diff options
Diffstat (limited to 'poky/meta/recipes-connectivity/inetutils')
-rw-r--r-- | poky/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch | 25 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb | 1 |
2 files changed, 26 insertions, 0 deletions
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch new file mode 100644 index 000000000..a91913cb5 --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch @@ -0,0 +1,25 @@ +tftpd: Fix abort on error path + +When trying to fetch a non existent file, the app crashes with: + +*** buffer overflow detected ***: +Aborted + + +Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205] +Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> +diff --git a/src/tftpd.c b/src/tftpd.c +index 56002a0..144012f 100644 +--- a/src/tftpd.c ++++ b/src/tftpd.c +@@ -864,9 +864,8 @@ nak (int error) + pe->e_msg = strerror (error - 100); + tp->th_code = EUNDEF; /* set 'undef' errorcode */ + } +- strcpy (tp->th_msg, pe->e_msg); + length = strlen (pe->e_msg); +- tp->th_msg[length] = '\0'; ++ memcpy(tp->th_msg, pe->e_msg, length + 1); + length += 5; + if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length) + syslog (LOG_ERR, "nak: %m\n"); diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb index ac2e017d8..684fbe09e 100644 --- a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb @@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ file://0001-rcp-fix-to-work-with-large-files.patch \ + file://fix-buffer-fortify-tfpt.patch \ " SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52" |