dlt-daemon: fix CVE-2022-39836 and CVE-2022-39837

CVE-2022-39836: An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. CVE-2022-39837: An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-39836 https://nvd.nist.gov/vuln/detail/CVE-2022-39837 Upstream patch: https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Yogita Urade <yogita.urade@windriver.com> 2025-02-21 05:11:07 +0000
committer: Armin Kuster <akuster808@gmail.com> 2025-03-06 09:43:54 -0500
commit: 92a5b3ebf07b3a5498cf8266ef6e64ea2e6d6b4c (patch)
tree: de72f767d1c0f5ffbe83f17c0e711ad3c9a9ec81
parent: 5c9db7a2b078144b902411f1f45f04c0a1f677f2 (diff)
download: meta-openembedded-92a5b3ebf07b3a5498cf8266ef6e64ea2e6d6b4c.tar.gz
2 files changed, 252 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2022-39836-CVE-2022-39837.patch b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2022-39836-CVE-2022-39837.patch
new file mode 100644
index 0000000000..49fb9db3e2
--- /dev/null
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2022-39836-CVE-2022-39837.patch
@@ -0,0 +1,251 @@
+From 855e0017a980d2990c16f7dbf3b4983b48fac272 Mon Sep 17 00:00:00 2001
+From: Bui Nguyen Quoc Thanh <49302843+thanhbnq@users.noreply.github.com>
+Date: Thu, 7 Jul 2022 11:00:34 +0700
+Subject: [PATCH] Fix handle returned value (#384)
+* common: Handle returned value
+- The returned value of supporting APIs should be checked correctly.
+- In case of extended header, the buffer of header must be checked
+before proceeding further.
+Signed-off-by: Bui Nguyen Quoc Thanh <thanh.buinguyenquoc@vn.bosch.com>
+* console: Handle returned value
+In case of parsing dlt file, the failed messages
+should be skipped by evaluating returned value
+Signed-off-by: Bui Nguyen Quoc Thanh <thanh.buinguyenquoc@vn.bosch.com>
+CVE: CVE-2022-39836 and CVE-2022-39837
+Upstream-Status: Backport [https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/console/dlt-convert.c         | 18 ++++++----
+ src/console/dlt-sortbytimestamp.c |  6 ++--
+ src/shared/dlt_common.c           | 60 ++++++++++++++++++++++---------
+ 3 files changed, 59 insertions(+), 25 deletions(-)
+diff --git a/src/console/dlt-convert.c b/src/console/dlt-convert.c
+index b82c104..30ea09a 100644
+--- a/src/console/dlt-convert.c
+++ b/src/console/dlt-convert.c
+@@ -432,31 +432,37 @@ int main(int argc, char *argv[])
+             }
+             for (num = begin; num <= end; num++) {
+-                dlt_file_message(&file, num, vflag);
+                if (dlt_file_message(&file, num, vflag) < DLT_RETURN_OK)
+                    continue;
+                 if (xflag) {
+                     printf("%d ", num);
+-                    dlt_message_print_hex(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag);
+                    if (dlt_message_print_hex(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag) < DLT_RETURN_OK)
+                        continue;
+                 }
+                 else if (aflag) {
+                     printf("%d ", num);
+-                    dlt_message_header(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag);
+                    if (dlt_message_header(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag) < DLT_RETURN_OK)
+                        continue;
+                     printf("%s ", text);
+-                    dlt_message_payload(&file.msg, text, DLT_CONVERT_TEXTBUFSIZE, DLT_OUTPUT_ASCII, vflag);
+                    if (dlt_message_payload(&file.msg, text, DLT_CONVERT_TEXTBUFSIZE, DLT_OUTPUT_ASCII, vflag) < DLT_RETURN_OK)
+                        continue;
+                     printf("[%s]\n", text);
+                 }
+                 else if (mflag) {
