diff options
Diffstat (limited to 'meta/recipes-core/dropbear/dropbear/CVE-2016-7408.patch')
-rw-r--r-- | meta/recipes-core/dropbear/dropbear/CVE-2016-7408.patch | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2016-7408.patch b/meta/recipes-core/dropbear/dropbear/CVE-2016-7408.patch new file mode 100644 index 0000000000..38ad8c3481 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2016-7408.patch | |||
@@ -0,0 +1,101 @@ | |||
1 | |||
2 | # HG changeset patch | ||
3 | # User Matt Johnston <matt@ucc.asn.au> | ||
4 | # Date 1468248038 -28800 | ||
5 | # Node ID eed9376a4ad68e3ae7f17d154dbf126ee66c54bc | ||
6 | # Parent 6a14b1f6dc04e70933c49ea335184e68c1deeb94 | ||
7 | improve algorithm list parsing | ||
8 | |||
9 | CVE: CVE-2016-7408 | ||
10 | Upstream-Status: Backport [backported from: | ||
11 | https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6] | ||
12 | |||
13 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
14 | |||
15 | diff -r 6a14b1f6dc04 -r eed9376a4ad6 common-algo.c | ||
16 | --- a/common-algo.c Mon Jul 11 21:51:25 2016 +0800 | ||
17 | +++ b/common-algo.c Mon Jul 11 22:40:38 2016 +0800 | ||
18 | @@ -531,21 +531,6 @@ | ||
19 | return NULL; | ||
20 | } | ||
21 | |||
22 | -static void | ||
23 | -try_add_algo(const char *algo_name, algo_type *algos, | ||
24 | - const char *algo_desc, algo_type * new_algos, int *num_ret) | ||
25 | -{ | ||
26 | - algo_type *match_algo = check_algo(algo_name, algos); | ||
27 | - if (!match_algo) | ||
28 | - { | ||
29 | - dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", algo_name, algo_desc); | ||
30 | - return; | ||
31 | - } | ||
32 | - | ||
33 | - new_algos[*num_ret] = *match_algo; | ||
34 | - (*num_ret)++; | ||
35 | -} | ||
36 | - | ||
37 | /* Checks a user provided comma-separated algorithm list for available | ||
38 | * options. Any that are not acceptable are removed in-place. Returns the | ||
39 | * number of valid algorithms. */ | ||
40 | @@ -553,30 +538,43 @@ | ||
41 | check_user_algos(const char* user_algo_list, algo_type * algos, | ||
42 | const char *algo_desc) | ||
43 | { | ||
44 | - algo_type new_algos[MAX_PROPOSED_ALGO]; | ||
45 | - /* this has two passes. first we sweep through the given list of | ||
46 | - * algorithms and mark them as usable=2 in the algo_type[] array... */ | ||
47 | - int num_ret = 0; | ||
48 | + algo_type new_algos[MAX_PROPOSED_ALGO+1]; | ||
49 | char *work_list = m_strdup(user_algo_list); | ||
50 | - char *last_name = work_list; | ||
51 | + char *start = work_list; | ||
52 | char *c; | ||
53 | - for (c = work_list; *c; c++) | ||
54 | + int n; | ||
55 | + /* So we can iterate and look for null terminator */ | ||
56 | + memset(new_algos, 0x0, sizeof(new_algos)); | ||
57 | + for (c = work_list, n = 0; ; c++) | ||
58 | { | ||
59 | - if (*c == ',') | ||
60 | - { | ||
61 | + char oc = *c; | ||
62 | + if (n >= MAX_PROPOSED_ALGO) { | ||
63 | + dropbear_exit("Too many algorithms '%s'", user_algo_list); | ||
64 | + } | ||
65 | + if (*c == ',' || *c == '\0') { | ||
66 | + algo_type *match_algo = NULL; | ||
67 | *c = '\0'; | ||
68 | - try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret); | ||
69 | + match_algo = check_algo(start, algos); | ||
70 | + if (match_algo) { | ||
71 | + if (check_algo(start, new_algos)) { | ||
72 | + TRACE(("Skip repeated algorithm '%s'", start)) | ||
73 | + } else { | ||
74 | + new_algos[n] = *match_algo; | ||
75 | + n++; | ||
76 | + } | ||
77 | + } else { | ||
78 | + dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", start, algo_desc); | ||
79 | + } | ||
80 | c++; | ||
81 | - last_name = c; | ||
82 | + start = c; | ||
83 | + } | ||
84 | + if (oc == '\0') { | ||
85 | + break; | ||
86 | } | ||
87 | } | ||
88 | - try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret); | ||
89 | m_free(work_list); | ||
90 | - | ||
91 | - new_algos[num_ret].name = NULL; | ||
92 | - | ||
93 | - /* Copy one more as a blank delimiter */ | ||
94 | - memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1)); | ||
95 | - return num_ret; | ||
96 | + /* n+1 to include a null terminator */ | ||
97 | + memcpy(algos, new_algos, sizeof(*new_algos) * (n+1)); | ||
98 | + return n; | ||
99 | } | ||
100 | #endif /* ENABLE_USER_ALGO_LIST */ | ||
101 | |||