inetutils: Fix abort on invalid files

When the code is compiled with "-fstack-protector-strong -D_FORTIFY_SOURCE=2", everytime ftpfd is asked for a non existent file, it crashes with the following error: *** buffer overflow detected ***: Aborted This seems to be a bug/feature of gcc. A bug has been open on their bugzilla, and also inetutils have been posted with the proposed patch. Without this patch, pxelinux fails to boot because it keeps asking the server for the pxelinux.cfg/00-01-02-03-04 and never jumps to /default. (From OE-Core rev: 0c3a1251a8aec86f3e877130f926a928e5ca2030) Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ricardo Ribalda Delgado <ricardo@ribalda.com> 2019-08-07 09:17:44 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-08-08 10:19:56 +0100
commit: 5f1bfba262fdb8514c3c2b50c75ab68343a1361b (patch)
tree: d96129598c9fb3eb76af01e7c9d07dc7cf99ed14 /meta/recipes-connectivity
parent: 54c7db01057343993e85058b47e696938fb3d613 (diff)
download: poky-5f1bfba262fdb8514c3c2b50c75ab68343a1361b.tar.gz
2 files changed, 26 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
new file mode 100644
index 0000000000..a91913cb51
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
@@ -0,0 +1,25 @@
+tftpd: Fix abort on error path
+When trying to fetch a non existent file, the app crashes with:
+*** buffer overflow detected ***: 
+Aborted
+Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205]
+Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
+diff --git a/src/tftpd.c b/src/tftpd.c
+index 56002a0..144012f 100644
+--- a/src/tftpd.c
+++ b/src/tftpd.c
+@@ -864,9 +864,8 @@ nak (int error)
+       pe->e_msg = strerror (error - 100);
+       tp->th_code = EUNDEF;    /* set 'undef' errorcode */
+     }
+-  strcpy (tp->th_msg, pe->e_msg);
+   length = strlen (pe->e_msg);
+-  tp->th_msg[length] = '\0';
+  memcpy(tp->th_msg, pe->e_msg, length + 1);
+   length += 5;
+   if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length)
+     syslog (LOG_ERR, "nak: %m\n");
diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
index ac2e017d8b..684fbe09e1 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
           file://inetutils-1.9-PATH_PROCNET_DEV.patch \
           file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
           file://0001-rcp-fix-to-work-with-large-files.patch \
+           file://fix-buffer-fortify-tfpt.patch \
 "
 SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"
author	Ricardo Ribalda Delgado <ricardo@ribalda.com>	2019-08-07 09:17:44 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-08-08 10:19:56 +0100
commit	5f1bfba262fdb8514c3c2b50c75ab68343a1361b (patch)
tree	d96129598c9fb3eb76af01e7c9d07dc7cf99ed14 /meta/recipes-connectivity
parent	54c7db01057343993e85058b47e696938fb3d613 (diff)
download	poky-5f1bfba262fdb8514c3c2b50c75ab68343a1361b.tar.gz

diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch new file mode 100644 index 0000000000..a91913cb51 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
@@ -0,0 +1,25 @@
		1	tftpd: Fix abort on error path
		2
		3	When trying to fetch a non existent file, the app crashes with:
		4
		5	* buffer overflow detected *:
		6	Aborted
		7
		8
		9	Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205]
		10	Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
		11	diff --git a/src/tftpd.c b/src/tftpd.c
		12	index 56002a0..144012f 100644
		13	--- a/src/tftpd.c
		14	+++ b/src/tftpd.c
		15	@@ -864,9 +864,8 @@ nak (int error)
		16	pe->e_msg = strerror (error - 100);
		17	tp->th_code = EUNDEF; /* set 'undef' errorcode */
		18	}
		19	- strcpy (tp->th_msg, pe->e_msg);
		20	length = strlen (pe->e_msg);
		21	- tp->th_msg[length] = '\0';
		22	+ memcpy(tp->th_msg, pe->e_msg, length + 1);
		23	length += 5;
		24	if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length)
		25	syslog (LOG_ERR, "nak: %m\n");


diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb index ac2e017d8b..684fbe09e1 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
22	file://inetutils-1.9-PATH_PROCNET_DEV.patch \	22	file://inetutils-1.9-PATH_PROCNET_DEV.patch \
23	file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \	23	file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
24	file://0001-rcp-fix-to-work-with-large-files.patch \	24	file://0001-rcp-fix-to-work-with-large-files.patch \
		25	file://fix-buffer-fortify-tfpt.patch \
25	"	26	"
26		27
27	SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"	28	SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"