diff options
Diffstat (limited to 'meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch')
-rw-r--r-- | meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch b/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch deleted file mode 100644 index bc85b4c0e..000000000 --- a/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch +++ /dev/null | |||
@@ -1,55 +0,0 @@ | |||
1 | From dd8483a4beb6f61521d8b32c726523bbea21cd92 Mon Sep 17 00:00:00 2001 | ||
2 | From: Florian Forster <octo@collectd.org> | ||
3 | Date: Tue, 19 Jul 2016 10:00:37 +0200 | ||
4 | Subject: [PATCH] network plugin: Fix heap overflow in parse_packet(). | ||
5 | |||
6 | Emilien Gaspar has identified a heap overflow in parse_packet(), the | ||
7 | function used by the network plugin to parse incoming network packets. | ||
8 | |||
9 | This is a vulnerability in collectd, though the scope is not clear at | ||
10 | this point. At the very least specially crafted network packets can be | ||
11 | used to crash the daemon. We can't rule out a potential remote code | ||
12 | execution though. | ||
13 | |||
14 | Fixes: CVE-2016-6254 | ||
15 | |||
16 | cherry picked from upstream commit b589096f | ||
17 | |||
18 | Upstream Status: Backport | ||
19 | |||
20 | Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> | ||
21 | --- | ||
22 | src/network.c | 3 +++ | ||
23 | 1 file changed, 3 insertions(+) | ||
24 | |||
25 | diff --git a/src/network.c b/src/network.c | ||
26 | index 551bd5c..cb979b2 100644 | ||
27 | --- a/src/network.c | ||
28 | +++ b/src/network.c | ||
29 | @@ -1444,6 +1444,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ | ||
30 | printed_ignore_warning = 1; | ||
31 | } | ||
32 | buffer = ((char *) buffer) + pkg_length; | ||
33 | + buffer_size -= (size_t) pkg_length; | ||
34 | continue; | ||
35 | } | ||
36 | #endif /* HAVE_LIBGCRYPT */ | ||
37 | @@ -1471,6 +1472,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ | ||
38 | printed_ignore_warning = 1; | ||
39 | } | ||
40 | buffer = ((char *) buffer) + pkg_length; | ||
41 | + buffer_size -= (size_t) pkg_length; | ||
42 | continue; | ||
43 | } | ||
44 | #endif /* HAVE_LIBGCRYPT */ | ||
45 | @@ -1612,6 +1614,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ | ||
46 | DEBUG ("network plugin: parse_packet: Unknown part" | ||
47 | " type: 0x%04hx", pkg_type); | ||
48 | buffer = ((char *) buffer) + pkg_length; | ||
49 | + buffer_size -= (size_t) pkg_length; | ||
50 | } | ||
51 | } /* while (buffer_size > sizeof (part_header_t)) */ | ||
52 | |||
53 | -- | ||
54 | 2.7.4 | ||
55 | |||