Updated the patch

jykanase · jykanase · commit e04880791e90 · 2025-08-01T06:52:42.000Z
diff --git a/SPECS/iputils/CVE-2025-48964.patch b/SPECS/iputils/CVE-2025-48964.patch
@@ -1,15 +1,29 @@
-From 86b094a7eef8930935d7888d0f4f70c80552c367 Mon Sep 17 00:00:00 2001
+From 3d304a13b105ee1772a81e5bbe2a9013c1dd5ad8 Mon Sep 17 00:00:00 2001
 From: Azure Linux Security Servicing Account
  <azurelinux-security@microsoft.com>
-Date: Tue, 29 Jul 2025 07:05:27 +0000
+Date: Tue, 29 Jul 2025 06:55:51 +0000
 Subject: [PATCH] Fix CVE CVE-2025-48964 in iputils
 
 Upstream Patch Reference: https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c.patch
 ---
- ping/ping.h        | 2 +-
- ping/ping_common.c | 8 ++++----
- 2 files changed, 5 insertions(+), 5 deletions(-)
+ iputils_common.h   |  2 ++
+ ping/ping.h        |  2 +-
+ ping/ping_common.c | 45 +++++++++++++++++++++++++++++++--------------
+ 3 files changed, 34 insertions(+), 15 deletions(-)
 
+diff --git a/iputils_common.h b/iputils_common.h
+index 49e790d..d3ba1d9 100644
+--- a/iputils_common.h
++++ b/iputils_common.h
+@@ -10,6 +10,8 @@
+ 	  !!__builtin_types_compatible_p(__typeof__(arr), \
+ 					 __typeof__(&arr[0]))])) * 0)
+ 
++#define TV_SEC_MAX_VAL (INT32_MAX/1000001)
++
+ #ifdef __GNUC__
+ # define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m)))
+ #else
 diff --git a/ping/ping.h b/ping/ping.h
 index a40c8f8..f5a5bb8 100644
 --- a/ping/ping.h
@@ -24,7 +38,7 @@ index a40c8f8..f5a5bb8 100644
  	uint16_t acked;
  	int pipesize;
 diff --git a/ping/ping_common.c b/ping/ping_common.c
-index 73da26c..8fe2a1a 100644
+index 73da26c..0756c3e 100644
 --- a/ping/ping_common.c
 +++ b/ping/ping_common.c
 @@ -282,7 +282,7 @@ int __schedule_exit(int next)
@@ -36,7 +50,51 @@ index 73da26c..8fe2a1a 100644
  
  	rts->interval = (est + rts->rtt_addend + 500) / 1000;
  	if (rts->uid && rts->interval < MIN_USER_INTERVAL_MS)
-@@ -762,7 +762,7 @@ restamp:
+@@ -744,16 +744,33 @@ int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,
+ 
+ restamp:
+ 		tvsub(tv, &tmp_tv);
+-		triptime = tv->tv_sec * 1000000 + tv->tv_usec;
+-		if (triptime < 0) {
+-			error(0, 0, _("Warning: time of day goes back (%ldus), taking countermeasures"), triptime);
+-			triptime = 0;
+-			if (!rts->opt_latency) {
+-				gettimeofday(tv, NULL);
+-				rts->opt_latency = 1;
+-				goto restamp;
+-			}
+-		}
++
++		if (tv->tv_usec >= 1000000) {
++                        error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
++                        tv->tv_usec = 999999;
++                }
++
++                if (tv->tv_usec < 0) {
++                        error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
++                        tv->tv_usec = 0;
++                }
++
++                if (tv->tv_sec > TV_SEC_MAX_VAL) {
++                        error(0, 0, _("Warning: invalid tv_sec %ld s"), tv->tv_sec);
++                        triptime = 0;
++                } else if (tv->tv_sec < 0) {
++                        error(0, 0, _("Warning: time of day goes back (%ld s), taking countermeasures"), tv->tv_sec);
++                        triptime = 0;
++                        if (!rts->opt_latency) {
++                                gettimeofday(tv, NULL);
++                                rts->opt_latency = 1;
++                                goto restamp;
++                        }
++                } else {
++                        triptime = tv->tv_sec * 1000000 + tv->tv_usec;
++                }
++
++
+ 		if (!csfailed) {
+ 			rts->tsum += triptime;
+ 			rts->tsum2 += (double)((long long)triptime * (long long)triptime);
+@@ -762,7 +779,7 @@ restamp:
  			if (triptime > rts->tmax)
  				rts->tmax = triptime;
  			if (!rts->rtt)
@@ -45,7 +103,7 @@ index 73da26c..8fe2a1a 100644
  			else
  				rts->rtt += triptime - rts->rtt / 8;
  			if (rts->opt_adaptive)
-@@ -932,7 +932,7 @@ int finish(struct ping_rts *rts)
+@@ -932,7 +949,7 @@ int finish(struct ping_rts *rts)
  		int ipg = (1000000 * (long long)tv.tv_sec + tv.tv_nsec / 1000) / (rts->ntransmitted - 1);
  
  		printf(_("%sipg/ewma %d.%03d/%d.%03d ms"),
@@ -54,7 +112,7 @@ index 73da26c..8fe2a1a 100644
  	}
  	putchar('\n');
  	return (!rts->nreceived || (rts->deadline && rts->nreceived < rts->npackets));
-@@ -957,7 +957,7 @@ void status(struct ping_rts *rts)
+@@ -957,7 +974,7 @@ void status(struct ping_rts *rts)
  		fprintf(stderr, _(", min/avg/ewma/max = %ld.%03ld/%lu.%03ld/%d.%03d/%ld.%03ld ms"),
  			(long)rts->tmin / 1000, (long)rts->tmin % 1000,
  			tavg / 1000, tavg % 1000,
@@ -64,5 +122,5 @@ index 73da26c..8fe2a1a 100644
  	fprintf(stderr, "\n");
  }
 -- 
-2.45.4
+2.45.2
 
