uclibc: Security fix CVE-2016-2225

CVE-2016-2225 Make sure to always terminate decoded string This change is being provide to comply to Yocto compatiblility. (From OE-Core rev: 093d76f3f4a385aae46304bd572ce1545c6bcf33) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-02-10 15:46:01 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-21 09:37:33 +0000
commit: dc5f155e159b1186cccc022f402a6af75e322916 (patch)
tree: 0dc22d5af69dcad10bfb79b2e6c7198ed0de1c29 /meta
parent: ef135112fde82f653e83f8f1ef473c38fda7119a (diff)
download: poky-dc5f155e159b1186cccc022f402a6af75e322916.tar.gz
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-core/uclibc/uclibc-git.inc b/meta/recipes-core/uclibc/uclibc-git.inc
index d3fb2a8a8e..b7184794d1 100644
--- a/meta/recipes-core/uclibc/uclibc-git.inc
+++ b/meta/recipes-core/uclibc/uclibc-git.inc
@@ -20,5 +20,6 @@ SRC_URI = "git://uclibc.org/uClibc.git;branch=master \
        file://0001-fcntl-Add-AT_EMPTY_PATH-for-all-and-O_PATH-for-arm.patch \
        file://0001-wire-in-syncfs.patch \
        file://CVE-2016-2224.patch \
+        file://CVE-2016-2225.patch \
 "
 S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2225.patch b/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2225.patch
new file mode 100644
index 0000000000..0217e4bf55
--- /dev/null
+++ b/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2225.patch
@@ -0,0 +1,32 @@
+From bb01edff0377f2585ce304ecbadcb7b6cde372ac Mon Sep 17 00:00:00 2001
+From: Waldemar Brodkorb <wbx@openadk.org>
+Date: Mon, 25 Jan 2016 21:11:34 +0100
+Subject: [PATCH] Make sure to always terminate decoded string
+Write a terminating '\0' to dest when the first byte of the encoded data
+is 0. This corner case was previously missed.
+Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se>
+Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
+Upstream-Status: Backport
+http://repo.or.cz/uclibc-ng.git/commit/bb01edff0377f2585ce304ecbadcb7b6cde372ac
+CVE: CVE-2016-2225
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ libc/inet/resolv.c | 1 +
+ 1 file changed, 1 insertion(+)
+Index: git/libc/inet/resolv.c
+===================================================================
+--- git.orig/libc/inet/resolv.c
+++ git/libc/inet/resolv.c
+@@ -671,6 +671,7 @@ int __decode_dotted(const unsigned char
+        if (!packet)
+                return -1;
+ 
+       dest[0] = '\0';
+        while (--maxiter) {
+                if (offset >= packet_len)
+                        return -1;
author	Armin Kuster <akuster@mvista.com>	2016-02-10 15:46:01 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-21 09:37:33 +0000
commit	dc5f155e159b1186cccc022f402a6af75e322916 (patch)
tree	0dc22d5af69dcad10bfb79b2e6c7198ed0de1c29 /meta
parent	ef135112fde82f653e83f8f1ef473c38fda7119a (diff)
download	poky-dc5f155e159b1186cccc022f402a6af75e322916.tar.gz

diff --git a/meta/recipes-core/uclibc/uclibc-git.inc b/meta/recipes-core/uclibc/uclibc-git.inc index d3fb2a8a8e..b7184794d1 100644 --- a/meta/recipes-core/uclibc/uclibc-git.inc +++ b/meta/recipes-core/uclibc/uclibc-git.inc
@@ -20,5 +20,6 @@ SRC_URI = "git://uclibc.org/uClibc.git;branch=master \
20	file://0001-fcntl-Add-AT_EMPTY_PATH-for-all-and-O_PATH-for-arm.patch \	20	file://0001-fcntl-Add-AT_EMPTY_PATH-for-all-and-O_PATH-for-arm.patch \
21	file://0001-wire-in-syncfs.patch \	21	file://0001-wire-in-syncfs.patch \
22	file://CVE-2016-2224.patch \	22	file://CVE-2016-2224.patch \
		23	file://CVE-2016-2225.patch \
23	"	24	"
24	S = "${WORKDIR}/git"	25	S = "${WORKDIR}/git"


diff --git a/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2225.patch b/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2225.patch new file mode 100644 index 0000000000..0217e4bf55 --- /dev/null +++ b/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2225.patch
@@ -0,0 +1,32 @@
		1	From bb01edff0377f2585ce304ecbadcb7b6cde372ac Mon Sep 17 00:00:00 2001
		2	From: Waldemar Brodkorb <wbx@openadk.org>
		3	Date: Mon, 25 Jan 2016 21:11:34 +0100
		4	Subject: [PATCH] Make sure to always terminate decoded string
		5
		6	Write a terminating '\0' to dest when the first byte of the encoded data
		7	is 0. This corner case was previously missed.
		8
		9	Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se>
		10	Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
		11
		12	Upstream-Status: Backport
		13	http://repo.or.cz/uclibc-ng.git/commit/bb01edff0377f2585ce304ecbadcb7b6cde372ac
		14	CVE: CVE-2016-2225
		15	Signed-off-by: Armin Kuster <akuster@mvista.com>
		16
		17	---
		18	libc/inet/resolv.c \| 1 +
		19	1 file changed, 1 insertion(+)
		20
		21	Index: git/libc/inet/resolv.c
		22	===================================================================
		23	--- git.orig/libc/inet/resolv.c
		24	+++ git/libc/inet/resolv.c
		25	@@ -671,6 +671,7 @@ int __decode_dotted(const unsigned char
		26	if (!packet)
		27	return -1;
		28
		29	+ dest[0] = '\0';
		30	while (--maxiter) {
		31	if (offset >= packet_len)
		32	return -1;