tftpy: fix CVE-2023-46566

Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2025-04-24 15:24:40 +0000
committer: Armin Kuster <akuster808@gmail.com> 2025-04-26 15:50:27 -0400
commit: efe887a5b8453a59b961b3ac90a5f2c5a5edb536 (patch)
tree: a5a99399235d420c0ed3b72f80e593bd5bc0edd7 /meta-python/recipes-devtools/python
parent: a4c57ecb8ca54a64652dafa376199c9b29b1448f (diff)
download: meta-openembedded-efe887a5b8453a59b961b3ac90a5f2c5a5edb536.tar.gz
2 files changed, 28 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch
new file mode 100644
index 0000000000..0131dedb1c
--- /dev/null
+++ b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch
@@ -0,0 +1,26 @@
+From 5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f Mon Sep 17 00:00:00 2001
+From: Dave Wapstra <dwapstra@cisco.com>
+Date: Wed, 3 Jul 2024 14:32:58 +1200
+Subject: [PATCH] Add packet size check
+CVE: CVE-2023-46566
+Upstream-Status: Backport [https://github.com/msoulier/tftpy/commit/5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f]
+---
+ tftpy/TftpPacketFactory.py | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/tftpy/TftpPacketFactory.py b/tftpy/TftpPacketFactory.py
+index 41f39a9..a8c9cd0 100644
+--- a/tftpy/TftpPacketFactory.py
+++ b/tftpy/TftpPacketFactory.py
+@@ -29,6 +29,7 @@ class TftpPacketFactory(object):
+         """This method is used to parse an existing datagram into its
+         corresponding TftpPacket object. The buffer is the raw bytes off of
+         the network."""
+        tftpassert(len(buffer) > 2, 'Invalid packet size')
+         log.debug("parsing a %d byte packet" % len(buffer))
+         (opcode,) = struct.unpack(str("!H"), buffer[:2])
+         log.debug("opcode is %d" % opcode)
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/tftpy_0.8.2.bb b/meta-python/recipes-devtools/python/tftpy_0.8.2.bb
index c1b3234f72..c169916845 100644
--- a/meta-python/recipes-devtools/python/tftpy_0.8.2.bb
+++ b/meta-python/recipes-devtools/python/tftpy_0.8.2.bb
@@ -11,3 +11,5 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=22770e72ae03c61f5bcc4e333b61368d"
 SRC_URI[sha256sum] = "e1d1a680efd88eba176b351175844253067392a9b0f8b81588e3ff2b9e7bbb5b"
 inherit pypi setuptools3
+SRC_URI += "file://CVE-2023-46566.patch"
author	Archana Polampalli <archana.polampalli@windriver.com>	2025-04-24 15:24:40 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-04-26 15:50:27 -0400
commit	efe887a5b8453a59b961b3ac90a5f2c5a5edb536 (patch)
tree	a5a99399235d420c0ed3b72f80e593bd5bc0edd7 /meta-python/recipes-devtools/python
parent	a4c57ecb8ca54a64652dafa376199c9b29b1448f (diff)
download	meta-openembedded-efe887a5b8453a59b961b3ac90a5f2c5a5edb536.tar.gz

diff --git a/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch new file mode 100644 index 0000000000..0131dedb1c --- /dev/null +++ b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch
@@ -0,0 +1,26 @@
		1	From 5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f Mon Sep 17 00:00:00 2001
		2	From: Dave Wapstra <dwapstra@cisco.com>
		3	Date: Wed, 3 Jul 2024 14:32:58 +1200
		4	Subject: [PATCH] Add packet size check
		5
		6	CVE: CVE-2023-46566
		7
		8	Upstream-Status: Backport [https://github.com/msoulier/tftpy/commit/5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f]
		9	---
		10	tftpy/TftpPacketFactory.py \| 1 +
		11	1 file changed, 1 insertion(+)
		12
		13	diff --git a/tftpy/TftpPacketFactory.py b/tftpy/TftpPacketFactory.py
		14	index 41f39a9..a8c9cd0 100644
		15	--- a/tftpy/TftpPacketFactory.py
		16	+++ b/tftpy/TftpPacketFactory.py
		17	@@ -29,6 +29,7 @@ class TftpPacketFactory(object):
		18	"""This method is used to parse an existing datagram into its
		19	corresponding TftpPacket object. The buffer is the raw bytes off of
		20	the network."""
		21	+ tftpassert(len(buffer) > 2, 'Invalid packet size')
		22	log.debug("parsing a %d byte packet" % len(buffer))
		23	(opcode,) = struct.unpack(str("!H"), buffer[:2])
		24	log.debug("opcode is %d" % opcode)
		25	--
		26	2.40.0


diff --git a/meta-python/recipes-devtools/python/tftpy_0.8.2.bb b/meta-python/recipes-devtools/python/tftpy_0.8.2.bb index c1b3234f72..c169916845 100644 --- a/meta-python/recipes-devtools/python/tftpy_0.8.2.bb +++ b/meta-python/recipes-devtools/python/tftpy_0.8.2.bb
@@ -11,3 +11,5 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=22770e72ae03c61f5bcc4e333b61368d"
11	SRC_URI[sha256sum] = "e1d1a680efd88eba176b351175844253067392a9b0f8b81588e3ff2b9e7bbb5b"	11	SRC_URI[sha256sum] = "e1d1a680efd88eba176b351175844253067392a9b0f8b81588e3ff2b9e7bbb5b"
12		12
13	inherit pypi setuptools3	13	inherit pypi setuptools3
		14
		15	SRC_URI += "file://CVE-2023-46566.patch"