mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 05:10:20 +00:00
Code Issues Projects Releases Wiki Activity

proftpd: CVE-2021-46854 memory disclosure to radius server

Browse Source 
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
This commit is contained in:
Hitendra Prajapati
2022-12-08 12:51:14 +05:30
committed by Armin Kuster
parent 7952135f65
commit 82f77e2b3c
2 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-daemons/proftpd/files/CVE-2021-46854.patch
+51
View File
@@ -0,0 +1,51 @@
From ed31fe2cbd5b8b1148b467f84f7acea66fa43bb8 Mon Sep 17 00:00:00 2001
From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Tue, 3 Aug 2021 21:53:28 +0200
Subject: [PATCH] CVE-2021-46854
mod_radius: copy _only_ the password
Upstream-Status: Backport [https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43]
CVE: CVE-2021-46854
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
contrib/mod_radius.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/contrib/mod_radius.c b/contrib/mod_radius.c
index b56cdfe..f234dd5 100644
--- a/contrib/mod_radius.c
+++ b/contrib/mod_radius.c
@@ -2319,21 +2319,26 @@ static void radius_add_passwd(radius_packet_t *packet, unsigned char type,
pwlen = strlen((const char *) passwd);
+ /* Clear the buffers. */
+ memset(pwhash, '\0', sizeof(pwhash));
+
if (pwlen == 0) {
pwlen = RADIUS_PASSWD_LEN;
} if ((pwlen & (RADIUS_PASSWD_LEN - 1)) != 0) {
+ /* pwlen is not a multiple of RADIUS_PASSWD_LEN, need to prepare a proper buffer */
+ memcpy(pwhash, passwd, pwlen);
/* Round up the length. */
pwlen += (RADIUS_PASSWD_LEN - 1);
/* Truncate the length, as necessary. */
pwlen &= ~(RADIUS_PASSWD_LEN - 1);
+ } else {
+ /* pwlen is a multiple of RADIUS_PASSWD_LEN, we can just use it. */
+ memcpy(pwhash, passwd, pwlen);
}
- /* Clear the buffers. */
- memset(pwhash, '\0', sizeof(pwhash));
- memcpy(pwhash, passwd, pwlen);
/* Find the password attribute. */
attrib = radius_get_attrib(packet, RADIUS_PASSWORD);
--
2.25.1
meta-networking/recipes-daemons/proftpd/proftpd_1.3.6.bb
+1
View File
@@ -12,6 +12,7 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \
file://contrib.patch \ file://contrib.patch \
file://build_fixup.patch \ file://build_fixup.patch \
file://proftpd.service \ file://proftpd.service \
file://CVE-2021-46854.patch \
" "
SRC_URI[md5sum] = "13270911c42aac842435f18205546a1b" SRC_URI[md5sum] = "13270911c42aac842435f18205546a1b"
SRC_URI[sha256sum] = "91ef74b143495d5ff97c4d4770c6804072a8c8eb1ad1ecc8cc541b40e152ecaf" SRC_URI[sha256sum] = "91ef74b143495d5ff97c4d4770c6804072a8c8eb1ad1ecc8cc541b40e152ecaf"