diff options
Diffstat (limited to 'meta/recipes-connectivity/connman/connman')
-rw-r--r-- | meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch new file mode 100644 index 0000000000..74a739d6a2 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001 | ||
2 | From: Nathan Crandall <ncrandall@tesla.com> | ||
3 | Date: Tue, 12 Jul 2022 08:56:34 +0200 | ||
4 | Subject: gweb: Fix OOB write in received_data() | ||
5 | |||
6 | There is a mismatch of handling binary vs. C-string data with memchr | ||
7 | and strlen, resulting in pos, count, and bytes_read to become out of | ||
8 | sync and result in a heap overflow. Instead, do not treat the buffer | ||
9 | as an ASCII C-string. We calculate the count based on the return value | ||
10 | of memchr, instead of strlen. | ||
11 | |||
12 | Fixes: CVE-2022-32292 | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312b | ||
16 | CVE: CVE-2022-32292 | ||
17 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
18 | --- | ||
19 | gweb/gweb.c | 2 +- | ||
20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/gweb/gweb.c b/gweb/gweb.c | ||
23 | index 12fcb1d8..13c6c5f2 100644 | ||
24 | --- a/gweb/gweb.c | ||
25 | +++ b/gweb/gweb.c | ||
26 | @@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond, | ||
27 | } | ||
28 | |||
29 | *pos = '\0'; | ||
30 | - count = strlen((char *) ptr); | ||
31 | + count = pos - ptr; | ||
32 | if (count > 0 && ptr[count - 1] == '\r') { | ||
33 | ptr[--count] = '\0'; | ||
34 | bytes_read--; | ||
35 | -- | ||
36 | cgit | ||
37 | |||