40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
From 5dee0365a56dd2cc4cfd0b182bc843b4f32c086c Mon Sep 17 00:00:00 2001
|
|
From: Justin Bronder <jsbronder@gmail.com>
|
|
Date: Mon, 23 Dec 2013 12:40:27 -0500
|
|
Subject: [PATCH] CVE-2013-4319: 2.x root submit fix
|
|
|
|
https://bugs.gentoo.org/show_bug.cgi?id=484320
|
|
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4319\
|
|
---
|
|
src/server/process_request.c | 15 +++++++++++++++
|
|
1 file changed, 15 insertions(+)
|
|
|
|
diff --git a/src/server/process_request.c b/src/server/process_request.c
|
|
index d4a3c92..b06a333 100644
|
|
--- a/src/server/process_request.c
|
|
+++ b/src/server/process_request.c
|
|
@@ -640,6 +640,21 @@ void process_request(
|
|
log_buffer);
|
|
}
|
|
|
|
+ if (svr_conn[sfds].cn_authen != PBS_NET_CONN_FROM_PRIVIL)
|
|
+ {
|
|
+ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",
|
|
+ reqtype_to_txt(request->rq_type),
|
|
+ request->rq_host);
|
|
+
|
|
+ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, id, log_buffer);
|
|
+
|
|
+ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
|
|
+
|
|
+ close_client(sfds);
|
|
+
|
|
+ return;
|
|
+ }
|
|
+
|
|
if (!tfind(svr_conn[sfds].cn_addr, &okclients))
|
|
{
|
|
sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",
|
|
--
|
|
1.8.3.2
|
|
|