diff options
author | Dan Andresan <Dan.Andresan@enea.com> | 2018-10-29 12:01:52 +0100 |
---|---|---|
committer | Gerrit Code Review <gerrit2@sestogerrit02> | 2018-10-29 12:01:52 +0100 |
commit | b260ec4a58b3f490dc329c0e0e2cc353263356dd (patch) | |
tree | fbf188c2767bc3df3e47f3d7e9c390b2774fe1f7 | |
parent | 3ca74f08b0a97f4675cbdd07497e8eaaaf05cfb2 (diff) | |
parent | 7cfe300faae3259f59ff3e5eaf3c2c743b4cd374 (diff) | |
download | meta-nfv-access-common-b260ec4a58b3f490dc329c0e0e2cc353263356dd.tar.gz |
Merge "systemd: fix CVE-2017-15908" into pyropyro
3 files changed, 48 insertions, 6 deletions
diff --git a/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch new file mode 100644 index 0000000..31bc2b5 --- /dev/null +++ b/recipes-core/systemd/systemd/CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> | ||
3 | Date: Wed, 25 Oct 2017 11:19:19 +0200 | ||
4 | Subject: [PATCH] resolved: fix loop on packets with pseudo dns types | ||
5 | |||
6 | Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. | ||
7 | |||
8 | https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 | ||
9 | |||
10 | CVE: CVE-2017-15908 | ||
11 | Upstream-Status: Backport [https://launchpadlibrarian.net/342808615/resolved-fix-loop-on-packets-with-pseudo-dns-types.patch] | ||
12 | |||
13 | Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> | ||
14 | --- | ||
15 | src/resolve/resolved-dns-packet.c | 6 +----- | ||
16 | 1 file changed, 1 insertion(+), 5 deletions(-) | ||
17 | |||
18 | diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c | ||
19 | index e2f227bfc6..35f4d0689b 100644 | ||
20 | --- a/src/resolve/resolved-dns-packet.c | ||
21 | +++ b/src/resolve/resolved-dns-packet.c | ||
22 | @@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta | ||
23 | |||
24 | found = true; | ||
25 | |||
26 | - while (bitmask) { | ||
27 | + for (; bitmask; bit++, bitmask >>= 1) | ||
28 | if (bitmap[i] & bitmask) { | ||
29 | uint16_t n; | ||
30 | |||
31 | @@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta | ||
32 | if (r < 0) | ||
33 | return r; | ||
34 | } | ||
35 | - | ||
36 | - bit++; | ||
37 | - bitmask >>= 1; | ||
38 | - } | ||
39 | } | ||
40 | |||
41 | if (!found) \ No newline at end of file | ||
diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend deleted file mode 100644 index e07dbe1..0000000 --- a/recipes-core/systemd/systemd_%.bbappend +++ /dev/null | |||
@@ -1,6 +0,0 @@ | |||
1 | # look for files in the layer first | ||
2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
3 | |||
4 | SRC_URI += "file://CVE-2017-9445.patch \ | ||
5 | " | ||
6 | |||
diff --git a/recipes-core/systemd/systemd_232.bbappend b/recipes-core/systemd/systemd_232.bbappend new file mode 100644 index 0000000..699019d --- /dev/null +++ b/recipes-core/systemd/systemd_232.bbappend | |||
@@ -0,0 +1,7 @@ | |||
1 | # look for files in the layer first | ||
2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
3 | |||
4 | SRC_URI += " \ | ||
5 | file://CVE-2017-9445.patch \ | ||
6 | file://CVE-2017-15908-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch \ | ||
7 | " | ||