[MEDIUM] Patch for iputils CVE-2025-47268 (microsoft#14045)

aninda-al · web-flow · commit 560aff9429e4 · 2025-07-14T10:59:02.000+05:30
diff --git a/SPECS/iputils/CVE-2025-47268.patch b/SPECS/iputils/CVE-2025-47268.patch
@@ -0,0 +1,68 @@
+From a2e2ebea3641884dd436d938451d6c4db583ae28 Mon Sep 17 00:00:00 2001
+From: Aninda <v-anipradhan@microsoft.com>
+Date: Thu, 19 Jun 2025 12:55:39 -0400
+Subject: [PATCH] Address CVE-2025-47268
+Upstream Patch Reference: https://github.com/iputils/iputils/pull/585/commits/b41e4a10ab1f749a9bd149c608213c9704c3147f.patch
+
+---
+ iputils_common.h   |  3 +++
+ ping/ping_common.c | 22 +++++++++++++++++++---
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/iputils_common.h b/iputils_common.h
+index 26e8f7c..d3070cb 100644
+--- a/iputils_common.h
++++ b/iputils_common.h
+@@ -10,6 +10,9 @@
+ 	  !!__builtin_types_compatible_p(__typeof__(arr), \
+ 					 __typeof__(&arr[0]))])) * 0)
+ 
++/* 1000001 = 1000000 tv_sec + 1 tv_usec */
++#define TV_SEC_MAX_VAL (LONG_MAX/1000001)
++
+ #ifdef __GNUC__
+ # define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m)))
+ #else
+diff --git a/ping/ping_common.c b/ping/ping_common.c
+index ba46252..d68b21e 100644
+--- a/ping/ping_common.c
++++ b/ping/ping_common.c
+@@ -734,16 +734,32 @@ int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,
+ 
+ restamp:
+ 		tvsub(tv, &tmp_tv);
+-		triptime = tv->tv_sec * 1000000 + tv->tv_usec;
+-		if (triptime < 0) {
+-			error(0, 0, _("Warning: time of day goes back (%ldus), taking countermeasures"), triptime);
++
++		if (tv->tv_usec >= 1000000) {
++			error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
++			tv->tv_usec = 999999;
++		}
++
++		if (tv->tv_usec < 0) {
++			error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
++			tv->tv_usec = 0;
++		}
++
++		if (tv->tv_sec > TV_SEC_MAX_VAL) {
++			error(0, 0, _("Warning: invalid tv_sec %ld s"), tv->tv_sec);
++			triptime = 0;
++		} else if (tv->tv_sec < 0) {
++			error(0, 0, _("Warning: time of day goes back (%ld s), taking countermeasures"), tv->tv_sec);
+ 			triptime = 0;
+ 			if (!rts->opt_latency) {
+ 				gettimeofday(tv, NULL);
+ 				rts->opt_latency = 1;
+ 				goto restamp;
+ 			}
++		} else {
++			triptime = tv->tv_sec * 1000000 + tv->tv_usec;
+ 		}
++
+ 		if (!csfailed) {
+ 			rts->tsum += triptime;
+ 			rts->tsum2 += (double)((long long)triptime * (long long)triptime);
+-- 
+2.34.1
+
diff --git a/SPECS/iputils/iputils.spec b/SPECS/iputils/iputils.spec
@@ -1,14 +1,15 @@
 Summary:        Programs for basic networking
 Name:           iputils
 Version:        20211215
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD-3 AND GPLv2+ AND Rdisc
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Applications/Communications
 URL:            https://github.com/iputils/iputils
 Source0:        https://github.com/iputils/iputils/archive/20211215.tar.gz#/%{name}-%{version}.tar.gz
 Patch0:         ping_test_ipv6_localhost.patch
+Patch1:         CVE-2025-47268.patch
 BuildRequires:  iproute
 BuildRequires:  libcap-devel
 BuildRequires:  libgcrypt-devel
@@ -67,6 +68,9 @@ mv -f RELNOTES.tmp RELNOTES.old
 %exclude %{_sysconfdir}/init.d/ninfod.sh
 
 %changelog
+* Thu Jun 19 2025 Aninda Pradhan <v-anipradhan@microsoft.com> - 20211215-3
+- Fix CVE-2025-47268 with an upstream patch
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 20211215-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
