summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2015-01-27 17:19:28 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-02-11 17:40:10 +0000
commit15ff8423dcca127906c0100945ec556c41f46abe (patch)
treeed671654cd070ccd60dc61261f2cd112147a13a9 /meta/recipes-core
parent83767cbe903e230ac687b835cb1e5cb6377797e9 (diff)
downloadpoky-15ff8423dcca127906c0100945ec556c41f46abe.tar.gz
busybox: cve-2014-9645
modprobe,rmmod: reject module names with slashes (From OE-Core rev: 815a7b6fbf3b0cf95f5464bca687d97366d7ed6a) (From OE-Core rev: 698ef44edcff82457e29baef1dd364d1fecf892b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch41
-rw-r--r--meta/recipes-core/busybox/busybox_1.22.1.bb1
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
new file mode 100644
index 0000000000..4e76067b3c
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
@@ -0,0 +1,41 @@
1Upstream-status: Backport
2http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b
3
4CVE-2014-9645 fix.
5
6[YOCTO #7257]
7
8Signed-off-by: Armin Kuster <akuster@mvista.com>
9
10From 4e314faa0aecb66717418e9a47a4451aec59262b Mon Sep 17 00:00:00 2001
11From: Denys Vlasenko <vda.linux@googlemail.com>
12Date: Thu, 20 Nov 2014 17:24:33 +0000
13Subject: modprobe,rmmod: reject module names with slashes
14
15function old new delta
16add_probe 86 113 +27
17
18Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
19---
20Index: busybox-1.22.1/modutils/modprobe.c
21===================================================================
22--- busybox-1.22.1.orig/modutils/modprobe.c
23+++ busybox-1.22.1/modutils/modprobe.c
24@@ -238,6 +238,17 @@ static void add_probe(const char *name)
25 {
26 struct module_entry *m;
27
28+ /*
29+ * get_or_add_modentry() strips path from name and works
30+ * on remaining basename.
31+ * This would make "rmmod dir/name" and "modprobe dir/name"
32+ * to work like "rmmod name" and "modprobe name",
33+ * which is wrong, and can be abused via implicit modprobing:
34+ * "ifconfig /usbserial up" tries to modprobe netdev-/usbserial.
35+ */
36+ if (strchr(name, '/'))
37+ bb_error_msg_and_die("malformed module name '%s'", name);
38+
39 m = get_or_add_modentry(name);
40 if (!(option_mask32 & (OPT_REMOVE | OPT_SHOW_DEPS))
41 && (m->flags & MODULE_FLAG_LOADED)
diff --git a/meta/recipes-core/busybox/busybox_1.22.1.bb b/meta/recipes-core/busybox/busybox_1.22.1.bb
index 8879e52962..77365201b5 100644
--- a/meta/recipes-core/busybox/busybox_1.22.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.22.1.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
32 file://0001-build-system-Specify-nostldlib-when-linking-to-.o-fi.patch \ 32 file://0001-build-system-Specify-nostldlib-when-linking-to-.o-fi.patch \
33 file://recognize_connmand.patch \ 33 file://recognize_connmand.patch \
34 file://busybox-cross-menuconfig.patch \ 34 file://busybox-cross-menuconfig.patch \
35 file://CVE-2014-9645_busybox_reject_module_names_with_slashes.patch \
35" 36"
36 37
37SRC_URI[tarball.md5sum] = "337d1a15ab1cb1d4ed423168b1eb7d7e" 38SRC_URI[tarball.md5sum] = "337d1a15ab1cb1d4ed423168b1eb7d7e"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-04 15:57:12 +0000