mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-01 13:40:04 +00:00
Code Issues Projects Releases Wiki Activity

dlt-daemon: add upstream patch to fix CVE-2020-29394

Browse Source 
More information on: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976228
| A buffer overflow in the dlt_filter_load function in dlt_common.c in
| dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary
| code execution because fscanf is misused (no limit on the number of
| characters to be read in a format argument).

Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Gianfranco
2020-12-02 10:19:37 +01:00
committed by Armin Kuster
parent 5e4601a3f9
commit a82e2fbdfa
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch
+38
View File
@@ -0,0 +1,38 @@
Upstream-status: Backport
CVE: CVE-2020-29394
From 7f5cd5404a03fa330e192084f6bdafb2dc9bdcb7 Mon Sep 17 00:00:00 2001
From: GwanYeong Kim <gy741.kim@gmail.com>
Date: Sat, 28 Nov 2020 12:24:46 +0900
Subject: [PATCH] dlt_common: Fix buffer overflow in dlt_filter_load
A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.
Fixed: #274
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
---
src/shared/dlt_common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c
index 254f4ce4..d15b1cec 100644
--- a/src/shared/dlt_common.c
+++ b/src/shared/dlt_common.c
@@ -404,7 +404,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb
while (!feof(handle)) {
str1[0] = 0;
- if (fscanf(handle, "%s", str1) != 1)
+ if (fscanf(handle, "%254s", str1) != 1)
break;
if (str1[0] == 0)
@@ -419,7 +419,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb
str1[0] = 0;
- if (fscanf(handle, "%s", str1) != 1)
+ if (fscanf(handle, "%254s", str1) != 1)
break;
if (str1[0] == 0)
meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.5.bb
+1
View File
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https \
file://0004-Modify-systemd-config-directory.patch \ file://0004-Modify-systemd-config-directory.patch \
file://241.patch \ file://241.patch \
file://245.patch \ file://245.patch \
file://275.patch \
" "
SRCREV = "f1ac087c766827b1d0ed9c3a814b3cc052e948f2" SRCREV = "f1ac087c766827b1d0ed9c3a814b3cc052e948f2"