diff options
author | Armin Kuster <akuster@mvista.com> | 2016-02-10 15:42:34 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-21 09:37:32 +0000 |
commit | ef135112fde82f653e83f8f1ef473c38fda7119a (patch) | |
tree | b8cfa3b7f979ff4932a10c3c08180c0b8b4f729d /meta/recipes-core/uclibc | |
parent | ae57ea03c6a41f2e3b61e0c157e32ca7df7b3c4b (diff) | |
download | poky-ef135112fde82f653e83f8f1ef473c38fda7119a.tar.gz |
uclibc: Security fix CVE-2016-2224
CVE-2016-2224 Do not follow compressed items forever.
This change is being provide to comply to Yocto compatiblity.
(From OE-Core rev: 4fe0654253d7444f2c445a30b06623cef036b2bb)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/uclibc')
-rw-r--r-- | meta/recipes-core/uclibc/uclibc-git.inc | 1 | ||||
-rw-r--r-- | meta/recipes-core/uclibc/uclibc-git/CVE-2016-2224.patch | 49 |
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-core/uclibc/uclibc-git.inc b/meta/recipes-core/uclibc/uclibc-git.inc index dcb616d0d2..d3fb2a8a8e 100644 --- a/meta/recipes-core/uclibc/uclibc-git.inc +++ b/meta/recipes-core/uclibc/uclibc-git.inc | |||
@@ -19,5 +19,6 @@ SRC_URI = "git://uclibc.org/uClibc.git;branch=master \ | |||
19 | file://0001-gcc5-optimizes-away-the-write-only-static-functions-.patch \ | 19 | file://0001-gcc5-optimizes-away-the-write-only-static-functions-.patch \ |
20 | file://0001-fcntl-Add-AT_EMPTY_PATH-for-all-and-O_PATH-for-arm.patch \ | 20 | file://0001-fcntl-Add-AT_EMPTY_PATH-for-all-and-O_PATH-for-arm.patch \ |
21 | file://0001-wire-in-syncfs.patch \ | 21 | file://0001-wire-in-syncfs.patch \ |
22 | file://CVE-2016-2224.patch \ | ||
22 | " | 23 | " |
23 | S = "${WORKDIR}/git" | 24 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2224.patch b/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2224.patch new file mode 100644 index 0000000000..218b60a85c --- /dev/null +++ b/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2224.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From 16719c1a7078421928e6d31dd1dec574825ef515 Mon Sep 17 00:00:00 2001 | ||
2 | From: Waldemar Brodkorb <wbx@openadk.org> | ||
3 | Date: Sun, 17 Jan 2016 15:47:22 +0100 | ||
4 | Subject: [PATCH] Do not follow compressed items forever. | ||
5 | |||
6 | It is possible to get stuck in an infinite loop when receiving a | ||
7 | specially crafted DNS reply. Exit the loop after a number of iteration | ||
8 | and consider the packet invalid. | ||
9 | |||
10 | Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se> | ||
11 | Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org> | ||
12 | |||
13 | Upstream-status: Backport | ||
14 | http://repo.or.cz/uclibc-ng.git/commit/16719c1a7078421928e6d31dd1dec574825ef515 | ||
15 | |||
16 | CVE: CVE-2016-2224 | ||
17 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
18 | |||
19 | --- | ||
20 | libc/inet/resolv.c | 5 ++++- | ||
21 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
22 | |||
23 | Index: git/libc/inet/resolv.c | ||
24 | =================================================================== | ||
25 | --- git.orig/libc/inet/resolv.c | ||
26 | +++ git/libc/inet/resolv.c | ||
27 | @@ -666,11 +666,12 @@ int __decode_dotted(const unsigned char | ||
28 | bool measure = 1; | ||
29 | unsigned total = 0; | ||
30 | unsigned used = 0; | ||
31 | + unsigned maxiter = 256; | ||
32 | |||
33 | if (!packet) | ||
34 | return -1; | ||
35 | |||
36 | - while (1) { | ||
37 | + while (--maxiter) { | ||
38 | if (offset >= packet_len) | ||
39 | return -1; | ||
40 | b = packet[offset++]; | ||
41 | @@ -707,6 +708,8 @@ int __decode_dotted(const unsigned char | ||
42 | else | ||
43 | dest[used++] = '\0'; | ||
44 | } | ||
45 | + if (!maxiter) | ||
46 | + return -1; | ||
47 | |||
48 | /* The null byte must be counted too */ | ||
49 | if (measure) | ||