+                     printf("%d ", num);
+-                    dlt_message_print_mixed_plain(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag);
+                    if (dlt_message_print_mixed_plain(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag) < DLT_RETURN_OK)
+                        continue;
+                 }
+                 else if (sflag) {
+                     printf("%d ", num);
+-                    dlt_message_header(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag);
+                    if (dlt_message_header(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag) < DLT_RETURN_OK)
+                        continue;
+                     printf("%s \n", text);
+                 }
+diff --git a/src/console/dlt-sortbytimestamp.c b/src/console/dlt-sortbytimestamp.c
+index 3e418e1..82fd5d0 100644
+--- a/src/console/dlt-sortbytimestamp.c
+++ b/src/console/dlt-sortbytimestamp.c
+@@ -160,7 +160,8 @@ void write_messages(int ohandle, DltFile *file,
+         if ((0 == i % 1001) || (i == message_count - 1))
+             verbose(2, "Writing message %d\r", i);
+-        dlt_file_message(file, timestamps[i].num, 0);
+        if (dlt_file_message(file, timestamps[i].num, 0) < DLT_RETURN_OK)
+            continue;
+         iov[0].iov_base = file->msg.headerbuffer;
+         iov[0].iov_len = file->msg.headersize;
+         iov[1].iov_base = file->msg.databuffer;
+@@ -402,7 +403,8 @@ int main(int argc, char *argv[]) {
+     verbose(1, "Filling %d entries\n", message_count);
+     for (num = begin; num <= end; num++) {
+-        dlt_file_message(&file, num, vflag);
+        if (dlt_file_message(&file, num, vflag) < DLT_RETURN_OK)
+            continue;
+         timestamp_index[num - begin].num = num;
+         timestamp_index[num - begin].systmsp = file.msg.storageheader->seconds;
+         timestamp_index[num - begin].tmsp = file.msg.headerextra.tmsp;
+diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c
+index 427044b..4303c50 100644
+--- a/src/shared/dlt_common.c
+++ b/src/shared/dlt_common.c
+@@ -202,7 +202,10 @@ DltReturnValue dlt_print_mixed_string(char *text, int textlength, uint8_t *ptr,
+         /* Hex-Output */
+         /* It is not required to decrement textlength, as it was already checked, that
+          * there is enough space for the complete output */
+-        dlt_print_hex_string(text, textlength, (uint8_t *)(ptr + (lines * DLT_COMMON_HEX_CHARS)), DLT_COMMON_HEX_CHARS);
+        if (dlt_print_hex_string(text, textlength,
+                (uint8_t *)(ptr + (lines * DLT_COMMON_HEX_CHARS)),
+                DLT_COMMON_HEX_CHARS) < DLT_RETURN_OK)
+            return DLT_RETURN_ERROR;
+         text += ((2 * DLT_COMMON_HEX_CHARS) + (DLT_COMMON_HEX_CHARS - 1)); /* 32 characters + 15 spaces */
+         snprintf(text, 2, " ");
+@@ -211,8 +214,10 @@ DltReturnValue dlt_print_mixed_string(char *text, int textlength, uint8_t *ptr,
+         /* Char-Output */
+         /* It is not required to decrement textlength, as it was already checked, that
+          * there is enough space for the complete output */
+-        dlt_print_char_string(&text, textlength, (uint8_t *)(ptr + (lines * DLT_COMMON_HEX_CHARS)),
+-                              DLT_COMMON_HEX_CHARS);
+        if (dlt_print_char_string(&text, textlength,
+                (uint8_t *)(ptr + (lines * DLT_COMMON_HEX_CHARS)),
+                DLT_COMMON_HEX_CHARS) < DLT_RETURN_OK)
+            return DLT_RETURN_ERROR;
+         if (html == 0) {
+             snprintf(text, 2, "\n");
+@@ -240,10 +245,11 @@ DltReturnValue dlt_print_mixed_string(char *text, int textlength, uint8_t *ptr,
+         /* Hex-Output */
