Skip to content

[MEDIUM] Patch for iputils CVE-2025-47268 #14045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions SPECS/iputils/CVE-2025-47268.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
From a2e2ebea3641884dd436d938451d6c4db583ae28 Mon Sep 17 00:00:00 2001
From: Aninda <v-anipradhan@microsoft.com>
Date: Thu, 19 Jun 2025 12:55:39 -0400
Subject: [PATCH] Address CVE-2025-47268
Upstream Patch Reference: https://github.com/iputils/iputils/pull/585/commits/b41e4a10ab1f749a9bd149c608213c9704c3147f.patch

---
iputils_common.h | 3 +++
ping/ping_common.c | 22 +++++++++++++++++++---
2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/iputils_common.h b/iputils_common.h
index 26e8f7c..d3070cb 100644
--- a/iputils_common.h
+++ b/iputils_common.h
@@ -10,6 +10,9 @@
!!__builtin_types_compatible_p(__typeof__(arr), \
__typeof__(&arr[0]))])) * 0)

+/* 1000001 = 1000000 tv_sec + 1 tv_usec */
+#define TV_SEC_MAX_VAL (LONG_MAX/1000001)
+
#ifdef __GNUC__
# define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m)))
#else
diff --git a/ping/ping_common.c b/ping/ping_common.c
index ba46252..d68b21e 100644
--- a/ping/ping_common.c
+++ b/ping/ping_common.c
@@ -734,16 +734,32 @@ int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,

restamp:
tvsub(tv, &tmp_tv);
- triptime = tv->tv_sec * 1000000 + tv->tv_usec;
- if (triptime < 0) {
- error(0, 0, _("Warning: time of day goes back (%ldus), taking countermeasures"), triptime);
+
+ if (tv->tv_usec >= 1000000) {
+ error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
+ tv->tv_usec = 999999;
+ }
+
+ if (tv->tv_usec < 0) {
+ error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
+ tv->tv_usec = 0;
+ }
+
+ if (tv->tv_sec > TV_SEC_MAX_VAL) {
+ error(0, 0, _("Warning: invalid tv_sec %ld s"), tv->tv_sec);
+ triptime = 0;
+ } else if (tv->tv_sec < 0) {
+ error(0, 0, _("Warning: time of day goes back (%ld s), taking countermeasures"), tv->tv_sec);
triptime = 0;
if (!rts->opt_latency) {
gettimeofday(tv, NULL);
rts->opt_latency = 1;
goto restamp;
}
+ } else {
+ triptime = tv->tv_sec * 1000000 + tv->tv_usec;
}
+
if (!csfailed) {
rts->tsum += triptime;
rts->tsum2 += (double)((long long)triptime * (long long)triptime);
--
2.34.1

6 changes: 5 additions & 1 deletion SPECS/iputils/iputils.spec
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
Summary: Programs for basic networking
Name: iputils
Version: 20211215
Release: 2%{?dist}
Release: 3%{?dist}
License: BSD-3 AND GPLv2+ AND Rdisc
Vendor: Microsoft Corporation
Distribution: Mariner
Group: Applications/Communications
URL: https://github.com/iputils/iputils
Source0: https://github.com/iputils/iputils/archive/20211215.tar.gz#/%{name}-%{version}.tar.gz
Patch0: ping_test_ipv6_localhost.patch
Patch1: CVE-2025-47268.patch
BuildRequires: iproute
BuildRequires: libcap-devel
BuildRequires: libgcrypt-devel
Expand Down Expand Up @@ -67,6 +68,9 @@ mv -f RELNOTES.tmp RELNOTES.old
%exclude %{_sysconfdir}/init.d/ninfod.sh

%changelog
* Thu Jun 19 2025 Aninda Pradhan <v-anipradhan@microsoft.com> - 20211215-3
- Fix CVE-2025-47268 with an upstream patch

* Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 20211215-2
- Recompile with stack-protection fixed gcc version (CVE-2023-4039)

Expand Down
Loading