diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch | 266 | ||||
-rw-r--r-- | meta/recipes-connectivity/connman/connman_1.37.bb | 1 |
2 files changed, 267 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch new file mode 100644 index 0000000000..83a013981c --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32293.patch | |||
@@ -0,0 +1,266 @@ | |||
1 | From 358a44b1442fae0f82846e10da0708b5c4e1ce27 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Tue, 20 Sep 2022 17:58:19 +0530 | ||
4 | Subject: [PATCH] CVE-2022-32293 | ||
5 | |||
6 | CVE: CVE-2022-32293 | ||
7 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c && https://git.kernel.org/pub/scm/network/connman/connman.git/commit/src/wispr.c?id=416bfaff988882c553c672e5bfc2d4f648d29e8a] | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | --- | ||
10 | src/wispr.c | 83 ++++++++++++++++++++++++++++++++++++++++------------- | ||
11 | 1 file changed, 63 insertions(+), 20 deletions(-) | ||
12 | |||
13 | diff --git a/src/wispr.c b/src/wispr.c | ||
14 | index 473c0e0..97e0242 100644 | ||
15 | --- a/src/wispr.c | ||
16 | +++ b/src/wispr.c | ||
17 | @@ -59,6 +59,7 @@ struct wispr_route { | ||
18 | }; | ||
19 | |||
20 | struct connman_wispr_portal_context { | ||
21 | + int refcount; | ||
22 | struct connman_service *service; | ||
23 | enum connman_ipconfig_type type; | ||
24 | struct connman_wispr_portal *wispr_portal; | ||
25 | @@ -96,10 +97,13 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data); | ||
26 | |||
27 | static GHashTable *wispr_portal_list = NULL; | ||
28 | |||
29 | +#define wispr_portal_context_ref(wp_context) \ | ||
30 | + wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__) | ||
31 | +#define wispr_portal_context_unref(wp_context) \ | ||
32 | + wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__) | ||
33 | + | ||
34 | static void connman_wispr_message_init(struct connman_wispr_message *msg) | ||
35 | { | ||
36 | - DBG(""); | ||
37 | - | ||
38 | msg->has_error = false; | ||
39 | msg->current_element = NULL; | ||
40 | |||
41 | @@ -159,11 +163,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context) | ||
42 | static void free_connman_wispr_portal_context( | ||
43 | struct connman_wispr_portal_context *wp_context) | ||
44 | { | ||
45 | - DBG("context %p", wp_context); | ||
46 | - | ||
47 | - if (!wp_context) | ||
48 | - return; | ||
49 | - | ||
50 | if (wp_context->wispr_portal) { | ||
51 | if (wp_context->wispr_portal->ipv4_context == wp_context) | ||
52 | wp_context->wispr_portal->ipv4_context = NULL; | ||
53 | @@ -200,9 +199,38 @@ static void free_connman_wispr_portal_context( | ||
54 | g_free(wp_context); | ||
55 | } | ||
56 | |||
57 | +static struct connman_wispr_portal_context * | ||
58 | +wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context, | ||
59 | + const char *file, int line, const char *caller) | ||
60 | +{ | ||
61 | + DBG("%p ref %d by %s:%d:%s()", wp_context, | ||
62 | + wp_context->refcount + 1, file, line, caller); | ||
63 | + | ||
64 | + __sync_fetch_and_add(&wp_context->refcount, 1); | ||
65 | + | ||
66 | + return wp_context; | ||
67 | +} | ||
68 | + | ||
69 | +static void wispr_portal_context_unref_debug( | ||
70 | + struct connman_wispr_portal_context *wp_context, | ||
71 | + const char *file, int line, const char *caller) | ||
72 | +{ | ||
73 | + if (!wp_context) | ||
74 | + return; | ||
75 | + | ||
76 | + DBG("%p ref %d by %s:%d:%s()", wp_context, | ||
77 | + wp_context->refcount - 1, file, line, caller); | ||
78 | + | ||
79 | + if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1) | ||
80 | + return; | ||
81 | + | ||
82 | + free_connman_wispr_portal_context(wp_context); | ||
83 | +} | ||
84 | + | ||
85 | static struct connman_wispr_portal_context *create_wispr_portal_context(void) | ||
86 | { | ||
87 | - return g_try_new0(struct connman_wispr_portal_context, 1); | ||
88 | + return wispr_portal_context_ref( | ||
