diff options
author | Changqing Li <changqing.li@windriver.com> | 2018-08-27 10:17:30 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-10 12:13:06 +0100 |
commit | 2636881461c9eeb93ecd3c1ff8aa6d25d2d0a31f (patch) | |
tree | 0cb0c4bf0f10bbdef047605194d0ce91a2899bcf /meta/recipes-graphics/xorg-lib/libice | |
parent | f7d1b79cc1d41d24a620417a455c026e8e26224e (diff) | |
download | poky-2636881461c9eeb93ecd3c1ff8aa6d25d2d0a31f.tar.gz |
libice: patch for CVE-2017-2626
(From OE-Core rev: 890093056ccff294364cc768bd797cb54fcbcee3)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics/xorg-lib/libice')
-rw-r--r-- | meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch new file mode 100644 index 0000000000..20c6dda2e4 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libice/CVE-2017-2626.patch | |||
@@ -0,0 +1,149 @@ | |||
1 | From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001 | ||
2 | From: Benjamin Tissoires <benjamin.tissoires@gmail.com> | ||
3 | Date: Tue, 4 Apr 2017 19:12:53 +0200 | ||
4 | Subject: Use getentropy() if arc4random_buf() is not available | ||
5 | |||
6 | This allows to fix CVE-2017-2626 on Linux platforms without pulling in | ||
7 | libbsd. | ||
8 | The libc getentropy() is available since glibc 2.25 but also on OpenBSD. | ||
9 | For Linux, we need at least a v3.17 kernel. If the recommended | ||
10 | arc4random_buf() function is not available, emulate it by first trying | ||
11 | to use getentropy() on a supported glibc and kernel. If the call fails, | ||
12 | fall back to the current (partly vulnerable) code. | ||
13 | |||
14 | Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> | ||
15 | Reviewed-by: Mark Kettenis <kettenis@openbsd.org> | ||
16 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> | ||
17 | Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> | ||
18 | |||
19 | Upstream-Status: Backport[https://cgit.freedesktop.org/xorg/lib/libICE | ||
20 | /commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b] | ||
21 | |||
22 | CVE: CVE-2017-2626 | ||
23 | |||
24 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
25 | --- | ||
26 | configure.ac | 2 +- | ||
27 | src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++----------------- | ||
28 | 2 files changed, 47 insertions(+), 20 deletions(-) | ||
29 | |||
30 | diff --git a/configure.ac b/configure.ac | ||
31 | index 458882a..c971ab6 100644 | ||
32 | --- a/configure.ac | ||
33 | +++ b/configure.ac | ||
34 | @@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type]) | ||
35 | |||
36 | # Checks for library functions. | ||
37 | AC_CHECK_LIB([bsd], [arc4random_buf]) | ||
38 | -AC_CHECK_FUNCS([asprintf arc4random_buf]) | ||
39 | +AC_CHECK_FUNCS([asprintf arc4random_buf getentropy]) | ||
40 | |||
41 | # Allow checking code with lint, sparse, etc. | ||
42 | XORG_WITH_LINT | ||
43 | diff --git a/src/iceauth.c b/src/iceauth.c | ||
44 | index ed31683..de4785b 100644 | ||
45 | --- a/src/iceauth.c | ||
46 | +++ b/src/iceauth.c | ||
47 | @@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium | ||
48 | |||
49 | static int was_called_state; | ||
50 | |||
51 | -/* | ||
52 | - * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by | ||
53 | - * the SI. It is not part of standard ICElib. | ||
54 | - */ | ||
55 | +#ifndef HAVE_ARC4RANDOM_BUF | ||
56 | |||
57 | - | ||
58 | -char * | ||
59 | -IceGenerateMagicCookie ( | ||
60 | +static void | ||
61 | +emulate_getrandom_buf ( | ||
62 | + char *auth, | ||
63 | int len | ||
64 | ) | ||
65 | { | ||
66 | - char *auth; | ||
67 | -#ifndef HAVE_ARC4RANDOM_BUF | ||
68 | long ldata[2]; | ||
69 | int seed; | ||
70 | int value; | ||
71 | int i; | ||
72 | -#endif | ||
73 | |||
74 | - if ((auth = malloc (len + 1)) == NULL) | ||
75 | - return (NULL); | ||
76 | - | ||
77 | -#ifdef HAVE_ARC4RANDOM_BUF | ||
78 | - arc4random_buf(auth, len); | ||
79 | -#else | ||
80 | #ifdef ITIMER_REAL | ||
81 | { | ||
82 | struct timeval now; | ||
83 | @@ -76,13 +64,13 @@ IceGenerateMagicCookie ( | ||
84 | ldata[0] = now.tv_sec; | ||
85 | ldata[1] = now.tv_usec; | ||
86 | } | ||
87 | -#else | ||
88 | +#else /* ITIMER_REAL */ | ||
89 | { | ||
90 | long time (); | ||
91 | ldata[0] = time ((long *) 0); | ||
92 | ldata[1] = getpid (); | ||
93 | } | ||
94 | -#endif | ||
95 | +#endif /* ITIMER_REAL */ | ||
96 | seed = (ldata[0]) + (ldata[1] << 16); | ||
97 | srand (seed); | ||
98 | for (i = 0; i < len; i++) | ||
99 | @@ -90,7 +78,46 @@ IceGenerateMagicCookie ( | ||
100 | value = rand (); | ||
101 | auth[i] = value & 0xff; | ||
102 | } | ||
103 | -#endif | ||
104 | +} | ||
105 | + | ||
106 | +static void | ||
107 | +arc4random_buf ( | ||
108 | + char *auth, | ||
109 | + int len | ||
110 | +) | ||
111 | +{ | ||
112 | + int ret; | ||
113 | + | ||
114 | +#if HAVE_GETENTROPY | ||
115 | + /* weak emulation of arc4random through the entropy libc */ | ||
116 | + ret = getentropy (auth, len); | ||
117 | + if (ret == 0) | ||
118 | + return; | ||
119 | +#endif /* HAVE_GETENTROPY */ | ||
120 | + | ||
121 | + emulate_getrandom_buf (auth, len); | ||
122 | +} | ||
123 | + | ||
124 | +#endif /* !defined(HAVE_ARC4RANDOM_BUF) */ | ||
125 | + | ||
126 | +/* | ||
127 | + * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by | ||
128 | + * the SI. It is not part of standard ICElib. | ||
129 | + */ | ||
130 | + | ||
131 | + | ||
132 | +char * | ||
133 | +IceGenerateMagicCookie ( | ||
134 | + int len | ||
135 | +) | ||
136 | +{ | ||
137 | + char *auth; | ||
138 | + | ||
139 | + if ((auth = malloc (len + 1)) == NULL) | ||
140 | + return (NULL); | ||
141 | + | ||
142 | + arc4random_buf (auth, len); | ||
143 | + | ||
144 | auth[len] = '\0'; | ||
145 | return (auth); | ||
146 | } | ||
147 | -- | ||
148 | cgit v1.1 | ||
149 | |||