diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2018-03-13 10:06:05 +0100 |
|---|---|---|
| committer | Martin Borg <martin.borg@enea.com> | 2018-03-13 10:11:23 +0100 |
| commit | f31a40902561a9ebc7aff7efb3461c4dcd92feaa (patch) | |
| tree | fd0998cd1a8dd435a3109a50b2c9d438abf8ad41 | |
| parent | 7084be4c7f3276f70ff28a60a123d0523c9a1f96 (diff) | |
| download | meta-el-common-f31a40902561a9ebc7aff7efb3461c4dcd92feaa.tar.gz | |
systemd: fix for CVE-2017-15908
Infinite loop in the dns_packet_read_type_window() function
Upstream patch:
https://github.com/systemd/systemd/commit/8aeadf3052a2130b88d5bccf5439890e1034f28d
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
| -rw-r--r-- | recipes-core/systemd/systemd/CVE-2017-15908.patch | 44 | ||||
| -rw-r--r-- | recipes-core/systemd/systemd_%.bbappend | 5 |
2 files changed, 49 insertions, 0 deletions
diff --git a/recipes-core/systemd/systemd/CVE-2017-15908.patch b/recipes-core/systemd/systemd/CVE-2017-15908.patch new file mode 100644 index 0000000..6851243 --- /dev/null +++ b/recipes-core/systemd/systemd/CVE-2017-15908.patch | |||
| @@ -0,0 +1,44 @@ | |||
| 1 | From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> | ||
| 3 | Date: Wed, 25 Oct 2017 11:19:19 +0200 | ||
| 4 | Subject: [PATCH] resolved: fix loop on packets with pseudo dns types | ||
| 5 | |||
| 6 | Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. | ||
| 7 | |||
| 8 | Upstream-Status: Backport | ||
| 9 | CVE: CVE-2017-15908 | ||
| 10 | |||
| 11 | Upstream patch: | ||
| 12 | https://github.com/systemd/systemd/commit/8aeadf3052a2130b88d5bccf5439890e1034f28d | ||
| 13 | |||
| 14 | https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/172535 | ||
| 15 | |||
| 16 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
| 17 | --- | ||
| 18 | src/resolve/resolved-dns-packet.c | 6 +----- | ||
| 19 | 1 file changed, 1 insertion(+), 5 deletions(-) | ||
| 20 | |||
| 21 | diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c | ||
| 22 | index e2f227bfc64..35f4d0689b2 100644 | ||
| 23 | --- a/src/resolve/resolved-dns-packet.c | ||
| 24 | +++ b/src/resolve/resolved-dns-packet.c | ||
| 25 | @@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta | ||
| 26 | |||
| 27 | found = true; | ||
| 28 | |||
| 29 | - while (bitmask) { | ||
| 30 | + for (; bitmask; bit++, bitmask >>= 1) | ||
| 31 | if (bitmap[i] & bitmask) { | ||
| 32 | uint16_t n; | ||
| 33 | |||
| 34 | @@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta | ||
| 35 | if (r < 0) | ||
| 36 | return r; | ||
| 37 | } | ||
| 38 | - | ||
| 39 | - bit++; | ||
| 40 | - bitmask >>= 1; | ||
| 41 | - } | ||
| 42 | } | ||
| 43 | |||
| 44 | if (!found) | ||
diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend new file mode 100644 index 0000000..4fe658a --- /dev/null +++ b/recipes-core/systemd/systemd_%.bbappend | |||
| @@ -0,0 +1,5 @@ | |||
| 1 | # look for files in the layer first | ||
| 2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
| 3 | |||
| 4 | SRC_URI += "file://CVE-2017-15908.patch \ | ||
| 5 | " | ||