This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via e1e94ae75b5cb4835d9a35a7c054db66778a8114 (commit) from 53736cfe67a21848b095746b123119c96b2d5dac (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit e1e94ae75b5cb4835d9a35a7c054db66778a8114 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Apr 30 19:34:58 2022 +0200
minidlna: Addition of patches to fix CVE-2022-26505
- CVE-2022-26505 A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. CVE created on 6th March 2022 - minidlna have created the patches to fix CVE-2022-26505 and have created a git tag for version 1.3.1 but have not provided any 1.3.1 source tarballs. A ticket was raised on 14th March 2022 in the source forge support system asking to "Please publish a tarball for 1.3.1" but there was no reply from the developer so far. - In the NIST National Vulnerability Database it refers to a fix implemented in 1.3.1 but the link to the sourceforge page is only the patches applied for the fix - I used those diff descriptions to create a patch to implement on the existing 1.3.0 version in IPFire and this patch submission applies that fix - Incremented the lfs PAK_VER
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
-----------------------------------------------------------------------
Summary of changes: lfs/minidlna | 3 +- ....0-fix-DNS-rebinding-issue-CVE-2022-26505.patch | 44 ++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 src/patches/minidlna-1.3.0-fix-DNS-rebinding-issue-CVE-2022-26505.patch
Difference in files: diff --git a/lfs/minidlna b/lfs/minidlna index 17cf76339..0fa7aec96 100644 --- a/lfs/minidlna +++ b/lfs/minidlna @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = minidlna -PAK_VER = 8 +PAK_VER = 9
DEPS = ffmpeg flac libexif libid3tag libogg
@@ -84,6 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/minidlna-1.3.0-fix-DNS-rebinding-issue-CVE-2022-26505.patch cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install diff --git a/src/patches/minidlna-1.3.0-fix-DNS-rebinding-issue-CVE-2022-26505.patch b/src/patches/minidlna-1.3.0-fix-DNS-rebinding-issue-CVE-2022-26505.patch new file mode 100644 index 000000000..c28425811 --- /dev/null +++ b/src/patches/minidlna-1.3.0-fix-DNS-rebinding-issue-CVE-2022-26505.patch @@ -0,0 +1,44 @@ +--- minidlna-1.3.0/upnphttp.c.orig 2020-11-24 19:53:50.000000000 +0100 ++++ minidlna-1.3.0/upnphttp.c 2022-04-30 12:59:23.432073807 +0200 +@@ -273,6 +273,11 @@ + p = colon + 1; + while(isspace(*p)) + p++; ++ n = 0; ++ while(p[n] >= ' ') ++ n++; ++ h->req_Host = p; ++ h->req_HostLen = n; + for(n = 0; n < n_lan_addr; n++) + { + for(i = 0; lan_addr[n].str[i]; i++) +@@ -909,6 +914,18 @@ + } + + DPRINTF(E_DEBUG, L_HTTP, "HTTP REQUEST: %.*s\n", h->req_buflen, h->req_buf); ++ if(h->req_Host && h->req_HostLen > 0) { ++ const char *ptr = h->req_Host; ++ DPRINTF(E_MAXDEBUG, L_HTTP, "Host: %.*s\n", h->req_HostLen, h->req_Host); ++ for(i = 0; i < h->req_HostLen; i++) { ++ if(*ptr != ':' && *ptr != '.' && (*ptr > '9' || *ptr < '0')) { ++ DPRINTF(E_ERROR, L_HTTP, "DNS rebinding attack suspected (Host: %.*s)", h->req_HostLen, h->req_Host); ++ Send404(h);/* 403 */ ++ return; ++ } ++ ptr++; ++ } ++ } + if(strcmp("POST", HttpCommand) == 0) + { + h->req_command = EPost; +--- minidlna-1.3.0/upnphttp.h.orig 2020-11-24 19:53:50.000000000 +0100 ++++ minidlna-1.3.0/upnphttp.h 2022-04-30 13:00:22.619152312 +0200 +@@ -89,6 +89,8 @@ + struct client_cache_s * req_client; + const char * req_soapAction; + int req_soapActionLen; ++ const char * req_Host; /* Host: header */ ++ int req_HostLen; + const char * req_Callback; /* For SUBSCRIBE */ + int req_CallbackLen; + const char * req_NT;
hooks/post-receive -- IPFire 2.x development tree