail (server, client);
+     close_zero_linger (client);
+ 
++    // Unauthenticated messages from a vanilla socket shouldn't be received
++    struct sockaddr_in ip4addr;
++    int s;
++
++    ip4addr.sin_family = AF_INET;
++    ip4addr.sin_port = htons (9998);
++    inet_pton (AF_INET, "127.0.0.1", &ip4addr.sin_addr);
++
++    s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
++    rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr));
++    assert (rc > -1);
++    // send anonymous ZMTP/1.0 greeting
++    send (s, "\x01\x00", 2, 0);
++    // send sneaky message that shouldn't be received
++    send (s, "\x08\x00sneaky\0", 9, 0);
++    int timeout = 150;
++    zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));
++    char *buf = s_recv (server);
++    if (buf != NULL) {
++        printf ("Received unauthenticated message: %s\n", buf);
++        assert (buf == NULL);
++    }
++    close (s);
++
+     //  Shutdown
+     rc = zmq_close (server);
+     assert (rc == 0);
-- 
2.2.1
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Mon Dec 12 2016 - 14:03:55 GMT