summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Andresan <Dan.Andresan@enea.com>2018-10-29 12:01:52 +0100
committerGerrit Code Review <gerrit2@sestogerrit02>2018-10-29 12:01:52 +0100
commitb260ec4a58b3f490dc329c0e0e2cc353263356dd (patch)
treefbf188c2767bc3df3e47f3d7e9c390b2774fe1f7
parent3ca74f08b0a97f4675cbdd07497e8eaaaf05cfb2 (diff)
parent7cfe300faae3259f59ff3e5eaf3c2c743b4cd374 (diff)
downloadmeta-el-common-pyro.tar.gz
Merge "systemd: fix CVE-2017-15908" into pyropyro
-rw-r--r--recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch41
-rw-r--r--recipes-core/systemd/systemd_%.bbappend6
-rw-r--r--recipes-core/systemd/systemd_232.bbappend7
3 files changed, 48 insertions, 6 deletions
diff --git a/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch
new file mode 100644
index 0000000..31bc2b5
--- /dev/null
+++ b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch
@@ -0,0 +1,41 @@
1From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
3Date: Wed, 25 Oct 2017 11:19:19 +0200
4Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
5
6Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
7
8https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
9
10CVE: CVE-2017-15908
11Upstream-Status: Backport [https://launchpadlibrarian.net/342808615/resolved-fix-loop-on-packets-with-pseudo-dns-types.patch]
12
13Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
14---
15 src/resolve/resolved-dns-packet.c | 6 +-----
16 1 file changed, 1 insertion(+), 5 deletions(-)
17
18diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
19index e2f227bfc6..35f4d0689b 100644
20--- a/src/resolve/resolved-dns-packet.c
21+++ b/src/resolve/resolved-dns-packet.c
22@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
23
24 found = true;
25
26- while (bitmask) {
27+ for (; bitmask; bit++, bitmask >>= 1)
28 if (bitmap[i] & bitmask) {
29 uint16_t n;
30
31@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
32 if (r < 0)
33 return r;
34 }
35-
36- bit++;
37- bitmask >>= 1;
38- }
39 }
40
41 if (!found) \ No newline at end of file
diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend
deleted file mode 100644
index e07dbe1..0000000
--- a/recipes-core/systemd/systemd_%.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
1# look for files in the layer first
2FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
3
4SRC_URI += "file://CVE-2017-9445.patch \
5 "
6
diff --git a/recipes-core/systemd/systemd_232.bbappend b/recipes-core/systemd/systemd_232.bbappend
new file mode 100644
index 0000000..699019d
--- /dev/null
+++ b/recipes-core/systemd/systemd_232.bbappend
@@ -0,0 +1,7 @@
1# look for files in the layer first
2FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
3
4SRC_URI += " \
5 file://CVE-2017-9445.patch \
6 file://CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch \
7 "