diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2020-07-25 00:24:21 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2020-07-25 00:26:47 +0300 |
| commit | 748a483a8f515f7aa0ce999ebeeebed4ed17ae10 (patch) | |
| tree | aeeb8e6537070fade4adb84332cb9d5bc52ed4d2 /meta-openembedded/meta-networking/recipes-netkit/netkit-telnet | |
| parent | b7d2861976669d4f6decc55762ba83fe0371d6d5 (diff) | |
| download | openbmc-748a483a8f515f7aa0ce999ebeeebed4ed17ae10.tar.xz | |
meta-openembedded: subtree update:e93d527a33..76b83194b3
Alejandro Enedino Hernandez Samaniego (1):
Remmina: Upgrade to 1.4.7
Alistair Francis (1):
python3-obd: Add missing setuptools RDEPENDS
Andreas Müller (3):
xfce4-whiskermenu-plugin: upgrade 2.4.4 -> 2.4.5
xfce4-time-out-plugin: upgrade 1.1.0 -> 1.1.1
graphene: upgrade 1.10.0 -> 1.10.2
Andrej Valek (1):
python3-xlsxwriter: add recipe for v 1.2.9
Aníbal Limón (1):
recipes-graphics: Add parallel-deqp-runner recipe
Armin Kuster (10):
python3-flask-babel: update to 1.0.0 and consolidate
python3-fastnumbers: Add new package
python3-icu: add new package
python3-natsort: add new package
python3-croniter: Fix missing rdep
python3-gmpy2: add new package
python3-ecdsa: add package
python3-rsa: add new package
python3-gnupg: add new package
python3-qrcode: add package
Changqing Li (2):
rsyslog: get alias of syslog back
radvd: add /etc/radvd.conf
Christian Eggers (2):
networkmanager: Package nmcli separately
networkmanager: Fix udev dependency
Colin McAllister (4):
python3-cantools: Added recipe
python3-dateparser: Added recipe
python3-diskcache: Added recipe
python3-bitstruct: Added recipe
Dmitry Baryshkov (1):
recipes-graphics: add Khronos OpenGL ES and Vulkan CTS recipes
Julius Hemanth Pitti (1):
netkit-telnetd: Fix buffer overflow in netoprintf
Kai Kang (1):
python3-pykickstart: 3.22 -> 3.26
Khem Raj (4):
ace: Upgrade to 6.5.10
network-manager-applet: Add missing dependency on libgudev
memcached: Upgrade to 1.6.6
samba: Fix conflicts with nss.h from glibc
Leon Anavi (12):
python3-cbor2: Upgrade 5.1.0 -> 5.1.1
python3-psutil: Upgrade 5.7.0 -> 5.7.2
python3-isort: Upgrade 4.3.21 -> 5.1.0
python3-netaddr: Upgrade 0.7.20 -> 0.8.0
python3-bitarray: Upgrade 1.2.2 -> 1.4.1
python3-pymysql: Upgrade 0.9.3 -> 0.10.0
python3-simplejson: Upgrade 3.17.0 -> 3.17.2
python3-isort: Upgrade 5.1.0 -> 5.1.4
python3-stevedore: Upgrade 2.0.1 -> 3.2.0
python3-mock: Upgrade 4.0.1 -> 4.0.2
python3-pychromecast: Upgrade 7.1.1 -> 7.1.2
python3-coverage: Upgrade 5.1 -> 5.2
Matt Hoosier (1):
glmark2: don't build full OpenGL backends by default
Mingde (Matthew) Zeng (1):
net-snmp, openjpeg: add proper CVE tags to patches
Mingli Yu (1):
freeradius: fix the existed certificate error
Ovidiu Panait (1):
nss: upgrade 3.51.1 -> 3.54
Philip Balister (1):
python3-pybind11: Use cmake to build and add -native version
Ryan Rowe (2):
python3-packaging: add -native version
python3-pint: add setuptools and packaging to RDEPENDS
Sakib Sajal (4):
python3-mock: add recipe for v4.0.1
python3-pep8: add recipe for v1.7.1
python3-mccabe: add recipe for v0.2.1
python3-requests-toolbelt: add ptest
Slater, Joseph (2):
lvm2: reproducible binaries
toybox-inittab: unpack to S
Wang Mingyu (2):
python3-idna: upgrade 2.9 -> 2.10
python3-pytz: upgrade 2019.3 -> 2020.1
Zang Ruochen (5):
python3-requests-file: Enable ptest
python3-semver: Enable ptest
python3-smpplib: Enable ptest
python3-soupsieve: Enable ptest
python3-typeguard: Enable ptest
Zheng Ruoqin (3):
babeld: upgrade 1.9.1 -> 1.9.2
wireguard-module: upgrade 1.0.20200401 -> 1.0.20200712
wireguard-tools: upgrade 1.0.20200319 -> 1.0.20200513
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I7d02cff7fbd61a6f8e1a96354e169f5f19edf023
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-netkit/netkit-telnet')
2 files changed, 57 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch new file mode 100644 index 000000000..8f983e40a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch @@ -0,0 +1,56 @@ +From 9c81c8e5bc7782e8ae12c078615abc3c896059f2 Mon Sep 17 00:00:00 2001 +From: Julius Hemanth Pitti <jpitti@cisco.com> +Date: Tue, 14 Jul 2020 22:34:19 -0700 +Subject: [PATCH] telnetd/utility.c: Fix buffer overflow in netoprintf + +As per man page of vsnprintf, when formated +string size is greater than "size"(2nd argument), +then vsnprintf returns size of formated string, +not "size"(2nd argument). + +netoprintf() was not handling a case where +return value of vsnprintf is greater than +"size"(2nd argument), results in buffer overflow +while adjusting "nfrontp" pointer to point +beyond "netobuf" buffer. + +Here is one such case where "nfrontp" +crossed boundaries of "netobuf", and +pointing to another global variable. + +(gdb) p &netobuf[8255] +$5 = 0x55c93afe8b1f <netobuf+8255> "" +(gdb) p nfrontp +$6 = 0x55c93afe8c20 <terminaltype> "\377" +(gdb) p &terminaltype +$7 = (char **) 0x55c93afe8c20 <terminaltype> +(gdb) + +This resulted in crash of telnetd service +with segmentation fault. + +Though this is DoS security bug, I couldn't +find any CVE ID for this. + +Upstream-Status: Pending + +Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com> +--- + telnetd/utility.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/telnetd/utility.c b/telnetd/utility.c +index b9a46a6..4811f14 100644 +--- a/telnetd/utility.c ++++ b/telnetd/utility.c +@@ -66,7 +66,7 @@ netoprintf(const char *fmt, ...) + len = vsnprintf(nfrontp, maxsize, fmt, ap); + va_end(ap); + +- if (len<0 || len==maxsize) { ++ if (len<0 || len>=maxsize) { + /* didn't fit */ + netflush(); + } +-- +2.19.1 diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb index 0e92add63..08dd532b6 100644 --- a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb @@ -13,6 +13,7 @@ SRC_URI = "http://ftp.linux.org.uk/pub/linux/Networking/netkit/${BP}.tar.gz \ file://0001-telnet-telnetd-Fix-print-format-strings.patch \ file://0001-telnet-telnetd-Fix-deadlock-on-cleanup.patch \ file://CVE-2020-10188.patch \ + file://0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch \ " UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/" |