+         /* It is not required to decrement textlength, as it was already checked, that
+          * there is enough space for the complete output */
+-        dlt_print_hex_string(text,
+        if (dlt_print_hex_string(text,
+                              textlength,
+                              (uint8_t *)(ptr + ((size / DLT_COMMON_HEX_CHARS) * DLT_COMMON_HEX_CHARS)),
+-                             rest);
+                             rest) < DLT_RETURN_OK)
+            return DLT_RETURN_ERROR;
+         text += 2 * rest + (rest - 1);
+         for (i = 0; i < (DLT_COMMON_HEX_CHARS - rest); i++) {
+@@ -257,8 +263,10 @@ DltReturnValue dlt_print_mixed_string(char *text, int textlength, uint8_t *ptr,
+         /* Char-Output */
+         /* It is not required to decrement textlength, as it was already checked, that
+          * there is enough space for the complete output */
+-        dlt_print_char_string(&text, textlength,
+-                              (uint8_t *)(ptr + ((size / DLT_COMMON_HEX_CHARS) * DLT_COMMON_HEX_CHARS)), rest);
+        if (dlt_print_char_string(&text, textlength,
+                              (uint8_t *)(ptr + ((size / DLT_COMMON_HEX_CHARS) * DLT_COMMON_HEX_CHARS)),
+                              rest) < DLT_RETURN_OK)
+            return DLT_RETURN_ERROR;
+     }
+     return DLT_RETURN_OK;
+@@ -672,6 +680,9 @@ DltReturnValue dlt_message_header_flags(DltMessage *msg, char *text, size_t text
+     if ((msg == NULL) || (text == NULL) || (textlength <= 0))
+         return DLT_RETURN_WRONG_PARAMETER;
+    if ((DLT_IS_HTYP_UEH(msg->standardheader->htyp)) && (msg->extendedheader == NULL))
+        return DLT_RETURN_WRONG_PARAMETER;
+
+     if ((flags < DLT_HEADER_SHOW_NONE) || (flags > DLT_HEADER_SHOW_ALL))
+         return DLT_RETURN_WRONG_PARAMETER;
+@@ -3239,7 +3250,8 @@ DltReturnValue dlt_message_print_header(DltMessage *message, char *text, uint32_
+     if ((message == NULL) || (text == NULL))
+         return DLT_RETURN_WRONG_PARAMETER;
+-    dlt_message_header(message, text, size, verbose);
+    if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
+        return DLT_RETURN_ERROR;
+     dlt_user_printf("%s\n", text);
+     return DLT_RETURN_OK;
+@@ -3250,9 +3262,12 @@ DltReturnValue dlt_message_print_hex(DltMessage *message, char *text, uint32_t s
+     if ((message == NULL) || (text == NULL))
+         return DLT_RETURN_WRONG_PARAMETER;
+-    dlt_message_header(message, text, size, verbose);
+    if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
+        return DLT_RETURN_ERROR;
+     dlt_user_printf("%s ", text);
+-    dlt_message_payload(message, text, size, DLT_OUTPUT_HEX, verbose);
+
+    if (dlt_message_payload(message, text, size, DLT_OUTPUT_HEX, verbose) < DLT_RETURN_OK)
+        return DLT_RETURN_ERROR;
+     dlt_user_printf("[%s]\n", text);
+     return DLT_RETURN_OK;
+@@ -3263,9 +3278,12 @@ DltReturnValue dlt_message_print_ascii(DltMessage *message, char *text, uint32_t
+     if ((message == NULL) || (text == NULL))
+         return DLT_RETURN_WRONG_PARAMETER;
+-    dlt_message_header(message, text, size, verbose);
+    if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
+        return DLT_RETURN_ERROR;
+     dlt_user_printf("%s ", text);
+-    dlt_message_payload(message, text, size, DLT_OUTPUT_ASCII, verbose);
+
+    if (dlt_message_payload(message, text, size, DLT_OUTPUT_ASCII, verbose) < DLT_RETURN_OK)
+        return DLT_RETURN_ERROR;
+     dlt_user_printf("[%s]\n", text);
+     return DLT_RETURN_OK;
+@@ -3276,9 +3294,12 @@ DltReturnValue dlt_message_print_mixed_plain(DltMessage *message, char *text, ui
+     if ((message == NULL) || (text == NULL))
