1 files changed, 53 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch
new file mode 100644
index 000000000..352c02137
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch
@@ -0,0 +1,53 @@
+From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Mon, 28 Feb 2022 10:34:15 -0500
+Subject: [PATCH] manual port of commit 5906bfa1
+CVE: CVE-2022-41861
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/lib/filters.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+diff --git a/src/lib/filters.c b/src/lib/filters.c
+index 4868cd385d..3f3b63daee 100644
+--- a/src/lib/filters.c
+++ b/src/lib/filters.c
+@@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
+                        }
+                }
+        } else if (filter->type == RAD_FILTER_GENERIC) {
+-               int count;
+               size_t count, masklen;
+
+               masklen = ntohs(filter->u.generic.len);
+               if (masklen >= sizeof(filter->u.generic.mask)) {
+                       *p = '\0';
+                       return;
+               }
+ 
+                i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset));
+                p += i;
+ 
+                /* show the mask */
+-               for (count = 0; count < ntohs(filter->u.generic.len); count++) {
+               for (count = 0; count < masklen; count++) {
+                        i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]);
+                        p += i;
+                        outlen -= i;
+@@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
+                outlen--;
+ 
+                /* show the value */
+-               for (count = 0; count < ntohs(filter->u.generic.len); count++) {
+               for (count = 0; count < masklen; count++) {
+                        i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]);
+                        p += i;
+                        outlen -= i;
+-- 
+2.25.1

diff --git a/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch new file mode 100644 index 000000000..352c02137 --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch
@@ -0,0 +1,53 @@
	1	From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001
	2	From: "Alan T. DeKok" <aland@freeradius.org>
	3	Date: Mon, 28 Feb 2022 10:34:15 -0500
	4	Subject: [PATCH] manual port of commit 5906bfa1
	5
	6	CVE: CVE-2022-41861
	7
	8	Upstream-Status: Backport
	9	[https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62]
	10
	11	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	12	---
	13	src/lib/filters.c \| 12 +++++++++---
	14	1 file changed, 9 insertions(+), 3 deletions(-)
	15
	16	diff --git a/src/lib/filters.c b/src/lib/filters.c
	17	index 4868cd385d..3f3b63daee 100644
	18	--- a/src/lib/filters.c
	19	+++ b/src/lib/filters.c
	20	@@ -1205,13 +1205,19 @@ void print_abinary(char out, size_t outlen, uint8_t const data, size_t len, in
	21	}
	22	}
	23	} else if (filter->type == RAD_FILTER_GENERIC) {
	24	- int count;
	25	+ size_t count, masklen;
	26	+
	27	+ masklen = ntohs(filter->u.generic.len);
	28	+ if (masklen >= sizeof(filter->u.generic.mask)) {
	29	+ *p = '\0';
	30	+ return;
	31	+ }
	32
	33	i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset));
	34	p += i;
	35
	36	/* show the mask */
	37	- for (count = 0; count < ntohs(filter->u.generic.len); count++) {
	38	+ for (count = 0; count < masklen; count++) {
	39	i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]);
	40	p += i;
	41	outlen -= i;
	42	@@ -1222,7 +1228,7 @@ void print_abinary(char out, size_t outlen, uint8_t const data, size_t len, in
	43	outlen--;
	44
	45	/* show the value */
	46	- for (count = 0; count < ntohs(filter->u.generic.len); count++) {
	47	+ for (count = 0; count < masklen; count++) {
	48	i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]);
	49	p += i;
	50	outlen -= i;
	51	--
	52	2.25.1
	53