Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 652734 - <net-libs/gsoap-2.8.53 - infinite loop on malformed DIME protocol messages
Summary: <net-libs/gsoap-2.8.53 - infinite loop on malformed DIME protocol messages
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-07 12:52 UTC by Jeroen Roovers (RETIRED)
Modified: 2018-11-24 22:35 UTC (History)
2 users (show)

See Also:
Package list:
=net-libs/gsoap-2.8.63
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2018-04-07 12:52:21 UTC 
"
This patch addresses a critical issue with the DIME protocol receiver that may cause the receiver to become unresponsive when a malformed DIME protocol message is received.

Download gSOAP 2.8.53 or greater. Or alternatively, patch stdsoap2.c and stdsoap2.cpp function soap_getdimehdr by removing the following line that returns SOAP_OK
"

I cannot find a CVE for this issue.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-18 11:31:53 UTC 
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2018-10-19 07:45:48 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Comment 3 Larry the Git Cow gentoo-dev 2018-10-21 12:56:01 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8c89629974ddf0fd9acee9909891f5e9315414b

commit c8c89629974ddf0fd9acee9909891f5e9315414b
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-10-21 12:54:22 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-10-21 12:55:45 +0000

    net-libs/gsoap: Security cleanup.
    
    Bug: https://bugs.gentoo.org/652734
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-libs/gsoap/Manifest                            |   1 -
 .../gsoap/files/gsoap-2.7.40-shared_libs.patch     | 146 ---------------------
 .../gsoap-2.8.51-libressl-2.6-compatibility.patch  |  38 ------
 net-libs/gsoap/gsoap-2.8.51.ebuild                 |  85 ------------
 4 files changed, 270 deletions(-)
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2018-11-24 22:35:58 UTC 
tree is clean....