diff options
Diffstat (limited to 'meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch')
-rw-r--r-- | meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch new file mode 100644 index 000000000..352c02137 --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Alan T. DeKok" <aland@freeradius.org> | ||
3 | Date: Mon, 28 Feb 2022 10:34:15 -0500 | ||
4 | Subject: [PATCH] manual port of commit 5906bfa1 | ||
5 | |||
6 | CVE: CVE-2022-41861 | ||
7 | |||
8 | Upstream-Status: Backport | ||
9 | [https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62] | ||
10 | |||
11 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
12 | --- | ||
13 | src/lib/filters.c | 12 +++++++++--- | ||
14 | 1 file changed, 9 insertions(+), 3 deletions(-) | ||
15 | |||
16 | diff --git a/src/lib/filters.c b/src/lib/filters.c | ||
17 | index 4868cd385d..3f3b63daee 100644 | ||
18 | --- a/src/lib/filters.c | ||
19 | +++ b/src/lib/filters.c | ||
20 | @@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in | ||
21 | } | ||
22 | } | ||
23 | } else if (filter->type == RAD_FILTER_GENERIC) { | ||
24 | - int count; | ||
25 | + size_t count, masklen; | ||
26 | + | ||
27 | + masklen = ntohs(filter->u.generic.len); | ||
28 | + if (masklen >= sizeof(filter->u.generic.mask)) { | ||
29 | + *p = '\0'; | ||
30 | + return; | ||
31 | + } | ||
32 | |||
33 | i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset)); | ||
34 | p += i; | ||
35 | |||
36 | /* show the mask */ | ||
37 | - for (count = 0; count < ntohs(filter->u.generic.len); count++) { | ||
38 | + for (count = 0; count < masklen; count++) { | ||
39 | i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]); | ||
40 | p += i; | ||
41 | outlen -= i; | ||
42 | @@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in | ||
43 | outlen--; | ||
44 | |||
45 | /* show the value */ | ||
46 | - for (count = 0; count < ntohs(filter->u.generic.len); count++) { | ||
47 | + for (count = 0; count < masklen; count++) { | ||
48 | i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]); | ||
49 | p += i; | ||
50 | outlen -= i; | ||
51 | -- | ||
52 | 2.25.1 | ||
53 | |||