diff options
author | Alexander Kanavin <alex.kanavin@gmail.com> | 2023-09-06 18:56:19 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-09-07 14:36:30 +0100 |
commit | dee8fc6a9757752ea58466a8ec5eaf25275928dc (patch) | |
tree | 712bee9bdeb9b2e56c8487f8981c6a94ce67cca1 /meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch | |
parent | 84ba56a144b296e7e8e2f9c7e5c972a57d7d2002 (diff) | |
download | poky-dee8fc6a9757752ea58466a8ec5eaf25275928dc.tar.gz |
connman: update 1.41 -> 1.42
Drop backports. 0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
is partially dropped, as upstream hasn't included the newly added header
into the tarball (issue addressed after the release).
(From OE-Core rev: eeb686876dc560b5f0fab6f37a2def3d78bb55db)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch')
-rw-r--r-- | meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch deleted file mode 100644 index 182c5ca29c..0000000000 --- a/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001 | ||
2 | From: Nathan Crandall <ncrandall@tesla.com> | ||
3 | Date: Tue, 12 Jul 2022 08:56:34 +0200 | ||
4 | Subject: gweb: Fix OOB write in received_data() | ||
5 | |||
6 | There is a mismatch of handling binary vs. C-string data with memchr | ||
7 | and strlen, resulting in pos, count, and bytes_read to become out of | ||
8 | sync and result in a heap overflow. Instead, do not treat the buffer | ||
9 | as an ASCII C-string. We calculate the count based on the return value | ||
10 | of memchr, instead of strlen. | ||
11 | |||
12 | Fixes: CVE-2022-32292 | ||
13 | |||
14 | CVE: CVE-2022-32292 | ||
15 | |||
16 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd] | ||
17 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
18 | --- | ||
19 | gweb/gweb.c | 2 +- | ||
20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/gweb/gweb.c b/gweb/gweb.c | ||
23 | index 12fcb1d8..13c6c5f2 100644 | ||
24 | --- a/gweb/gweb.c | ||
25 | +++ b/gweb/gweb.c | ||
26 | @@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond, | ||
27 | } | ||
28 | |||
29 | *pos = '\0'; | ||
30 | - count = strlen((char *) ptr); | ||
31 | + count = pos - ptr; | ||
32 | if (count > 0 && ptr[count - 1] == '\r') { | ||
33 | ptr[--count] = '\0'; | ||
34 | bytes_read--; | ||
35 | -- | ||
36 | cgit | ||
37 | |||