+         return DLT_RETURN_WRONG_PARAMETER;
+-    dlt_message_header(message, text, size, verbose);
+    if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
+        return DLT_RETURN_ERROR;
+     dlt_user_printf("%s \n", text);
+-    dlt_message_payload(message, text, size, DLT_OUTPUT_MIXED_FOR_PLAIN, verbose);
+
+    if (dlt_message_payload(message, text, size, DLT_OUTPUT_MIXED_FOR_PLAIN, verbose) < DLT_RETURN_OK)
+        return DLT_RETURN_ERROR;
+     dlt_user_printf("[%s]\n", text);
+     return DLT_RETURN_OK;
+@@ -3289,9 +3310,13 @@ DltReturnValue dlt_message_print_mixed_html(DltMessage *message, char *text, uin
+     if ((message == NULL) || (text == NULL))
+         return DLT_RETURN_WRONG_PARAMETER;
+-    dlt_message_header(message, text, size, verbose);
+    if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
+        return DLT_RETURN_ERROR;
+     dlt_user_printf("%s \n", text);
+-    dlt_message_payload(message, text, size, DLT_OUTPUT_MIXED_FOR_HTML, verbose);
+
+    if (dlt_message_payload(message, text, size, DLT_OUTPUT_MIXED_FOR_HTML, verbose) < DLT_RETURN_OK)
+        return DLT_RETURN_ERROR;
+
+     dlt_user_printf("[%s]\n", text);
+     return DLT_RETURN_OK;
+@@ -3901,7 +3926,8 @@ DltReturnValue dlt_message_argument_print(DltMessage *msg,
+         if ((*datalength) < length)
+             return DLT_RETURN_ERROR;
+-        dlt_print_hex_string_delim(value_text, (int) textlength, *ptr, length, '\'');
+        if (dlt_print_hex_string_delim(value_text, (int) textlength, *ptr, length, '\'') < DLT_RETURN_OK)
+            return DLT_RETURN_ERROR;
+         *ptr += length;
+         *datalength -= length;
+     }
+--
+2.40.0
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
index b98cfadf3e..8ef056651b 100644
--- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \
           file://0004-Modify-systemd-config-directory.patch \
           file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
           file://0001-Fix-memory-leak.patch \
+           file://CVE-2022-39836-CVE-2022-39837.patch \
           "
 SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2"
author	Yogita Urade <yogita.urade@windriver.com>	2025-02-21 05:11:07 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-03-06 09:43:54 -0500
commit	92a5b3ebf07b3a5498cf8266ef6e64ea2e6d6b4c (patch)
tree	de72f767d1c0f5ffbe83f17c0e711ad3c9a9ec81
parent	5c9db7a2b078144b902411f1f45f04c0a1f677f2 (diff)
download	meta-openembedded-92a5b3ebf07b3a5498cf8266ef6e64ea2e6d6b4c.tar.gz

diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2022-39836-CVE-2022-39837.patch b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2022-39836-CVE-2022-39837.patch new file mode 100644 index 0000000000..49fb9db3e2 --- /dev/null +++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2022-39836-CVE-2022-39837.patch
@@ -0,0 +1,251 @@
		1	From 855e0017a980d2990c16f7dbf3b4983b48fac272 Mon Sep 17 00:00:00 2001
		2	From: Bui Nguyen Quoc Thanh <49302843+thanhbnq@users.noreply.github.com>
		3	Date: Thu, 7 Jul 2022 11:00:34 +0700
		4	Subject: [PATCH] Fix handle returned value (#384)
		5
		6	* common: Handle returned value
		7
		8	- The returned value of supporting APIs should be checked correctly.
		9	- In case of extended header, the buffer of header must be checked
		10	before proceeding further.
		11
		12	Signed-off-by: Bui Nguyen Quoc Thanh <thanh.buinguyenquoc@vn.bosch.com>
		13
		14	* console: Handle returned value
		15
		16	In case of parsing dlt file, the failed messages
		17	should be skipped by evaluating returned value
		18
		19	Signed-off-by: Bui Nguyen Quoc Thanh <thanh.buinguyenquoc@vn.bosch.com>
		20
		21	CVE: CVE-2022-39836 and CVE-2022-39837
