From owner-dev-commits-ports-main@freebsd.org  Wed Sep  8 22:08:56 2021
Return-Path: <owner-dev-commits-ports-main@freebsd.org>
Delivered-To: dev-commits-ports-main@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id E0915662FEE;
 Wed,  8 Sep 2021 22:08:56 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4H4brS4tbtz51vC;
 Wed,  8 Sep 2021 22:08:56 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 88B1D5E20;
 Wed,  8 Sep 2021 22:08:56 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 188M8ubC016711;
 Wed, 8 Sep 2021 22:08:56 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 188M8uFQ016710;
 Wed, 8 Sep 2021 22:08:56 GMT (envelope-from git)
Date: Wed, 8 Sep 2021 22:08:56 GMT
Message-Id: <202109082208.188M8uFQ016710@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
 dev-commits-ports-main@FreeBSD.org
From: Eugene Grosbein <eugen@FreeBSD.org>
Subject: git: 1f6fcc264e1d - main - net/mpd5: fix PPPoE Server remotely
 exploitable crash
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: eugen
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 1f6fcc264e1dfc53f5cd42cad335e5375abe080d
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-ports-main@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commits to the main branch of the FreeBSD ports repository
 <dev-commits-ports-main.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-ports-main>, 
 <mailto:dev-commits-ports-main-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-ports-main/>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Help: <mailto:dev-commits-ports-main-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-ports-main>, 
 <mailto:dev-commits-ports-main-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2021 22:08:57 -0000

The branch main has been updated by eugen:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1f6fcc264e1dfc53f5cd42cad335e5375abe080d

commit 1f6fcc264e1dfc53f5cd42cad335e5375abe080d
Author:     Eugene Grosbein <eugen@FreeBSD.org>
AuthorDate: 2021-09-08 22:04:31 +0000
Commit:     Eugene Grosbein <eugen@FreeBSD.org>
CommitDate: 2021-09-08 22:07:53 +0000

    net/mpd5: fix PPPoE Server remotely exploitable crash
    
    This is security fix for PPPoE servers.
    
    Insufficient validation of incoming PPPoE Discovery request
    specially crafted by unauthenticated user might lead to unexpected
    termination of the process. The problem affects mpd versions since 5.0.
    Installations not using PPPoE server configuration were not affected.
    
    Reported by:    paul & Yannick C at SourceForge
    Tested by:      paul & Yannick C at SourceForge
    Security:       f55921aa-10c9-11ec-8647-00e0670f2660
---
 net/mpd5/Makefile            |  2 +-
 net/mpd5/files/patch-pppoe.c | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/net/mpd5/Makefile b/net/mpd5/Makefile
index 1955acfe1817..81fc894b519b 100644
--- a/net/mpd5/Makefile
+++ b/net/mpd5/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	mpd
 DISTVERSION=	5.9
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net
 MASTER_SITES=	SF/${PORTNAME}/Mpd5/Mpd-${PORTVERSION}
 PKGNAMESUFFIX=	5
diff --git a/net/mpd5/files/patch-pppoe.c b/net/mpd5/files/patch-pppoe.c
new file mode 100644
index 000000000000..ccc3e117df6a
--- /dev/null
+++ b/net/mpd5/files/patch-pppoe.c
@@ -0,0 +1,34 @@
+Index: src/pppoe.c
+===================================================================
+--- src/pppoe.c	(revision 2420)
++++ src/pppoe.c	(revision 2423)
+@@ -1257,6 +1257,8 @@ PppoeListenEvent(int type, void *arg)
+ 	const struct pppoe_hdr	*ph;
+ 	const struct pppoe_tag  *tag;
+ 
++	u_int16_t		length;
++
+ 	union {
+ 	    u_char buf[sizeof(struct ngpppoe_init_data) + MAX_SESSION];
+ 	    struct ngpppoe_init_data poeid;
+@@ -1288,6 +1290,20 @@ PppoeListenEvent(int type, void *arg)
+ 
+ 	wh = (struct pppoe_full_hdr *)response;
+ 	ph = &wh->ph;
++
++	/* Sanity check */
++	length = ntohs(ph->length);
++	if (length > (size_t)sz - sizeof(struct pppoe_full_hdr)) {
++		Log(LG_PHYS, ("Ignored incoming PPPoE connection request "
++		    "via %s for service \"%s\" from %s "
++		    "due to bad length %hu > %u",
++		    PIf->ifnodepath, session,
++		    ether_ntoa((const struct ether_addr *)&wh->eh.ether_shost),
++		    length,
++		    (unsigned)((size_t)sz - sizeof(struct pppoe_full_hdr))));
++		return;
++	}
++
+ 	if ((tag = get_tag(ph, PTT_SRV_NAME))) {
+ 	    size_t len = ntohs(tag->tag_len);
+ 	    if (len >= sizeof(real_session))