mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-15 06:10:02 +00:00
Code Issues Projects Releases Wiki Activity

libmodbus: Fix CVE-2022-0367

Browse Source 
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Hugo SIMELIERE
2023-04-26 14:09:58 -04:00
committed by Armin Kuster
parent 0a8fa5e716
commit 34f5646bba
2 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch
+38
View File
@@ -0,0 +1,38 @@
From 790ff6dad16b70e68804a2d53ad54db40412e889 Mon Sep 17 00:00:00 2001
From: Michael Heimpold <mhei@heimpold.de>
Date: Sat, 8 Jan 2022 20:00:50 +0100
Subject: [PATCH] modbus_reply: fix copy & paste error in sanity check (fixes
#614)
[ Upstream commit b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 ]
While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets
must be checked, i.e. the read and the write address must be within the
mapping range.
At the moment, only the read address was considered, it looks like a
simple copy and paste error, so let's fix it.
CVE: CVE-2022-0367
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
---
src/modbus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/modbus.c b/src/modbus.c
index 68a28a3..c871152 100644
--- a/src/modbus.c
+++ b/src/modbus.c
@@ -961,7 +961,7 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req,
nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS);
} else if (mapping_address < 0 ||
(mapping_address + nb) > mb_mapping->nb_registers ||
- mapping_address < 0 ||
+ mapping_address_write < 0 ||
(mapping_address_write + nb_write) > mb_mapping->nb_registers) {
rsp_length = response_exception(
ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE,
--
2.39.1
meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb
+4 -1
View File
@@ -2,7 +2,10 @@ require libmodbus.inc
SRC_URI += "file://f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch \
file://Fix-float-endianness-issue-on-big-endian-arch.patch \
file://Fix-typo.patch"
file://Fix-typo.patch \
file://CVE-2022-0367.patch \
"
SRC_URI[md5sum] = "15c84c1f7fb49502b3efaaa668cfd25e"
SRC_URI[sha256sum] = "d7d9fa94a16edb094e5fdf5d87ae17a0dc3f3e3d687fead81835d9572cf87c16"