diff options
author | Armin Kuster <akuster@mvista.com> | 2015-01-27 17:19:28 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-02-03 14:53:53 +0000 |
commit | 616696aaa6b321c3ad4ce7a2d4d5f8918091e198 (patch) | |
tree | d8fa7ccf4d1e443c90b889212512966cef6b346b /meta | |
parent | 88a966a6e23087cf7fee58b18113e962d24425be (diff) | |
download | poky-616696aaa6b321c3ad4ce7a2d4d5f8918091e198.tar.gz |
busybox: cve-2014-9645
modprobe,rmmod: reject module names with slashes
(From OE-Core rev: 815a7b6fbf3b0cf95f5464bca687d97366d7ed6a)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch | 41 | ||||
-rw-r--r-- | meta/recipes-core/busybox/busybox_1.22.1.bb | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch new file mode 100644 index 0000000000..4e76067b3c --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | Upstream-status: Backport | ||
2 | http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b | ||
3 | |||
4 | CVE-2014-9645 fix. | ||
5 | |||
6 | [YOCTO #7257] | ||
7 | |||
8 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
9 | |||
10 | From 4e314faa0aecb66717418e9a47a4451aec59262b Mon Sep 17 00:00:00 2001 | ||
11 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
12 | Date: Thu, 20 Nov 2014 17:24:33 +0000 | ||
13 | Subject: modprobe,rmmod: reject module names with slashes | ||
14 | |||
15 | function old new delta | ||
16 | add_probe 86 113 +27 | ||
17 | |||
18 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
19 | --- | ||
20 | Index: busybox-1.22.1/modutils/modprobe.c | ||
21 | =================================================================== | ||
22 | --- busybox-1.22.1.orig/modutils/modprobe.c | ||
23 | +++ busybox-1.22.1/modutils/modprobe.c | ||
24 | @@ -238,6 +238,17 @@ static void add_probe(const char *name) | ||
25 | { | ||
26 | struct module_entry *m; | ||
27 | |||
28 | + /* | ||
29 | + * get_or_add_modentry() strips path from name and works | ||
30 | + * on remaining basename. | ||
31 | + * This would make "rmmod dir/name" and "modprobe dir/name" | ||
32 | + * to work like "rmmod name" and "modprobe name", | ||
33 | + * which is wrong, and can be abused via implicit modprobing: | ||
34 | + * "ifconfig /usbserial up" tries to modprobe netdev-/usbserial. | ||
35 | + */ | ||
36 | + if (strchr(name, '/')) | ||
37 | + bb_error_msg_and_die("malformed module name '%s'", name); | ||
38 | + | ||
39 | m = get_or_add_modentry(name); | ||
40 | if (!(option_mask32 & (OPT_REMOVE | OPT_SHOW_DEPS)) | ||
41 | && (m->flags & MODULE_FLAG_LOADED) | ||
diff --git a/meta/recipes-core/busybox/busybox_1.22.1.bb b/meta/recipes-core/busybox/busybox_1.22.1.bb index dd61a2680c..a41879c23f 100644 --- a/meta/recipes-core/busybox/busybox_1.22.1.bb +++ b/meta/recipes-core/busybox/busybox_1.22.1.bb | |||
@@ -33,6 +33,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ | |||
33 | file://0001-build-system-Specify-nostldlib-when-linking-to-.o-fi.patch \ | 33 | file://0001-build-system-Specify-nostldlib-when-linking-to-.o-fi.patch \ |
34 | file://recognize_connmand.patch \ | 34 | file://recognize_connmand.patch \ |
35 | file://busybox-cross-menuconfig.patch \ | 35 | file://busybox-cross-menuconfig.patch \ |
36 | file://CVE-2014-9645_busybox_reject_module_names_with_slashes.patch \ | ||
36 | " | 37 | " |
37 | 38 | ||
38 | SRC_URI[tarball.md5sum] = "337d1a15ab1cb1d4ed423168b1eb7d7e" | 39 | SRC_URI[tarball.md5sum] = "337d1a15ab1cb1d4ed423168b1eb7d7e" |