dhcpcd: fix buffer overflow

Backport a patch to fix buffer overflow for strlcpy: $ dhcpcd enp0s3 dhcpcd-10.0.2 starting *** buffer overflow detected ***: terminated dhcpcd_fork_cb: truncated read 0 (expected 4) (From OE-Core rev: d0bd1c823c10af9a0ef7e5ce05b770c1d8bb247c) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Yi Zhao <yi.zhao@eng.windriver.com> 2023-08-29 19:06:35 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-08-30 09:56:13 +0100
commit: c9843dfd1c3b4659769e23c1703c82a89562c6e1 (patch)
tree: cd664c9222d0773e6fbc8d54f52dd697b56bfc02 /meta/recipes-connectivity/dhcpcd
parent: eeea001e9b6fb57ea9ced973168d9ed7165b3cb3 (diff)
download: poky-c9843dfd1c3b4659769e23c1703c82a89562c6e1.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb
index 9dccc93713..0966edd1b8 100644
--- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb
@@ -15,6 +15,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma
           file://dhcpcd.service \
           file://dhcpcd@.service \
           file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
+           file://0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch \
           "
 SRCREV = "d2fbde99cf2d0072016af9dfe6a77032a5a9fc30"
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch
new file mode 100644
index 0000000000..d4fb1737a6
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch
@@ -0,0 +1,33 @@
+From 1bd8fc7d4b34f752a32709d277a897e5ad202d97 Mon Sep 17 00:00:00 2001
+From: Tobias Heider <tobhe@users.noreply.github.com>
+Date: Tue, 15 Aug 2023 18:06:48 +0200
+Subject: [PATCH] privsep: fix strlcpy overflow in psp_ifname (#239)
+When running our Ubuntu tests with libc6 and strlcpy overflow checks
+enabled we found that the wrong size is passed to strlcpy resulting
+in a crash because of an overflow.
+Upstream-Status: Backport
+[https://github.com/NetworkConfiguration/dhcpcd/commit/1bd8fc7d4b34f752a32709d277a897e5ad202d97]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/privsep.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/privsep.c b/src/privsep.c
+index b11c0351..cfe54742 100644
+--- a/src/privsep.c
+++ b/src/privsep.c
+@@ -1200,7 +1200,7 @@ ps_newprocess(struct dhcpcd_ctx *ctx, struct ps_id *psid)
+ #endif
+ 
+        if (!(ctx->options & DHCPCD_MANAGER))
+-               strlcpy(psp->psp_ifname, ctx->ifv[0], sizeof(psp->psp_name));
+               strlcpy(psp->psp_ifname, ctx->ifv[0], sizeof(psp->psp_ifname));
+        TAILQ_INSERT_TAIL(&ctx->ps_processes, psp, next);
+        return psp;
+ }
+-- 
+2.25.1
author	Yi Zhao <yi.zhao@eng.windriver.com>	2023-08-29 19:06:35 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-08-30 09:56:13 +0100
commit	c9843dfd1c3b4659769e23c1703c82a89562c6e1 (patch)
tree	cd664c9222d0773e6fbc8d54f52dd697b56bfc02 /meta/recipes-connectivity/dhcpcd
parent	eeea001e9b6fb57ea9ced973168d9ed7165b3cb3 (diff)
download	poky-c9843dfd1c3b4659769e23c1703c82a89562c6e1.tar.gz

diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb index 9dccc93713..0966edd1b8 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb
@@ -15,6 +15,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma
15	file://dhcpcd.service \	15	file://dhcpcd.service \
16	file://dhcpcd@.service \	16	file://dhcpcd@.service \
17	file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \	17	file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
		18	file://0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch \
18	"	19	"
19		20
20	SRCREV = "d2fbde99cf2d0072016af9dfe6a77032a5a9fc30"	21	SRCREV = "d2fbde99cf2d0072016af9dfe6a77032a5a9fc30"


diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch new file mode 100644 index 0000000000..d4fb1737a6 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch
@@ -0,0 +1,33 @@
		1	From 1bd8fc7d4b34f752a32709d277a897e5ad202d97 Mon Sep 17 00:00:00 2001
		2	From: Tobias Heider <tobhe@users.noreply.github.com>
		3	Date: Tue, 15 Aug 2023 18:06:48 +0200
		4	Subject: [PATCH] privsep: fix strlcpy overflow in psp_ifname (#239)
		5
		6	When running our Ubuntu tests with libc6 and strlcpy overflow checks
		7	enabled we found that the wrong size is passed to strlcpy resulting
		8	in a crash because of an overflow.
		9
		10	Upstream-Status: Backport
		11	[https://github.com/NetworkConfiguration/dhcpcd/commit/1bd8fc7d4b34f752a32709d277a897e5ad202d97]
		12
		13	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		14	---
		15	src/privsep.c \| 2 +-
		16	1 file changed, 1 insertion(+), 1 deletion(-)
		17
		18	diff --git a/src/privsep.c b/src/privsep.c
		19	index b11c0351..cfe54742 100644
		20	--- a/src/privsep.c
		21	+++ b/src/privsep.c
		22	@@ -1200,7 +1200,7 @@ ps_newprocess(struct dhcpcd_ctx ctx, struct ps_id psid)
		23	#endif
		24
		25	if (!(ctx->options & DHCPCD_MANAGER))
		26	- strlcpy(psp->psp_ifname, ctx->ifv[0], sizeof(psp->psp_name));
		27	+ strlcpy(psp->psp_ifname, ctx->ifv[0], sizeof(psp->psp_ifname));
		28	TAILQ_INSERT_TAIL(&ctx->ps_processes, psp, next);
		29	return psp;
		30	}
		31	--
		32	2.25.1
		33