89 | + g_new0(struct connman_wispr_portal_context, 1)); | ||
90 | } | ||
91 | |||
92 | static void free_connman_wispr_portal(gpointer data) | ||
93 | @@ -214,8 +242,8 @@ static void free_connman_wispr_portal(gpointer data) | ||
94 | if (!wispr_portal) | ||
95 | return; | ||
96 | |||
97 | - free_connman_wispr_portal_context(wispr_portal->ipv4_context); | ||
98 | - free_connman_wispr_portal_context(wispr_portal->ipv6_context); | ||
99 | + wispr_portal_context_unref(wispr_portal->ipv4_context); | ||
100 | + wispr_portal_context_unref(wispr_portal->ipv6_context); | ||
101 | |||
102 | g_free(wispr_portal); | ||
103 | } | ||
104 | @@ -450,8 +478,6 @@ static void portal_manage_status(GWebResult *result, | ||
105 | &str)) | ||
106 | connman_info("Client-Timezone: %s", str); | ||
107 | |||
108 | - free_connman_wispr_portal_context(wp_context); | ||
109 | - | ||
110 | __connman_service_ipconfig_indicate_state(service, | ||
111 | CONNMAN_SERVICE_STATE_ONLINE, type); | ||
112 | } | ||
113 | @@ -509,14 +535,17 @@ static void wispr_portal_request_portal( | ||
114 | { | ||
115 | DBG(""); | ||
116 | |||
117 | + wispr_portal_context_ref(wp_context); | ||
118 | wp_context->request_id = g_web_request_get(wp_context->web, | ||
119 | wp_context->status_url, | ||
120 | wispr_portal_web_result, | ||
121 | wispr_route_request, | ||
122 | wp_context); | ||
123 | |||
124 | - if (wp_context->request_id == 0) | ||
125 | + if (wp_context->request_id == 0) { | ||
126 | wispr_portal_error(wp_context); | ||
127 | + wispr_portal_context_unref(wp_context); | ||
128 | + } | ||
129 | } | ||
130 | |||
131 | static bool wispr_input(const guint8 **data, gsize *length, | ||
132 | @@ -562,13 +591,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service, | ||
133 | return; | ||
134 | |||
135 | if (!authentication_done) { | ||
136 | - wispr_portal_error(wp_context); | ||
137 | free_wispr_routes(wp_context); | ||
138 | + wispr_portal_error(wp_context); | ||
139 | + wispr_portal_context_unref(wp_context); | ||
140 | return; | ||
141 | } | ||
142 | |||
143 | /* Restarting the test */ | ||
144 | __connman_service_wispr_start(service, wp_context->type); | ||
145 | + wispr_portal_context_unref(wp_context); | ||
146 | } | ||
147 | |||
148 | static void wispr_portal_request_wispr_login(struct connman_service *service, | ||
149 | @@ -592,7 +623,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service, | ||
150 | return; | ||
151 | } | ||
152 | |||
153 | - free_connman_wispr_portal_context(wp_context); | ||
154 | + wispr_portal_context_unref(wp_context); | ||
155 | return; | ||
156 | } | ||
157 | |||
158 | @@ -644,11 +675,13 @@ static bool wispr_manage_message(GWebResult *result, | ||
159 | |||
160 | wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN; | ||
161 | |||
162 | + wispr_portal_context_ref(wp_context); | ||
163 | if (__connman_agent_request_login_input(wp_context->service, | ||
164 | wispr_portal_request_wispr_login, | ||
165 | - wp_context) != -EINPROGRESS) | ||
166 | + wp_context) != -EINPROGRESS) { | ||
167 | wispr_portal_error(wp_context); | ||
168 | - else | ||
169 | + wispr_portal_context_unref(wp_context); | ||
170 | + } else | ||
171 | return true; | ||
172 | |||
173 | break; | ||
174 | @@ -697,6 +730,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) | ||
175 | if (length > 0) { | ||
176 | g_web_parser_feed_data(wp_context->wispr_parser, | ||
177 | chunk, length); | ||
178 | + wispr_portal_context_unref(wp_context); | ||
179 | return true; | ||
180 | } | ||
181 | |||
182 | @@ -714,6 +748,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) | ||
183 | |||
184 | switch (status) { | ||
185 | case 000: | ||
186 | + wispr_portal_context_ref(wp_context); | ||
187 | __connman_agent_request_browser(wp_context->service, | ||
188 | wispr_portal_browser_reply_cb, | ||
189 | wp_context->status_url, wp_context); | ||
190 | @@ -725,11 +760,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) | ||
