diff options
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch')
-rw-r--r-- | meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch | 116 |
1 files changed, 0 insertions, 116 deletions
diff --git a/meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch b/meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch deleted file mode 100644 index 8fdd62d186..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 1ec621c85b9411cc611652fd57a892cfef478af3 Mon Sep 17 00:00:00 2001 -From: Luca Deri <deri@ntop.org> -Date: Sat, 15 May 2021 19:53:46 +0200 -Subject: [PATCH] Added further checks - -Upstream-Status: Backport [https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3] -CVE: CVE-2021-36082 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> - ---- - src/lib/protocols/netbios.c | 2 +- - src/lib/protocols/tls.c | 32 +++++++++++++++++--------------- - 2 files changed, 18 insertions(+), 16 deletions(-) - -diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c -index 1f3850cb..0d3b705f 100644 ---- a/src/lib/protocols/netbios.c -+++ b/src/lib/protocols/netbios.c -@@ -42,7 +42,7 @@ int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len - int ret = 0, len, idx = inlen; - char *b; - -- len = (*in++)/2; -+ len = (*in++)/2, inlen--; - b = out; - *out = 0; - -diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c -index 5b572cae..c115ac08 100644 ---- a/src/lib/protocols/tls.c -+++ b/src/lib/protocols/tls.c -@@ -994,21 +994,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, - i += 4 + extension_len, offset += 4 + extension_len; - } - -- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version); -+ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version); - -- for(i=0; i<ja3.num_cipher; i++) { -- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]); -+ for(i=0; (i<ja3.num_cipher) && (JA3_STR_LEN > ja3_str_len); i++) { -+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]); - - if(rc <= 0) break; else ja3_str_len += rc; - } - -- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); -- if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; -+ if(JA3_STR_LEN > ja3_str_len) { -+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); -+ if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; -+ } - - /* ********** */ - -- for(i=0; i<ja3.num_tls_extension; i++) { -- int rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]); -+ for(i=0; (i<ja3.num_tls_extension) && (JA3_STR_LEN-ja3_str_len); i++) { -+ int rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]); - - if(rc <= 0) break; else ja3_str_len += rc; - } -@@ -1443,41 +1445,41 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, - int rc; - - compute_ja3c: -- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version); -+ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version); - - for(i=0; i<ja3.num_cipher; i++) { -- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", -+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", - (i > 0) ? "-" : "", ja3.cipher[i]); - if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; - } - -- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); -+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); - if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; - - /* ********** */ - - for(i=0; i<ja3.num_tls_extension; i++) { -- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", -+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", - (i > 0) ? "-" : "", ja3.tls_extension[i]); - if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; - } - -- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); -+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); - if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; - - /* ********** */ - - for(i=0; i<ja3.num_elliptic_curve; i++) { -- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", -+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", - (i > 0) ? "-" : "", ja3.elliptic_curve[i]); - if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; - } - -- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); -+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); - if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; - - for(i=0; i<ja3.num_elliptic_curve_point_format; i++) { -- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", -+ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", - (i > 0) ? "-" : "", ja3.elliptic_curve_point_format[i]); - if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; - } --- -2.17.1 - |