[ppp] [pppd] Add CVE-2015-3310.patch. JB#48797

See ppp-project/ppp#86
and https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/ppp

Signed-off-by: Alexey Andreev <a.andreev@omprussia.ru>

rpm/CVE-2015-3310.patch

@@ -0,0 +1,18 @@
+Fix buffer overflow in rc_mksid()
+
+rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string.
+If the process id is bigger than 65535 (FFFF), its hex representation will be
+longer than 4 characters, resulting in a buffer overflow.
+
+The bug can be exploited to cause a remote DoS.
+--- ppp-2.4.7/pppd/plugins/radius/util.c
++++ ppp-2.4.7/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+   static unsigned short int cnt = 0;
+   sprintf (buf, "%08lX%04X%02hX",
+ 	   (unsigned long int) time (NULL),
+-	   (unsigned int) getpid (),
++	   (unsigned int) getpid () & 0xFFFF,
+ 	   cnt & 0xFF);
+   cnt++;
+   return buf;

rpm/ppp.spec

@@ -7,6 +7,7 @@ License:    BSD and GPLv2+ and LGPLv2+ and Public Domain
 URL:        https://ppp.samba.org/
 Source0:    https://download.samba.org/pub/%{name}/%{name}-%{version}.tar.gz
 Patch0:     ppp-destdir.patch
+Patch1:     CVE-2015-3310.patch
 Requires:   openssl-libs
 BuildRequires:  coreutils
 BuildRequires:  sed
@@ -38,6 +39,7 @@ PPP libraries.
 %prep
 %setup -q -n %{name}-%{version}/%{name}
 %patch0 -p1
+%patch1 -p1
 
 %build
 %configure --prefix=/usr