191 | if (g_web_result_get_header(result, "X-ConnMan-Status", | ||
192 | &str)) { | ||
193 | portal_manage_status(result, wp_context); | ||
194 | + wispr_portal_context_unref(wp_context); | ||
195 | return false; | ||
196 | - } else | ||
197 | + } else { | ||
198 | + wispr_portal_context_ref(wp_context); | ||
199 | __connman_agent_request_browser(wp_context->service, | ||
200 | wispr_portal_browser_reply_cb, | ||
201 | wp_context->redirect_url, wp_context); | ||
202 | + } | ||
203 | |||
204 | break; | ||
205 | case 302: | ||
206 | @@ -737,6 +775,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) | ||
207 | !g_web_result_get_header(result, "Location", | ||
208 | &redirect)) { | ||
209 | |||
210 | + wispr_portal_context_ref(wp_context); | ||
211 | __connman_agent_request_browser(wp_context->service, | ||
212 | wispr_portal_browser_reply_cb, | ||
213 | wp_context->status_url, wp_context); | ||
214 | @@ -747,6 +786,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) | ||
215 | |||
216 | wp_context->redirect_url = g_strdup(redirect); | ||
217 | |||
218 | + wispr_portal_context_ref(wp_context); | ||
219 | wp_context->request_id = g_web_request_get(wp_context->web, | ||
220 | redirect, wispr_portal_web_result, | ||
221 | wispr_route_request, wp_context); | ||
222 | @@ -763,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) | ||
223 | |||
224 | break; | ||
225 | case 505: | ||
226 | + wispr_portal_context_ref(wp_context); | ||
227 | __connman_agent_request_browser(wp_context->service, | ||
228 | wispr_portal_browser_reply_cb, | ||
229 | wp_context->status_url, wp_context); | ||
230 | @@ -775,6 +816,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) | ||
231 | wp_context->request_id = 0; | ||
232 | done: | ||
233 | wp_context->wispr_msg.message_type = -1; | ||
234 | + wispr_portal_context_unref(wp_context); | ||
235 | return false; | ||
236 | } | ||
237 | |||
238 | @@ -809,6 +851,7 @@ static void proxy_callback(const char *proxy, void *user_data) | ||
239 | xml_wispr_parser_callback, wp_context); | ||
240 | |||
241 | wispr_portal_request_portal(wp_context); | ||
242 | + wispr_portal_context_unref(wp_context); | ||
243 | } | ||
244 | |||
245 | static gboolean no_proxy_callback(gpointer user_data) | ||
246 | @@ -903,7 +946,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context) | ||
247 | |||
248 | if (wp_context->token == 0) { | ||
249 | err = -EINVAL; | ||
250 | - free_connman_wispr_portal_context(wp_context); | ||
251 | + wispr_portal_context_unref(wp_context); | ||
252 | } | ||
253 | } else if (wp_context->timeout == 0) { | ||
254 | wp_context->timeout = g_idle_add(no_proxy_callback, wp_context); | ||
255 | @@ -952,7 +995,7 @@ int __connman_wispr_start(struct connman_service *service, | ||
256 | |||
257 | /* If there is already an existing context, we wipe it */ | ||
258 | if (wp_context) | ||
259 | - free_connman_wispr_portal_context(wp_context); | ||
260 | + wispr_portal_context_unref(wp_context); | ||
261 | |||
262 | wp_context = create_wispr_portal_context(); | ||
263 | if (!wp_context) | ||
264 | -- | ||
265 | 2.25.1 | ||
266 | |||
diff --git a/meta/recipes-connectivity/connman/connman_1.37.bb b/meta/recipes-connectivity/connman/connman_1.37.bb index 4f22c7ad49..73d7f7527e 100644 --- a/meta/recipes-connectivity/connman/connman_1.37.bb +++ b/meta/recipes-connectivity/connman/connman_1.37.bb | |||
@@ -13,6 +13,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ | |||
13 | file://CVE-2022-23096-7.patch \ | 13 | file://CVE-2022-23096-7.patch \ |
14 | file://CVE-2022-23098.patch \ | 14 | file://CVE-2022-23098.patch \ |
15 | file://CVE-2022-32292.patch \ | 15 | file://CVE-2022-32292.patch \ |
16 | file://CVE-2022-32293.patch \ | ||
16 | " | 17 | " |
17 | 18 | ||
18 | SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" | 19 | SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" |