rpms / fish

Clone
Source Code
GIT

Blame fish-upstream-CVE-2014-2914.patch

c10s-sig-cloud-openstack-epoxy c8s-sig-hyperscale c9s-sig-hyperscale
  1.   16cec3d48d0eaed719c15b0d95e8d92a4486b50f
  2.   fish-upstream-CVE-2014-2914.patch
Blob History Raw
Andy Lutomirski fbcf04 
From 10642a34f17ae45bd93be3ae6021ee920d3da0c2 Mon Sep 17 00:00:00 2001
Andy Lutomirski fbcf04 
Message-Id: <10642a34f17ae45bd93be3ae6021ee920d3da0c2.1398707555.git.luto@amacapital.net>
Andy Lutomirski fbcf04 
In-Reply-To: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398707555.git.luto@amacapital.net>
Andy Lutomirski fbcf04 
References: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398707555.git.luto@amacapital.net>
Andy Lutomirski fbcf04 
From: Anders Bergh <anders1@gmail.com>
Andy Lutomirski fbcf04 
Date: Tue, 4 Mar 2014 09:59:26 +0100
Andy Lutomirski fbcf04 
Subject: [PATCH 2/4] fish_config: Listen on both IPv6 and IPv4.
Andy Lutomirski fbcf04
Andy Lutomirski fbcf04 
A subclass of TCPServer was created to deny any non-local connections and to
Andy Lutomirski fbcf04 
listen using an IPv6 socket.
Andy Lutomirski fbcf04 
---
Andy Lutomirski fbcf04 
 share/tools/web_config/webconfig.py | 12 +++++++++++-
Andy Lutomirski fbcf04 
 1 file changed, 11 insertions(+), 1 deletion(-)
Andy Lutomirski fbcf04
Andy Lutomirski fbcf04 
diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
Andy Lutomirski fbcf04 
index f735a02..1b9250b 100755
Andy Lutomirski fbcf04 
--- a/share/tools/web_config/webconfig.py
Andy Lutomirski fbcf04 
+++ b/share/tools/web_config/webconfig.py
Andy Lutomirski fbcf04 
@@ -250,6 +250,16 @@ class FishVar:
Andy Lutomirski fbcf04 
         if self.exported: flags.append('exported')
Andy Lutomirski fbcf04 
         return [self.name, self.value, ', '.join(flags)]
Andy Lutomirski fbcf04
Andy Lutomirski fbcf04 
+class FishConfigTCPServer(SocketServer.TCPServer):
Andy Lutomirski fbcf04 
+    """TCPServer that only accepts connections from localhost (IPv4/IPv6)."""
Andy Lutomirski fbcf04 
+    WHITELIST = set(['::1', '::ffff:127.0.0.1', '127.0.0.1'])
Andy Lutomirski fbcf04 
+
Andy Lutomirski fbcf04 
+    address_family = socket.AF_INET6
Andy Lutomirski fbcf04 
+
Andy Lutomirski fbcf04 
+    def verify_request(self, request, client_address):
Andy Lutomirski fbcf04 
+        return client_address[0] in FishConfigTCPServer.WHITELIST
Andy Lutomirski fbcf04 
+
Andy Lutomirski fbcf04 
+
Andy Lutomirski fbcf04 
 class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
Andy Lutomirski fbcf04
Andy Lutomirski fbcf04 
     def write_to_wfile(self, txt):
Andy Lutomirski fbcf04 
@@ -613,7 +623,7 @@ PORT = 8000
Andy Lutomirski fbcf04 
 while PORT <= 9000:
Andy Lutomirski fbcf04 
     try:
Andy Lutomirski fbcf04 
         Handler = FishConfigHTTPRequestHandler
Andy Lutomirski fbcf04 
-        httpd = SocketServer.TCPServer(("", PORT), Handler)
Andy Lutomirski fbcf04 
+        httpd = FishConfigTCPServer(("::", PORT), Handler)
Andy Lutomirski fbcf04 
         # Success
Andy Lutomirski fbcf04 
         break
Andy Lutomirski fbcf04 
     except socket.error:
Andy Lutomirski fbcf04 
--
Andy Lutomirski fbcf04 
1.9.0
Andy Lutomirski fbcf04

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation