From f31a40902561a9ebc7aff7efb3461c4dcd92feaa Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Tue, 13 Mar 2018 10:06:05 +0100
Subject: systemd: fix for CVE-2017-15908

Infinite loop in the dns_packet_read_type_window() function

Upstream patch:
https://github.com/systemd/systemd/commit/8aeadf3052a2130b88d5bccf5439890e1034f28d

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
---
 recipes-core/systemd/systemd/CVE-2017-15908.patch | 44 +++++++++++++++++++++++
 recipes-core/systemd/systemd_%.bbappend           |  5 +++
 2 files changed, 49 insertions(+)
 create mode 100644 recipes-core/systemd/systemd/CVE-2017-15908.patch
 create mode 100644 recipes-core/systemd/systemd_%.bbappend

(limited to 'recipes-core')

diff --git a/recipes-core/systemd/systemd/CVE-2017-15908.patch b/recipes-core/systemd/systemd/CVE-2017-15908.patch
new file mode 100644
index 0000000..6851243
--- /dev/null
+++ b/recipes-core/systemd/systemd/CVE-2017-15908.patch
@@ -0,0 +1,44 @@
+From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 25 Oct 2017 11:19:19 +0200
+Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
+
+Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
+
+Upstream-Status: Backport
+CVE: CVE-2017-15908
+
+Upstream patch:
+https://github.com/systemd/systemd/commit/8aeadf3052a2130b88d5bccf5439890e1034f28d
+
+https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/172535
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ src/resolve/resolved-dns-packet.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index e2f227bfc64..35f4d0689b2 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+ 
+                 found = true;
+ 
+-                while (bitmask) {
++                for (; bitmask; bit++, bitmask >>= 1)
+                         if (bitmap[i] & bitmask) {
+                                 uint16_t n;
+ 
+@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+                                 if (r < 0)
+                                         return r;
+                         }
+-
+-                        bit++;
+-                        bitmask >>= 1;
+-                }
+         }
+ 
+         if (!found)
diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend
new file mode 100644
index 0000000..4fe658a
--- /dev/null
+++ b/recipes-core/systemd/systemd_%.bbappend
@@ -0,0 +1,5 @@
+# look for files in the layer first
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI += "file://CVE-2017-15908.patch \
+	   "
-- 
cgit v1.2.3-54-g00ecf