diff options
author | Armin Kuster <akuster808@gmail.com> | 2019-05-30 09:46:57 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-27 18:05:18 +0100 |
commit | 14d23c29a2d6a9944233983d64109037077db49e (patch) | |
tree | 71b4519ec2bb76ef81b0a1e2d8f97b932aab2c6a /meta/recipes-core/busybox/busybox/CVE-2019-5747.patch | |
parent | 016a0b830e65cdd71830ddf12fec8ca795b0f264 (diff) | |
download | poky-14d23c29a2d6a9944233983d64109037077db49e.tar.gz |
busybox: Security fixes for CVE-2018-20679 CVE-2019-5747
Source: busybox.git
MR: 97332
Type: Security Fix
Disposition: Backport from busybox.git
ChangeID: ec203c79e7322de1ed5721d08b6f59b1eca67c7d
Description:
Affects < 1.30.0
Fixes:
CVE-2018-20679
CVE-2019-5747
(From OE-Core rev: 7db146abad6d2bbb7d7a549e7091412e0e494db2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/busybox/busybox/CVE-2019-5747.patch')
-rw-r--r-- | meta/recipes-core/busybox/busybox/CVE-2019-5747.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch b/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch new file mode 100644 index 0000000000..4225b11e56 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch | |||
@@ -0,0 +1,60 @@ | |||
1 | From 74d9f1ba37010face4bd1449df4d60dd84450b06 Mon Sep 17 00:00:00 2001 | ||
2 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
3 | Date: Mon, 7 Jan 2019 15:33:42 +0100 | ||
4 | Subject: [PATCH] udhcpc: when decoding DHCP_SUBNET, ensure it is 4 bytes long | ||
5 | |||
6 | function old new delta | ||
7 | udhcp_run_script 795 801 +6 | ||
8 | |||
9 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | CVE: CVE-2019-5747 | ||
13 | Affects < 1.30.0 | ||
14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
15 | |||
16 | --- | ||
17 | networking/udhcp/common.c | 2 +- | ||
18 | networking/udhcp/common.h | 2 +- | ||
19 | networking/udhcp/dhcpc.c | 2 +- | ||
20 | 3 files changed, 3 insertions(+), 3 deletions(-) | ||
21 | |||
22 | Index: busybox-1.29.3/networking/udhcp/common.c | ||
23 | =================================================================== | ||
24 | --- busybox-1.29.3.orig/networking/udhcp/common.c | ||
25 | +++ busybox-1.29.3/networking/udhcp/common.c | ||
26 | @@ -300,7 +300,7 @@ uint8_t* FAST_FUNC udhcp_get_option32(st | ||
27 | { | ||
28 | uint8_t *r = udhcp_get_option(packet, code); | ||
29 | if (r) { | ||
30 | - if (r[-1] != 4) | ||
31 | + if (r[-OPT_DATA + OPT_LEN] != 4) | ||
32 | r = NULL; | ||
33 | } | ||
34 | return r; | ||
35 | Index: busybox-1.29.3/networking/udhcp/common.h | ||
36 | =================================================================== | ||
37 | --- busybox-1.29.3.orig/networking/udhcp/common.h | ||
38 | +++ busybox-1.29.3/networking/udhcp/common.h | ||
39 | @@ -119,7 +119,7 @@ enum { | ||
40 | //#define DHCP_TIME_SERVER 0x04 /* RFC 868 time server (32-bit, 0 = 1.1.1900) */ | ||
41 | //#define DHCP_NAME_SERVER 0x05 /* IEN 116 _really_ ancient kind of NS */ | ||
42 | //#define DHCP_DNS_SERVER 0x06 | ||
43 | -//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog) | ||
44 | +//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog) */ | ||
45 | //#define DHCP_COOKIE_SERVER 0x08 /* "quote of the day" server */ | ||
46 | //#define DHCP_LPR_SERVER 0x09 | ||
47 | #define DHCP_HOST_NAME 0x0c /* either client informs server or server gives name to client */ | ||
48 | Index: busybox-1.29.3/networking/udhcp/dhcpc.c | ||
49 | =================================================================== | ||
50 | --- busybox-1.29.3.orig/networking/udhcp/dhcpc.c | ||
51 | +++ busybox-1.29.3/networking/udhcp/dhcpc.c | ||
52 | @@ -526,7 +526,7 @@ static char **fill_envp(struct dhcp_pack | ||
53 | temp = udhcp_get_option(packet, code); | ||
54 | *curr = xmalloc_optname_optval(temp, &dhcp_optflags[i], opt_name); | ||
55 | putenv(*curr++); | ||
56 | - if (code == DHCP_SUBNET) { | ||
57 | + if (code == DHCP_SUBNET && temp[-OPT_DATA + OPT_LEN] == 4) { | ||
58 | /* Subnet option: make things like "$ip/$mask" possible */ | ||
59 | uint32_t subnet; | ||
60 | move_from_unaligned32(subnet, temp); | ||