		22	Upstream-Status: Backport [https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272]
		23
		24	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		25	---
		26	src/console/dlt-convert.c \| 18 ++++++----
		27	src/console/dlt-sortbytimestamp.c \| 6 ++--
		28	src/shared/dlt_common.c \| 60 ++++++++++++++++++++++---------
		29	3 files changed, 59 insertions(+), 25 deletions(-)
		30
		31	diff --git a/src/console/dlt-convert.c b/src/console/dlt-convert.c
		32	index b82c104..30ea09a 100644
		33	--- a/src/console/dlt-convert.c
		34	+++ b/src/console/dlt-convert.c
		35	@@ -432,31 +432,37 @@ int main(int argc, char *argv[])
		36	}
		37
		38	for (num = begin; num <= end; num++) {
		39	- dlt_file_message(&file, num, vflag);
		40	+ if (dlt_file_message(&file, num, vflag) < DLT_RETURN_OK)
		41	+ continue;
		42
		43	if (xflag) {
		44	printf("%d ", num);
		45	- dlt_message_print_hex(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag);
		46	+ if (dlt_message_print_hex(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag) < DLT_RETURN_OK)
		47	+ continue;
		48	}
		49	else if (aflag) {
		50	printf("%d ", num);
		51
		52	- dlt_message_header(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag);
		53	+ if (dlt_message_header(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag) < DLT_RETURN_OK)
		54	+ continue;
		55
		56	printf("%s ", text);
		57
		58	- dlt_message_payload(&file.msg, text, DLT_CONVERT_TEXTBUFSIZE, DLT_OUTPUT_ASCII, vflag);
		59	+ if (dlt_message_payload(&file.msg, text, DLT_CONVERT_TEXTBUFSIZE, DLT_OUTPUT_ASCII, vflag) < DLT_RETURN_OK)
		60	+ continue;
		61
		62	printf("[%s]\n", text);
		63	}
		64	else if (mflag) {
		65	printf("%d ", num);
		66	- dlt_message_print_mixed_plain(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag);
		67	+ if (dlt_message_print_mixed_plain(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag) < DLT_RETURN_OK)
		68	+ continue;
		69	}
		70	else if (sflag) {
		71	printf("%d ", num);
		72
		73	- dlt_message_header(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag);
		74	+ if (dlt_message_header(&(file.msg), text, DLT_CONVERT_TEXTBUFSIZE, vflag) < DLT_RETURN_OK)
		75	+ continue;
		76
		77	printf("%s \n", text);
		78	}
		79	diff --git a/src/console/dlt-sortbytimestamp.c b/src/console/dlt-sortbytimestamp.c
		80	index 3e418e1..82fd5d0 100644
		81	--- a/src/console/dlt-sortbytimestamp.c
		82	+++ b/src/console/dlt-sortbytimestamp.c
		83	@@ -160,7 +160,8 @@ void write_messages(int ohandle, DltFile *file,
		84	if ((0 == i % 1001) \|\| (i == message_count - 1))
		85	verbose(2, "Writing message %d\r", i);
		86
		87	- dlt_file_message(file, timestamps[i].num, 0);
		88	+ if (dlt_file_message(file, timestamps[i].num, 0) < DLT_RETURN_OK)
		89	+ continue;
		90	iov[0].iov_base = file->msg.headerbuffer;
		91	iov[0].iov_len = file->msg.headersize;
		92	iov[1].iov_base = file->msg.databuffer;
		93	@@ -402,7 +403,8 @@ int main(int argc, char *argv[]) {
		94	verbose(1, "Filling %d entries\n", message_count);
		95
		96	for (num = begin; num <= end; num++) {
		97	- dlt_file_message(&file, num, vflag);
		98	+ if (dlt_file_message(&file, num, vflag) < DLT_RETURN_OK)
		99	+ continue;
		100	timestamp_index[num - begin].num = num;
		101	timestamp_index[num - begin].systmsp = file.msg.storageheader->seconds;
		102	timestamp_index[num - begin].tmsp = file.msg.headerextra.tmsp;
		103	diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c
		104	index 427044b..4303c50 100644
		105	--- a/src/shared/dlt_common.c
		106	+++ b/src/shared/dlt_common.c
		107	@@ -202,7 +202,10 @@ DltReturnValue dlt_print_mixed_string(char text, int textlength, uint8_t ptr,
		108	/* Hex-Output */
