diff options
-rw-r--r-- | meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch | 25 | ||||
-rw-r--r-- | meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb | 1 |
2 files changed, 26 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch new file mode 100644 index 0000000000..a91913cb51 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch | |||
@@ -0,0 +1,25 @@ | |||
1 | tftpd: Fix abort on error path | ||
2 | |||
3 | When trying to fetch a non existent file, the app crashes with: | ||
4 | |||
5 | *** buffer overflow detected ***: | ||
6 | Aborted | ||
7 | |||
8 | |||
9 | Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205] | ||
10 | Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> | ||
11 | diff --git a/src/tftpd.c b/src/tftpd.c | ||
12 | index 56002a0..144012f 100644 | ||
13 | --- a/src/tftpd.c | ||
14 | +++ b/src/tftpd.c | ||
15 | @@ -864,9 +864,8 @@ nak (int error) | ||
16 | pe->e_msg = strerror (error - 100); | ||
17 | tp->th_code = EUNDEF; /* set 'undef' errorcode */ | ||
18 | } | ||
19 | - strcpy (tp->th_msg, pe->e_msg); | ||
20 | length = strlen (pe->e_msg); | ||
21 | - tp->th_msg[length] = '\0'; | ||
22 | + memcpy(tp->th_msg, pe->e_msg, length + 1); | ||
23 | length += 5; | ||
24 | if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length) | ||
25 | syslog (LOG_ERR, "nak: %m\n"); | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb index ac2e017d8b..684fbe09e1 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb | |||
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \ | |||
22 | file://inetutils-1.9-PATH_PROCNET_DEV.patch \ | 22 | file://inetutils-1.9-PATH_PROCNET_DEV.patch \ |
23 | file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ | 23 | file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ |
24 | file://0001-rcp-fix-to-work-with-large-files.patch \ | 24 | file://0001-rcp-fix-to-work-with-large-files.patch \ |
25 | file://fix-buffer-fortify-tfpt.patch \ | ||
25 | " | 26 | " |
26 | 27 | ||
27 | SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52" | 28 | SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52" |