diff options
Diffstat (limited to 'meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch')
-rw-r--r-- | meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch b/meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch new file mode 100644 index 0000000000..c1b00c740e --- /dev/null +++ b/meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | Upstream-Status: Backport [https://www.sudo.ws/repos/sudo/rev/09f98816fc89] | ||
2 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
3 | CVE: CVE-2021-3156 | ||
4 | |||
5 | # HG changeset patch | ||
6 | # User Todd C. Miller <Todd.Miller@sudo.ws> | ||
7 | # Date 1611416640 25200 | ||
8 | # Node ID 09f98816fc8978f1d8623a857073d2d5746f0379 | ||
9 | # Parent 049ad90590be1e5dfb7df2675d2eb3e37c96ab86 | ||
10 | Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL. | ||
11 | We want to zero the struct starting at flags, not type (which was just set). | ||
12 | Found by Qualys. | ||
13 | |||
14 | diff -r 049ad90590be -r 09f98816fc89 plugins/sudoers/timestamp.c | ||
15 | --- a/plugins/sudoers/timestamp.c Sat Jan 23 08:43:59 2021 -0700 | ||
16 | +++ b/plugins/sudoers/timestamp.c Sat Jan 23 08:44:00 2021 -0700 | ||
17 | @@ -643,8 +643,8 @@ | ||
18 | if (entry.size == sizeof(struct timestamp_entry_v1)) { | ||
19 | /* Old sudo record, convert it to TS_LOCKEXCL. */ | ||
20 | entry.type = TS_LOCKEXCL; | ||
21 | - memset((char *)&entry + offsetof(struct timestamp_entry, type), 0, | ||
22 | - nread - offsetof(struct timestamp_entry, type)); | ||
23 | + memset((char *)&entry + offsetof(struct timestamp_entry, flags), 0, | ||
24 | + nread - offsetof(struct timestamp_entry, flags)); | ||
25 | if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1) | ||
26 | debug_return_bool(false); | ||
27 | } else { | ||
28 | |||
29 | |||