1 files changed, 0 insertions, 55 deletions

diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42011.patch b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42011.patch
deleted file mode 100644
index 9284dd666..000000000
--- a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42011.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 079bbf16186e87fb0157adf8951f19864bc2ed69 Mon Sep 17 00:00:00 2001
-From: Simon McVittie <smcv@collabora.com>
-Date: Mon, 12 Sep 2022 13:14:18 +0100
-Subject: [PATCH] dbus-marshal-validate: Validate length of arrays of
- fixed-length items
-
-This fast-path previously did not check that the array was made up
-of an integer number of items. This could lead to assertion failures
-and out-of-bounds accesses during subsequent message processing (which
-assumes that the message has already been validated), particularly after
-the addition of _dbus_header_remove_unknown_fields(), which makes it
-more likely that dbus-daemon will apply non-trivial edits to messages.
-
-Thanks: Evgeny Vereshchagin
-Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays"
-Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
-Resolves: CVE-2022-42011
-Signed-off-by: Simon McVittie <smcv@collabora.com>
----
- dbus/dbus-marshal-validate.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
-index ae68414dd..7d0d6cf72 100644
---- a/dbus/dbus-marshal-validate.c
-+++ b/dbus/dbus-marshal-validate.c
-@@ -503,13 +503,24 @@ validate_body_helper (DBusTypeReader       *reader,
-                  */ 
-                 if (dbus_type_is_fixed (array_elem_type))
-                   {
-+                    /* Note that fixed-size types all have sizes equal to
-+                     * their alignments, so this is really the item size. */
-+                    alignment = _dbus_type_get_alignment (array_elem_type);
-+                    _dbus_assert (alignment == 1 || alignment == 2 ||
-+                                  alignment == 4 || alignment == 8);
-+
-+                    /* Because the alignment is a power of 2, this is
-+                     * equivalent to: (claimed_len % alignment) != 0,
-+                     * but avoids slower integer division */
-+                    if ((claimed_len & (alignment - 1)) != 0)
-+                      return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
-+
-                     /* bools need to be handled differently, because they can
-                      * have an invalid value
-                      */
-                     if (array_elem_type == DBUS_TYPE_BOOLEAN)
-                       {
-                         dbus_uint32_t v;
--                        alignment = _dbus_type_get_alignment (array_elem_type);
- 
-                         while (p < array_end)
-                           {
--- 
-GitLab
-