1 files changed, 38 insertions, 0 deletions

diff --git a/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch b/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch
new file mode 100644
index 0000000000..2aec818574
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch
@@ -0,0 +1,38 @@
+From 790ff6dad16b70e68804a2d53ad54db40412e889 Mon Sep 17 00:00:00 2001
+From: Michael Heimpold <mhei@heimpold.de>
+Date: Sat, 8 Jan 2022 20:00:50 +0100
+Subject: [PATCH] modbus_reply: fix copy & paste error in sanity check (fixes
+ #614)
+
+[ Upstream commit b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 ]
+
+While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets
+must be checked, i.e. the read and the write address must be within the
+mapping range.
+
+At the moment, only the read address was considered, it looks like a
+simple copy and paste error, so let's fix it.
+
+CVE: CVE-2022-0367
+
+Signed-off-by: Michael Heimpold <mhei@heimpold.de>
+---
+ src/modbus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/modbus.c b/src/modbus.c
+index 68a28a3..c871152 100644
+--- a/src/modbus.c
++++ b/src/modbus.c
+@@ -961,7 +961,7 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req,
+                 nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS);
+         } else if (mapping_address < 0 ||
+                    (mapping_address + nb) > mb_mapping->nb_registers ||
+-                   mapping_address < 0 ||
++                   mapping_address_write < 0 ||
+                    (mapping_address_write + nb_write) > mb_mapping->nb_registers) {
+             rsp_length = response_exception(
+                 ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE,
+--
+2.39.1
+