!20 [sync] PR-18: Fix CVE-2012-6687

From: @openeuler-sync-bot Reviewed-by: @wk333 Signed-off-by: @wk333
2025-01-14 08:20:59 +00:00 · 2025-01-14 08:20:59 +00:00 · 148412e008
commit 148412e008
parent a7f40ff6b8 5660d426ea
2 changed files with 91 additions and 1 deletions
--- a/FCGI-0.78-CVE-2012-6687.patch
+++ b/FCGI-0.78-CVE-2012-6687.patch
@ -0,0 +1,84 @@
+Description: fix CVE-2012-6687 in bundled libfcgi
+Origin: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815840
+Forwarded: https://rt.cpan.org/Ticket/Display.html?id=118405
+
+--- a/os_unix.c
+++ b/os_unix.c
+@@ -36,6 +36,7 @@
+ #include <sys/time.h>
+ #include <sys/un.h>
+ #include <signal.h>
+#include <poll.h>
+ 
+ #ifdef HAVE_NETDB_H
+ #include <netdb.h>
+@@ -97,6 +98,9 @@
+ static int shutdownPending = FALSE;
+ static int shutdownNow = FALSE;
+ 
+static int libfcgiOsClosePollTimeout = 2000;
+static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
+
+ void OS_ShutdownPending()
+ {
+     shutdownPending = TRUE;
+@@ -162,6 +166,16 @@
+     if(libInitialized)
+         return 0;
+ 
+    char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
+    if(libfcgiOsClosePollTimeoutStr) {
+        libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
+    }
+
+    char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
+    if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
+        libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
+    }
+
+     asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
+     if(asyncIoTable == NULL) {
+         errno = ENOMEM;
+@@ -761,19 +775,16 @@
+     {
+         if (shutdown(fd, 1) == 0)
+         {
+-            struct timeval tv;
+-            fd_set rfds;
+            struct pollfd pfd;
+             int rv;
+             char trash[1024];
+ 
+-            FD_ZERO(&rfds);
+            pfd.fd = fd;
+            pfd.events = POLLIN;
+ 
+             do 
+             {
+-                FD_SET(fd, &rfds);
+-                tv.tv_sec = 2;
+-                tv.tv_usec = 0;
+-                rv = select(fd + 1, &rfds, NULL, NULL, &tv);
+                rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
+             }
+             while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
+         }
+@@ -1123,13 +1134,11 @@
+  */
+ static int is_af_unix_keeper(const int fd)
+ {
+-    struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
+-    fd_set read_fds;
+-
+-    FD_ZERO(&read_fds);
+-    FD_SET(fd, &read_fds);
+    struct pollfd pfd;
+    pfd.fd = fd;
+    pfd.events = POLLIN;
+ 
+-    return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
+    return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
+ }
+ 
+ /*
--- a/perl-FCGI.spec
+++ b/perl-FCGI.spec
@ -1,11 +1,12 @@
 Name:           perl-FCGI
 Epoch:          1
 Version:        0.78
-Release:        12
+Release:        13
 Summary:        FastCGI Perl bindings
 License:        OML
 URL:            https://metacpan.org/release/FCGI
 Source0:        https://cpan.metacpan.org/authors/id/E/ET/ETHER/FCGI-%{version}.tar.gz
+Patch0:         FCGI-0.78-CVE-2012-6687.patch
 BuildRequires:  findutils gcc make perl-interpreter perl-devel perl-generators
 BuildRequires:  perl(Config) perl(Cwd) perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:  perl(File::Copy) perl(Getopt::Long) perl(IO::File)
@ -50,6 +51,11 @@ make test
 %doc ChangeLog README

 %changelog
+* Tue Jan 14 2025 wangkai <13474090681@163.com> - 1:0.78-13
+- Fix CVE-2012-6687
+- Introduced environment variable-controlled polling timeouts 
+  for the close and connection-keeping functions in the os_unix.c file.
+
 * Wed Jun 09 2021 zhaoyao<zhaoyao32@huawei.com> - 1:0.78-12
 - %prep no longer patched with git