diff options
-rw-r--r-- | meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch | 55 | ||||
-rw-r--r-- | meta-oe/recipes-extended/collectd/collectd_5.5.0.bb | 1 |
2 files changed, 56 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch b/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch new file mode 100644 index 000000000..bc85b4c0e --- /dev/null +++ b/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | From dd8483a4beb6f61521d8b32c726523bbea21cd92 Mon Sep 17 00:00:00 2001 | ||
2 | From: Florian Forster <octo@collectd.org> | ||
3 | Date: Tue, 19 Jul 2016 10:00:37 +0200 | ||
4 | Subject: [PATCH] network plugin: Fix heap overflow in parse_packet(). | ||
5 | |||
6 | Emilien Gaspar has identified a heap overflow in parse_packet(), the | ||
7 | function used by the network plugin to parse incoming network packets. | ||
8 | |||
9 | This is a vulnerability in collectd, though the scope is not clear at | ||
10 | this point. At the very least specially crafted network packets can be | ||
11 | used to crash the daemon. We can't rule out a potential remote code | ||
12 | execution though. | ||
13 | |||
14 | Fixes: CVE-2016-6254 | ||
15 | |||
16 | cherry picked from upstream commit b589096f | ||
17 | |||
18 | Upstream Status: Backport | ||
19 | |||
20 | Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> | ||
21 | --- | ||
22 | src/network.c | 3 +++ | ||
23 | 1 file changed, 3 insertions(+) | ||
24 | |||
25 | diff --git a/src/network.c b/src/network.c | ||
26 | index 551bd5c..cb979b2 100644 | ||
27 | --- a/src/network.c | ||
28 | +++ b/src/network.c | ||
29 | @@ -1444,6 +1444,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ | ||
30 | printed_ignore_warning = 1; | ||
31 | } | ||
32 | buffer = ((char *) buffer) + pkg_length; | ||
33 | + buffer_size -= (size_t) pkg_length; | ||
34 | continue; | ||
35 | } | ||
36 | #endif /* HAVE_LIBGCRYPT */ | ||
37 | @@ -1471,6 +1472,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ | ||
38 | printed_ignore_warning = 1; | ||
39 | } | ||
40 | buffer = ((char *) buffer) + pkg_length; | ||
41 | + buffer_size -= (size_t) pkg_length; | ||
42 | continue; | ||
43 | } | ||
44 | #endif /* HAVE_LIBGCRYPT */ | ||
45 | @@ -1612,6 +1614,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ | ||
46 | DEBUG ("network plugin: parse_packet: Unknown part" | ||
47 | " type: 0x%04hx", pkg_type); | ||
48 | buffer = ((char *) buffer) + pkg_length; | ||
49 | + buffer_size -= (size_t) pkg_length; | ||
50 | } | ||
51 | } /* while (buffer_size > sizeof (part_header_t)) */ | ||
52 | |||
53 | -- | ||
54 | 2.7.4 | ||
55 | |||
diff --git a/meta-oe/recipes-extended/collectd/collectd_5.5.0.bb b/meta-oe/recipes-extended/collectd/collectd_5.5.0.bb index d7ba5b79c..34edecfba 100644 --- a/meta-oe/recipes-extended/collectd/collectd_5.5.0.bb +++ b/meta-oe/recipes-extended/collectd/collectd_5.5.0.bb | |||
@@ -13,6 +13,7 @@ SRC_URI = "http://collectd.org/files/collectd-${PV}.tar.bz2 \ | |||
13 | file://collectd.service \ | 13 | file://collectd.service \ |
14 | file://0001-conditionally-check-libvirt.patch \ | 14 | file://0001-conditionally-check-libvirt.patch \ |
15 | file://0001-collectd-replace-deprecated-readdir_r-with-readdir.patch \ | 15 | file://0001-collectd-replace-deprecated-readdir_r-with-readdir.patch \ |
16 | file://CVE-2016-6254.patch \ | ||
16 | " | 17 | " |
17 | SRC_URI[md5sum] = "c39305ef5514b44238b0d31f77e29e6a" | 18 | SRC_URI[md5sum] = "c39305ef5514b44238b0d31f77e29e6a" |
18 | SRC_URI[sha256sum] = "847684cf5c10de1dc34145078af3fcf6e0d168ba98c14f1343b1062a4b569e88" | 19 | SRC_URI[sha256sum] = "847684cf5c10de1dc34145078af3fcf6e0d168ba98c14f1343b1062a4b569e88" |