diff options
Diffstat (limited to 'meta/recipes-core/busybox/busybox/CVE-2019-5747.patch')
-rw-r--r-- | meta/recipes-core/busybox/busybox/CVE-2019-5747.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch b/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch new file mode 100644 index 0000000000..4225b11e56 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch | |||
@@ -0,0 +1,60 @@ | |||
1 | From 74d9f1ba37010face4bd1449df4d60dd84450b06 Mon Sep 17 00:00:00 2001 | ||
2 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
3 | Date: Mon, 7 Jan 2019 15:33:42 +0100 | ||
4 | Subject: [PATCH] udhcpc: when decoding DHCP_SUBNET, ensure it is 4 bytes long | ||
5 | |||
6 | function old new delta | ||
7 | udhcp_run_script 795 801 +6 | ||
8 | |||
9 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | CVE: CVE-2019-5747 | ||
13 | Affects < 1.30.0 | ||
14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
15 | |||
16 | --- | ||
17 | networking/udhcp/common.c | 2 +- | ||
18 | networking/udhcp/common.h | 2 +- | ||
19 | networking/udhcp/dhcpc.c | 2 +- | ||
20 | 3 files changed, 3 insertions(+), 3 deletions(-) | ||
21 | |||
22 | Index: busybox-1.29.3/networking/udhcp/common.c | ||
23 | =================================================================== | ||
24 | --- busybox-1.29.3.orig/networking/udhcp/common.c | ||
25 | +++ busybox-1.29.3/networking/udhcp/common.c | ||
26 | @@ -300,7 +300,7 @@ uint8_t* FAST_FUNC udhcp_get_option32(st | ||
27 | { | ||
28 | uint8_t *r = udhcp_get_option(packet, code); | ||
29 | if (r) { | ||
30 | - if (r[-1] != 4) | ||
31 | + if (r[-OPT_DATA + OPT_LEN] != 4) | ||
32 | r = NULL; | ||
33 | } | ||
34 | return r; | ||
35 | Index: busybox-1.29.3/networking/udhcp/common.h | ||
36 | =================================================================== | ||
37 | --- busybox-1.29.3.orig/networking/udhcp/common.h | ||
38 | +++ busybox-1.29.3/networking/udhcp/common.h | ||
39 | @@ -119,7 +119,7 @@ enum { | ||
40 | //#define DHCP_TIME_SERVER 0x04 /* RFC 868 time server (32-bit, 0 = 1.1.1900) */ | ||
41 | //#define DHCP_NAME_SERVER 0x05 /* IEN 116 _really_ ancient kind of NS */ | ||
42 | //#define DHCP_DNS_SERVER 0x06 | ||
43 | -//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog) | ||
44 | +//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog) */ | ||
45 | //#define DHCP_COOKIE_SERVER 0x08 /* "quote of the day" server */ | ||
46 | //#define DHCP_LPR_SERVER 0x09 | ||
47 | #define DHCP_HOST_NAME 0x0c /* either client informs server or server gives name to client */ | ||
48 | Index: busybox-1.29.3/networking/udhcp/dhcpc.c | ||
49 | =================================================================== | ||
50 | --- busybox-1.29.3.orig/networking/udhcp/dhcpc.c | ||
51 | +++ busybox-1.29.3/networking/udhcp/dhcpc.c | ||
52 | @@ -526,7 +526,7 @@ static char **fill_envp(struct dhcp_pack | ||
53 | temp = udhcp_get_option(packet, code); | ||
54 | *curr = xmalloc_optname_optval(temp, &dhcp_optflags[i], opt_name); | ||
55 | putenv(*curr++); | ||
56 | - if (code == DHCP_SUBNET) { | ||
57 | + if (code == DHCP_SUBNET && temp[-OPT_DATA + OPT_LEN] == 4) { | ||
58 | /* Subnet option: make things like "$ip/$mask" possible */ | ||
59 | uint32_t subnet; | ||
60 | move_from_unaligned32(subnet, temp); | ||