|
| 1 | +From d1a8aa1f92fb0dc626387c53482dc2930394caea Mon Sep 17 00:00:00 2001 |
| 2 | +From: Azure Linux Security Servicing Account |
| 3 | + |
| 4 | +Date: Tue, 29 Jul 2025 07:00:45 +0000 |
| 5 | +Subject: [PATCH] Fix CVE CVE-2025-48964 in iputils |
| 6 | + |
| 7 | +Upstream Patch Reference: https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c.patch |
| 8 | +--- |
| 9 | + iputils_common.h | 2 +- |
| 10 | + ping/ping.h | 2 +- |
| 11 | + ping/ping_common.c | 8 ++++---- |
| 12 | + 3 files changed, 6 insertions(+), 6 deletions(-) |
| 13 | + |
| 14 | +diff --git a/iputils_common.h b/iputils_common.h |
| 15 | +index d3070cb..3ccfb5d 100644 |
| 16 | +--- a/iputils_common.h |
| 17 | ++++ b/iputils_common.h |
| 18 | +@@ -11,7 +11,7 @@ |
| 19 | + __typeof__(&arr[0]))])) * 0) |
| 20 | + |
| 21 | + /* 1000001 = 1000000 tv_sec + 1 tv_usec */ |
| 22 | +-#define TV_SEC_MAX_VAL (LONG_MAX/1000001) |
| 23 | ++#define TV_SEC_MAX_VAL (INT32_MAX/1000001) |
| 24 | + |
| 25 | + #ifdef __GNUC__ |
| 26 | + # define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m))) |
| 27 | +diff --git a/ping/ping.h b/ping/ping.h |
| 28 | +index 007ae28..c71d94e 100644 |
| 29 | +--- a/ping/ping.h |
| 30 | ++++ b/ping/ping.h |
| 31 | +@@ -180,7 +180,7 @@ struct ping_rts { |
| 32 | + long tmax; /* maximum round trip time */ |
| 33 | + double tsum; /* sum of all times, for doing average */ |
| 34 | + double tsum2; |
| 35 | +- int rtt; |
| 36 | ++ uint64_t rtt; /* Exponential weight moving average calculated in fixed point */ |
| 37 | + int rtt_addend; |
| 38 | + uint16_t acked; |
| 39 | + int pipesize; |
| 40 | +diff --git a/ping/ping_common.c b/ping/ping_common.c |
| 41 | +index d68b21e..cb581b4 100644 |
| 42 | +--- a/ping/ping_common.c |
| 43 | ++++ b/ping/ping_common.c |
| 44 | +@@ -273,7 +273,7 @@ int __schedule_exit(int next) |
| 45 | + |
| 46 | + static inline void update_interval(struct ping_rts *rts) |
| 47 | + { |
| 48 | +- int est = rts->rtt ? rts->rtt / 8 : rts->interval * 1000; |
| 49 | ++ int est = rts->rtt ? (int)(rts->rtt / 8) : rts->interval * 1000; |
| 50 | + |
| 51 | + rts->interval = (est + rts->rtt_addend + 500) / 1000; |
| 52 | + if (rts->uid && rts->interval < MINUSERINTERVAL) |
| 53 | +@@ -768,7 +768,7 @@ restamp: |
| 54 | + if (triptime > rts->tmax) |
| 55 | + rts->tmax = triptime; |
| 56 | + if (!rts->rtt) |
| 57 | +- rts->rtt = triptime * 8; |
| 58 | ++ rts->rtt = ((uint64_t)triptime) * 8; |
| 59 | + else |
| 60 | + rts->rtt += triptime - rts->rtt / 8; |
| 61 | + if (rts->opt_adaptive) |
| 62 | +@@ -935,7 +935,7 @@ int finish(struct ping_rts *rts) |
| 63 | + int ipg = (1000000 * (long long)tv.tv_sec + tv.tv_nsec / 1000) / (rts->ntransmitted - 1); |
| 64 | + |
| 65 | + printf(_("%sipg/ewma %d.%03d/%d.%03d ms"), |
| 66 | +- comma, ipg / 1000, ipg % 1000, rts->rtt / 8000, (rts->rtt / 8) % 1000); |
| 67 | ++ comma, ipg / 1000, ipg % 1000, (int)(rts->rtt / 8000), (int)((rts->rtt / 8) % 1000)); |
| 68 | + } |
| 69 | + putchar('\n'); |
| 70 | + return (!rts->nreceived || (rts->deadline && rts->nreceived < rts->npackets)); |
| 71 | +@@ -960,7 +960,7 @@ void status(struct ping_rts *rts) |
| 72 | + fprintf(stderr, _(", min/avg/ewma/max = %ld.%03ld/%lu.%03ld/%d.%03d/%ld.%03ld ms"), |
| 73 | + (long)rts->tmin / 1000, (long)rts->tmin % 1000, |
| 74 | + tavg / 1000, tavg % 1000, |
| 75 | +- rts->rtt / 8000, (rts->rtt / 8) % 1000, (long)rts->tmax / 1000, (long)rts->tmax % 1000); |
| 76 | ++ (int)(rts->rtt / 8000), (int)((rts->rtt / 8) % 1000), (long)rts->tmax / 1000, (long)rts->tmax % 1000); |
| 77 | + } |
| 78 | + fprintf(stderr, "\n"); |
| 79 | + } |
| 80 | +-- |
| 81 | +2.45.4 |
| 82 | + |
0 commit comments