diff options
author | Soumya Sambu <soumya.sambu@windriver.com> | 2024-06-07 12:42:19 +0000 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2024-06-07 21:52:52 -0700 |
commit | 8d4c430973571a1038cde1cbc525ae0a3d74dee9 (patch) | |
tree | 3328f9bbd48135376cdfbb6e2c14f1bc55a95d78 | |
parent | ae843182b4d639fbebd2a60a2f0054f606f41d3b (diff) | |
download | meta-openembedded-8d4c430973571a1038cde1cbc525ae0a3d74dee9.tar.gz |
unixodbc: Fix CVE-2024-1013
An out-of-bounds stack write flaw was found in unixODBC on 64-bit
architectures where the caller has 4 bytes and callee writes 8 bytes.
This issue may go unnoticed on little-endian architectures, while
big-endian architectures can be broken.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-1013
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-rw-r--r-- | meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch | 53 | ||||
-rw-r--r-- | meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb | 1 |
2 files changed, 54 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch new file mode 100644 index 000000000..688446545 --- /dev/null +++ b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From 76beb0938ef14276123996bfd99df23b0c7f0982 Mon Sep 17 00:00:00 2001 | ||
2 | From: Soumya Sambu <soumya.sambu@windriver.com> | ||
3 | Date: Fri, 7 Jun 2024 11:10:46 +0000 | ||
4 | Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types | ||
5 | |||
6 | These result in out-of-bounds stack writes on 64-bit architectures | ||
7 | (caller has 4 bytes, callee writes 8 bytes), and seem to have gone | ||
8 | unnoticed on little-endian architectures (although big-endian | ||
9 | architectures must be broken). | ||
10 | |||
11 | This change is required to avoid a build failure with GCC 14. | ||
12 | |||
13 | CVE: CVE-2024-1013 | ||
14 | |||
15 | Upstream-Status: Backport [https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1] | ||
16 | |||
17 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
18 | --- | ||
19 | Drivers/Postgre7.1/info.c | 6 +++--- | ||
20 | 1 file changed, 3 insertions(+), 3 deletions(-) | ||
21 | |||
22 | diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c | ||
23 | index 63ac91f..2216ecd 100644 | ||
24 | --- a/Drivers/Postgre7.1/info.c | ||
25 | +++ b/Drivers/Postgre7.1/info.c | ||
26 | @@ -1779,14 +1779,14 @@ char *table_name; | ||
27 | char index_name[MAX_INFO_STRING]; | ||
28 | short fields_vector[8]; | ||
29 | char isunique[10], isclustered[10]; | ||
30 | -SDWORD index_name_len, fields_vector_len; | ||
31 | +SQLLEN index_name_len, fields_vector_len; | ||
32 | TupleNode *row; | ||
33 | int i; | ||
34 | HSTMT hcol_stmt; | ||
35 | StatementClass *col_stmt, *indx_stmt; | ||
36 | char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING]; | ||
37 | char **column_names = 0; | ||
38 | -Int4 column_name_len; | ||
39 | +SQLLEN column_name_len; | ||
40 | int total_columns = 0; | ||
41 | char error = TRUE; | ||
42 | ConnInfo *ci; | ||
43 | @@ -2136,7 +2136,7 @@ HSTMT htbl_stmt; | ||
44 | StatementClass *tbl_stmt; | ||
45 | char tables_query[STD_STATEMENT_LEN]; | ||
46 | char attname[MAX_INFO_STRING]; | ||
47 | -SDWORD attname_len; | ||
48 | +SQLLEN attname_len; | ||
49 | char pktab[MAX_TABLE_LEN + 1]; | ||
50 | Int2 result_cols; | ||
51 | |||
52 | -- | ||
53 | 2.40.0 | ||
diff --git a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb index 7819387c3..dfad833e0 100644 --- a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb +++ b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb | |||
@@ -11,6 +11,7 @@ DEPENDS = "libtool readline" | |||
11 | SRC_URI = "https://www.unixodbc.org/unixODBC-${PV}.tar.gz \ | 11 | SRC_URI = "https://www.unixodbc.org/unixODBC-${PV}.tar.gz \ |
12 | file://do-not-use-libltdl-source-directory.patch \ | 12 | file://do-not-use-libltdl-source-directory.patch \ |
13 | file://0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch \ | 13 | file://0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch \ |
14 | file://CVE-2024-1013.patch \ | ||
14 | " | 15 | " |
15 | SRC_URI[sha256sum] = "f210501445ce21bf607ba51ef8c125e10e22dffdffec377646462df5f01915ec" | 16 | SRC_URI[sha256sum] = "f210501445ce21bf607ba51ef8c125e10e22dffdffec377646462df5f01915ec" |
16 | 17 | ||