From 7cfe300faae3259f59ff3e5eaf3c2c743b4cd374 Mon Sep 17 00:00:00 2001 From: Dan Andresan Date: Fri, 26 Oct 2018 15:18:53 +0200 Subject: systemd: fix CVE-2017-15908 systemd in the upstream pyro is 232 CVE: CVE-2017-15908 Reference: https://github.com/systemd/systemd/commit/9f939335a07085aa9a9663efd1dca06ef6405d62 Change-Id: Ifb3c138b324fe943c8a80e646c06731420d69ec0 Signed-off-by: Andreas Wellving Signed-off-by: Adrian Mangeac --- ...fix-loop-on-packets-with-pseudo-dns-types.patch | 41 ++++++++++++++++++++++ recipes-core/systemd/systemd_%.bbappend | 6 ---- recipes-core/systemd/systemd_232.bbappend | 7 ++++ 3 files changed, 48 insertions(+), 6 deletions(-) create mode 100644 recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch delete mode 100644 recipes-core/systemd/systemd_%.bbappend create mode 100644 recipes-core/systemd/systemd_232.bbappend diff --git a/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch new file mode 100644 index 0000000..31bc2b5 --- /dev/null +++ b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch @@ -0,0 +1,41 @@ +From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 25 Oct 2017 11:19:19 +0200 +Subject: [PATCH] resolved: fix loop on packets with pseudo dns types + +Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. + +https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 + +CVE: CVE-2017-15908 +Upstream-Status: Backport [https://launchpadlibrarian.net/342808615/resolved-fix-loop-on-packets-with-pseudo-dns-types.patch] + +Signed-off-by: Andreas Wellving +--- + src/resolve/resolved-dns-packet.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index e2f227bfc6..35f4d0689b 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + + found = true; + +- while (bitmask) { ++ for (; bitmask; bit++, bitmask >>= 1) + if (bitmap[i] & bitmask) { + uint16_t n; + +@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + if (r < 0) + return r; + } +- +- bit++; +- bitmask >>= 1; +- } + } + + if (!found) \ No newline at end of file diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend deleted file mode 100644 index e07dbe1..0000000 --- a/recipes-core/systemd/systemd_%.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# look for files in the layer first -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRC_URI += "file://CVE-2017-9445.patch \ - " - diff --git a/recipes-core/systemd/systemd_232.bbappend b/recipes-core/systemd/systemd_232.bbappend new file mode 100644 index 0000000..699019d --- /dev/null +++ b/recipes-core/systemd/systemd_232.bbappend @@ -0,0 +1,7 @@ +# look for files in the layer first +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI += " \ + file://CVE-2017-9445.patch \ + file://CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch \ + " -- cgit v1.2.3-54-g00ecf