Skip to content

Commit ec0f17e

Browse files
jykanasejykanase
committed
Updated the patch
1 parent 15ffcf5 commit ec0f17e

File tree

1 file changed

+68
-10
lines changed

1 file changed

+68
-10
lines changed

SPECS/iputils/CVE-2025-48964.patch

Lines changed: 68 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,29 @@
1-
From 86b094a7eef8930935d7888d0f4f70c80552c367 Mon Sep 17 00:00:00 2001
1+
From 3d304a13b105ee1772a81e5bbe2a9013c1dd5ad8 Mon Sep 17 00:00:00 2001
22
From: Azure Linux Security Servicing Account
33
<[email protected]>
4-
Date: Tue, 29 Jul 2025 07:05:27 +0000
4+
Date: Tue, 29 Jul 2025 06:55:51 +0000
55
Subject: [PATCH] Fix CVE CVE-2025-48964 in iputils
66

77
Upstream Patch Reference: https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c.patch
88
---
9-
ping/ping.h | 2 +-
10-
ping/ping_common.c | 8 ++++----
11-
2 files changed, 5 insertions(+), 5 deletions(-)
9+
iputils_common.h | 2 ++
10+
ping/ping.h | 2 +-
11+
ping/ping_common.c | 45 +++++++++++++++++++++++++++++++--------------
12+
3 files changed, 34 insertions(+), 15 deletions(-)
1213

14+
diff --git a/iputils_common.h b/iputils_common.h
15+
index 49e790d..d3ba1d9 100644
16+
--- a/iputils_common.h
17+
+++ b/iputils_common.h
18+
@@ -10,6 +10,8 @@
19+
!!__builtin_types_compatible_p(__typeof__(arr), \
20+
__typeof__(&arr[0]))])) * 0)
21+
22+
+#define TV_SEC_MAX_VAL (INT32_MAX/1000001)
23+
+
24+
#ifdef __GNUC__
25+
# define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m)))
26+
#else
1327
diff --git a/ping/ping.h b/ping/ping.h
1428
index a40c8f8..f5a5bb8 100644
1529
--- a/ping/ping.h
@@ -24,7 +38,7 @@ index a40c8f8..f5a5bb8 100644
2438
uint16_t acked;
2539
int pipesize;
2640
diff --git a/ping/ping_common.c b/ping/ping_common.c
27-
index 73da26c..8fe2a1a 100644
41+
index 73da26c..0756c3e 100644
2842
--- a/ping/ping_common.c
2943
+++ b/ping/ping_common.c
3044
@@ -282,7 +282,7 @@ int __schedule_exit(int next)
@@ -36,7 +50,51 @@ index 73da26c..8fe2a1a 100644
3650

3751
rts->interval = (est + rts->rtt_addend + 500) / 1000;
3852
if (rts->uid && rts->interval < MIN_USER_INTERVAL_MS)
39-
@@ -762,7 +762,7 @@ restamp:
53+
@@ -744,16 +744,33 @@ int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,
54+
55+
restamp:
56+
tvsub(tv, &tmp_tv);
57+
- triptime = tv->tv_sec * 1000000 + tv->tv_usec;
58+
- if (triptime < 0) {
59+
- error(0, 0, _("Warning: time of day goes back (%ldus), taking countermeasures"), triptime);
60+
- triptime = 0;
61+
- if (!rts->opt_latency) {
62+
- gettimeofday(tv, NULL);
63+
- rts->opt_latency = 1;
64+
- goto restamp;
65+
- }
66+
- }
67+
+
68+
+ if (tv->tv_usec >= 1000000) {
69+
+ error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
70+
+ tv->tv_usec = 999999;
71+
+ }
72+
+
73+
+ if (tv->tv_usec < 0) {
74+
+ error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
75+
+ tv->tv_usec = 0;
76+
+ }
77+
+
78+
+ if (tv->tv_sec > TV_SEC_MAX_VAL) {
79+
+ error(0, 0, _("Warning: invalid tv_sec %ld s"), tv->tv_sec);
80+
+ triptime = 0;
81+
+ } else if (tv->tv_sec < 0) {
82+
+ error(0, 0, _("Warning: time of day goes back (%ld s), taking countermeasures"), tv->tv_sec);
83+
+ triptime = 0;
84+
+ if (!rts->opt_latency) {
85+
+ gettimeofday(tv, NULL);
86+
+ rts->opt_latency = 1;
87+
+ goto restamp;
88+
+ }
89+
+ } else {
90+
+ triptime = tv->tv_sec * 1000000 + tv->tv_usec;
91+
+ }
92+
+
93+
+
94+
if (!csfailed) {
95+
rts->tsum += triptime;
96+
rts->tsum2 += (double)((long long)triptime * (long long)triptime);
97+
@@ -762,7 +779,7 @@ restamp:
4098
if (triptime > rts->tmax)
4199
rts->tmax = triptime;
42100
if (!rts->rtt)
@@ -45,7 +103,7 @@ index 73da26c..8fe2a1a 100644
45103
else
46104
rts->rtt += triptime - rts->rtt / 8;
47105
if (rts->opt_adaptive)
48-
@@ -932,7 +932,7 @@ int finish(struct ping_rts *rts)
106+
@@ -932,7 +949,7 @@ int finish(struct ping_rts *rts)
49107
int ipg = (1000000 * (long long)tv.tv_sec + tv.tv_nsec / 1000) / (rts->ntransmitted - 1);
50108

51109
printf(_("%sipg/ewma %d.%03d/%d.%03d ms"),
@@ -54,7 +112,7 @@ index 73da26c..8fe2a1a 100644
54112
}
55113
putchar('\n');
56114
return (!rts->nreceived || (rts->deadline && rts->nreceived < rts->npackets));
57-
@@ -957,7 +957,7 @@ void status(struct ping_rts *rts)
115+
@@ -957,7 +974,7 @@ void status(struct ping_rts *rts)
58116
fprintf(stderr, _(", min/avg/ewma/max = %ld.%03ld/%lu.%03ld/%d.%03d/%ld.%03ld ms"),
59117
(long)rts->tmin / 1000, (long)rts->tmin % 1000,
60118
tavg / 1000, tavg % 1000,
@@ -64,5 +122,5 @@ index 73da26c..8fe2a1a 100644
64122
fprintf(stderr, "\n");
65123
}
66124
--
67-
2.45.4
125+
2.45.2
68126

0 commit comments

Comments
 (0)