From 7e36d53b0e80af58191fd2680577e6d766af55c7 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Mon, 16 Sep 2019 07:44:26 -0400 Subject: meta-openembedded: subtree update:a2928764c2..19528ba2a6 Adrian Bunk (1): libqmi: Replace clang patch with configure option Bartosz Golaszewski (3): yad: new package zenity: new package unclutter-xfixes: new package Khem Raj (2): mycroft: Remove alsa-oss from rdeps bigbuckbunny: Use faster download mirrors Oleksandr Kravchuk (21): capnproto: update to 0.7.0 ddrescue: update to 1.24 fmt: update to 6.0.0 jsonrpc: update to 1.2.0 libburn: update to 1.5.0 libdvdread: update to 6.0.1 libev: update to 4.27 libmodplug: update to 0.8.9.0 libnice: update to 0.1.16 libopus: update to 1.3.1 libsass: update to 3.6.1 libuv: update to 1.32.0 libsocketcan: update to 0.0.11 tree: update to 1.8.0 xclock: update to 1.0.9 xcursorgen: update to 1.0.7 xfontsel: update to 1.0.6 xmag: update to 1.0.6 xmessage: update to 1.0.5 xorg-sgml-doctools: update to 1.11 evtest: update to 1.34 Peiran Hong (1): tcpdump: Fix CVE-2017-16808 Change-Id: I4f2f575382cd34404d10470ece0aae7620487902 Signed-off-by: Brad Bishop --- ...2017-16808-AoE-Add-a-missing-bounds-check.patch | 61 ++++++++++++++++++++++ .../recipes-support/tcpdump/tcpdump_4.9.2.bb | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch (limited to 'meta-openembedded/meta-networking/recipes-support') diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch new file mode 100644 index 000000000..919f2b009 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch @@ -0,0 +1,61 @@ +From c45443a0d3e16b92622bea6b589e5930e8f0d815 Mon Sep 17 00:00:00 2001 +From: Peiran Hong +Date: Fri, 13 Sep 2019 17:02:57 -0400 +Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check. + +--- + netdissect.h | 12 ++++++++++++ + print-aoe.c | 1 + + 2 files changed, 13 insertions(+) + +diff --git a/netdissect.h b/netdissect.h +index 089b0406..cd05fdb9 100644 +--- a/netdissect.h ++++ b/netdissect.h +@@ -69,6 +69,11 @@ typedef struct { + typedef unsigned char nd_uint8_t; + typedef signed char nd_int8_t; + ++/* ++ * Use this for MAC addresses. ++ */ ++#define MAC_ADDR_LEN 6 /* length of MAC addresses */ ++ + /* snprintf et al */ + + #include +@@ -309,12 +314,19 @@ struct netdissect_options { + ((uintptr_t)ndo->ndo_snapend - (l) <= (uintptr_t)ndo->ndo_snapend && \ + (uintptr_t)&(var) <= (uintptr_t)ndo->ndo_snapend - (l))) + ++#define ND_TTEST_LEN(p, l) \ ++ (IS_NOT_NEGATIVE(l) && \ ++ ((uintptr_t)ndo->ndo_snapend - (l) <= (uintptr_t)ndo->ndo_snapend && \ ++ (uintptr_t)(p) <= (uintptr_t)ndo->ndo_snapend - (l))) ++ + /* True if "var" was captured */ + #define ND_TTEST(var) ND_TTEST2(var, sizeof(var)) + + /* Bail if "l" bytes of "var" were not captured */ + #define ND_TCHECK2(var, l) if (!ND_TTEST2(var, l)) goto trunc + ++#define ND_TCHECK_LEN(p, l) if (!ND_TTEST_LEN(p, l)) goto trunc ++ + /* Bail if "var" was not captured */ + #define ND_TCHECK(var) ND_TCHECK2(var, sizeof(var)) + +diff --git a/print-aoe.c b/print-aoe.c +index 97e93df2..ac097a04 100644 +--- a/print-aoe.c ++++ b/print-aoe.c +@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo, + goto invalid; + /* addresses */ + for (i = 0; i < nmacs; i++) { ++ ND_TCHECK_LEN(cp, MAC_ADDR_LEN); + ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp))); + cp += ETHER_ADDR_LEN; + } +-- +2.21.0 + diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb index 038c1617f..9bd861cd4 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb @@ -12,6 +12,7 @@ SRC_URI = " \ file://avoid-absolute-path-when-searching-for-libdlpi.patch \ file://add-ptest.patch \ file://run-ptest \ + file://0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch \ " SRC_URI[md5sum] = "9bbc1ee33dab61302411b02dd0515576" -- cgit v1.2.3