		109	/* It is not required to decrement textlength, as it was already checked, that
		110	* there is enough space for the complete output */
		111	- dlt_print_hex_string(text, textlength, (uint8_t )(ptr + (lines DLT_COMMON_HEX_CHARS)), DLT_COMMON_HEX_CHARS);
		112	+ if (dlt_print_hex_string(text, textlength,
		113	+ (uint8_t )(ptr + (lines DLT_COMMON_HEX_CHARS)),
		114	+ DLT_COMMON_HEX_CHARS) < DLT_RETURN_OK)
		115	+ return DLT_RETURN_ERROR;
		116	text += ((2 * DLT_COMMON_HEX_CHARS) + (DLT_COMMON_HEX_CHARS - 1)); /* 32 characters + 15 spaces */
		117
		118	snprintf(text, 2, " ");
		119	@@ -211,8 +214,10 @@ DltReturnValue dlt_print_mixed_string(char text, int textlength, uint8_t ptr,
		120	/* Char-Output */
		121	/* It is not required to decrement textlength, as it was already checked, that
		122	* there is enough space for the complete output */
		123	- dlt_print_char_string(&text, textlength, (uint8_t )(ptr + (lines DLT_COMMON_HEX_CHARS)),
		124	- DLT_COMMON_HEX_CHARS);
		125	+ if (dlt_print_char_string(&text, textlength,
		126	+ (uint8_t )(ptr + (lines DLT_COMMON_HEX_CHARS)),
		127	+ DLT_COMMON_HEX_CHARS) < DLT_RETURN_OK)
		128	+ return DLT_RETURN_ERROR;
		129
		130	if (html == 0) {
		131	snprintf(text, 2, "\n");
		132	@@ -240,10 +245,11 @@ DltReturnValue dlt_print_mixed_string(char text, int textlength, uint8_t ptr,
		133	/* Hex-Output */
		134	/* It is not required to decrement textlength, as it was already checked, that
		135	* there is enough space for the complete output */
		136	- dlt_print_hex_string(text,
		137	+ if (dlt_print_hex_string(text,
		138	textlength,
		139	(uint8_t )(ptr + ((size / DLT_COMMON_HEX_CHARS) DLT_COMMON_HEX_CHARS)),
		140	- rest);
		141	+ rest) < DLT_RETURN_OK)
		142	+ return DLT_RETURN_ERROR;
		143	text += 2 * rest + (rest - 1);
		144
		145	for (i = 0; i < (DLT_COMMON_HEX_CHARS - rest); i++) {
		146	@@ -257,8 +263,10 @@ DltReturnValue dlt_print_mixed_string(char text, int textlength, uint8_t ptr,
		147	/* Char-Output */
		148	/* It is not required to decrement textlength, as it was already checked, that
		149	* there is enough space for the complete output */
		150	- dlt_print_char_string(&text, textlength,
		151	- (uint8_t )(ptr + ((size / DLT_COMMON_HEX_CHARS) DLT_COMMON_HEX_CHARS)), rest);
		152	+ if (dlt_print_char_string(&text, textlength,
		153	+ (uint8_t )(ptr + ((size / DLT_COMMON_HEX_CHARS) DLT_COMMON_HEX_CHARS)),
		154	+ rest) < DLT_RETURN_OK)
		155	+ return DLT_RETURN_ERROR;
		156	}
		157
		158	return DLT_RETURN_OK;
		159	@@ -672,6 +680,9 @@ DltReturnValue dlt_message_header_flags(DltMessage msg, char text, size_t text
		160	if ((msg == NULL) \|\| (text == NULL) \|\| (textlength <= 0))
		161	return DLT_RETURN_WRONG_PARAMETER;
		162
		163	+ if ((DLT_IS_HTYP_UEH(msg->standardheader->htyp)) && (msg->extendedheader == NULL))
		164	+ return DLT_RETURN_WRONG_PARAMETER;
		165	+
		166	if ((flags < DLT_HEADER_SHOW_NONE) \|\| (flags > DLT_HEADER_SHOW_ALL))
		167	return DLT_RETURN_WRONG_PARAMETER;
		168
		169	@@ -3239,7 +3250,8 @@ DltReturnValue dlt_message_print_header(DltMessage message, char text, uint32_
		170	if ((message == NULL) \|\| (text == NULL))
		171	return DLT_RETURN_WRONG_PARAMETER;
		172
		173	- dlt_message_header(message, text, size, verbose);
		174	+ if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
		175	+ return DLT_RETURN_ERROR;
		176	dlt_user_printf("%s\n", text);
		177
		178	return DLT_RETURN_OK;
		179	@@ -3250,9 +3262,12 @@ DltReturnValue dlt_message_print_hex(DltMessage message, char text, uint32_t s
		180	if ((message == NULL) \|\| (text == NULL))
		181	return DLT_RETURN_WRONG_PARAMETER;
		182
		183	- dlt_message_header(message, text, size, verbose);
