diff options
Diffstat (limited to 'meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch')
-rw-r--r-- | meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch deleted file mode 100644 index c5a0be86f5..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch +++ /dev/null | |||
@@ -1,30 +0,0 @@ | |||
1 | ppp: Buffer overflow in radius plugin | ||
2 | |||
3 | From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450 | ||
4 | |||
5 | Upstream-Status: Backport | ||
6 | CVE: CVE-2015-3310 | ||
7 | |||
8 | On systems with more than 65535 processes running, pppd aborts when | ||
9 | sending a "start" accounting message to the RADIUS server because of a | ||
10 | buffer overflow in rc_mksid. | ||
11 | |||
12 | The process id is used in rc_mksid to generate a pseudo-unique string, | ||
13 | assuming that the hex representation of the pid will be at most 4 | ||
14 | characters (FFFF). __sprintf_chk(), used when compiling with | ||
15 | optimization levels greater than 0 and FORTIFY_SOURCE, detects the | ||
16 | buffer overflow and makes pppd crash. | ||
17 | |||
18 | The following patch fixes the problem. | ||
19 | |||
20 | --- ppp-2.4.6.orig/pppd/plugins/radius/util.c | ||
21 | +++ ppp-2.4.6/pppd/plugins/radius/util.c | ||
22 | @@ -77,7 +77,7 @@ rc_mksid (void) | ||
23 | static unsigned short int cnt = 0; | ||
24 | sprintf (buf, "%08lX%04X%02hX", | ||
25 | (unsigned long int) time (NULL), | ||
26 | - (unsigned int) getpid (), | ||
27 | + (unsigned int) getpid () % 65535, | ||
28 | cnt & 0xFF); | ||
29 | cnt++; | ||
30 | return buf; | ||