1 files changed, 29 insertions, 0 deletions

diff --git a/meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch b/meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch
new file mode 100644
index 0000000000..c1b00c740e
--- /dev/null
+++ b/meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport [https://www.sudo.ws/repos/sudo/rev/09f98816fc89]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+CVE: CVE-2021-3156
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller@sudo.ws>
+# Date 1611416640 25200
+# Node ID 09f98816fc8978f1d8623a857073d2d5746f0379
+# Parent  049ad90590be1e5dfb7df2675d2eb3e37c96ab86
+Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL.
+We want to zero the struct starting at flags, not type (which was just set).
+Found by Qualys.
+
+diff -r 049ad90590be -r 09f98816fc89 plugins/sudoers/timestamp.c
+--- a/plugins/sudoers/timestamp.c       Sat Jan 23 08:43:59 2021 -0700
++++ b/plugins/sudoers/timestamp.c       Sat Jan 23 08:44:00 2021 -0700
+@@ -643,8 +643,8 @@
+        if (entry.size == sizeof(struct timestamp_entry_v1)) {
+            /* Old sudo record, convert it to TS_LOCKEXCL. */
+            entry.type = TS_LOCKEXCL;
+-           memset((char *)&entry + offsetof(struct timestamp_entry, type), 0,
+-               nread - offsetof(struct timestamp_entry, type));
++           memset((char *)&entry + offsetof(struct timestamp_entry, flags), 0,
++               nread - offsetof(struct timestamp_entry, flags));
+            if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1)
+                debug_return_bool(false);
+        } else {
+
+