		184	+ if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
		185	+ return DLT_RETURN_ERROR;
		186	dlt_user_printf("%s ", text);
		187	- dlt_message_payload(message, text, size, DLT_OUTPUT_HEX, verbose);
		188	+
		189	+ if (dlt_message_payload(message, text, size, DLT_OUTPUT_HEX, verbose) < DLT_RETURN_OK)
		190	+ return DLT_RETURN_ERROR;
		191	dlt_user_printf("[%s]\n", text);
		192
		193	return DLT_RETURN_OK;
		194	@@ -3263,9 +3278,12 @@ DltReturnValue dlt_message_print_ascii(DltMessage message, char text, uint32_t
		195	if ((message == NULL) \|\| (text == NULL))
		196	return DLT_RETURN_WRONG_PARAMETER;
		197
		198	- dlt_message_header(message, text, size, verbose);
		199	+ if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
		200	+ return DLT_RETURN_ERROR;
		201	dlt_user_printf("%s ", text);
		202	- dlt_message_payload(message, text, size, DLT_OUTPUT_ASCII, verbose);
		203	+
		204	+ if (dlt_message_payload(message, text, size, DLT_OUTPUT_ASCII, verbose) < DLT_RETURN_OK)
		205	+ return DLT_RETURN_ERROR;
		206	dlt_user_printf("[%s]\n", text);
		207
		208	return DLT_RETURN_OK;
		209	@@ -3276,9 +3294,12 @@ DltReturnValue dlt_message_print_mixed_plain(DltMessage message, char text, ui
		210	if ((message == NULL) \|\| (text == NULL))
		211	return DLT_RETURN_WRONG_PARAMETER;
		212
		213	- dlt_message_header(message, text, size, verbose);
		214	+ if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
		215	+ return DLT_RETURN_ERROR;
		216	dlt_user_printf("%s \n", text);
		217	- dlt_message_payload(message, text, size, DLT_OUTPUT_MIXED_FOR_PLAIN, verbose);
		218	+
		219	+ if (dlt_message_payload(message, text, size, DLT_OUTPUT_MIXED_FOR_PLAIN, verbose) < DLT_RETURN_OK)
		220	+ return DLT_RETURN_ERROR;
		221	dlt_user_printf("[%s]\n", text);
		222
		223	return DLT_RETURN_OK;
		224	@@ -3289,9 +3310,13 @@ DltReturnValue dlt_message_print_mixed_html(DltMessage message, char text, uin
		225	if ((message == NULL) \|\| (text == NULL))
		226	return DLT_RETURN_WRONG_PARAMETER;
		227
		228	- dlt_message_header(message, text, size, verbose);
		229	+ if (dlt_message_header(message, text, size, verbose) < DLT_RETURN_OK)
		230	+ return DLT_RETURN_ERROR;
		231	dlt_user_printf("%s \n", text);
		232	- dlt_message_payload(message, text, size, DLT_OUTPUT_MIXED_FOR_HTML, verbose);
		233	+
		234	+ if (dlt_message_payload(message, text, size, DLT_OUTPUT_MIXED_FOR_HTML, verbose) < DLT_RETURN_OK)
		235	+ return DLT_RETURN_ERROR;
		236	+
		237	dlt_user_printf("[%s]\n", text);
		238
		239	return DLT_RETURN_OK;
		240	@@ -3901,7 +3926,8 @@ DltReturnValue dlt_message_argument_print(DltMessage *msg,
		241	if ((*datalength) < length)
		242	return DLT_RETURN_ERROR;
		243
		244	- dlt_print_hex_string_delim(value_text, (int) textlength, *ptr, length, '\'');
		245	+ if (dlt_print_hex_string_delim(value_text, (int) textlength, *ptr, length, '\'') < DLT_RETURN_OK)
		246	+ return DLT_RETURN_ERROR;
		247	*ptr += length;
		248	*datalength -= length;
		249	}
		250	--
		251	2.40.0


diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb index b98cfadf3e..8ef056651b 100644 --- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb +++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \
19	file://0004-Modify-systemd-config-directory.patch \	19	file://0004-Modify-systemd-config-directory.patch \
20	file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \	20	file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
21	file://0001-Fix-memory-leak.patch \	21	file://0001-Fix-memory-leak.patch \
		22	file://CVE-2022-39836-CVE-2022-39837.patch \
22	"	23	"
23	SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2"	24	SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2"
24		25