dlt-daemon: fix CVE-2023-36321

Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas
discovered to contain a buffer overflow via the component
/shared/dlt_common.c.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36321

Upstream patch:
8ac9a080be

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2023-36321.patch

@@ -0,0 +1,32 @@
+From 8ac9a080bee25e67e49bd138d81c992ce7b6d899 Mon Sep 17 00:00:00 2001
+From: Michael Methner <mmethner@de.adit-jv.com>
+Date: Fri, 27 Jan 2023 10:51:07 +0100
+Subject: [PATCH] Check for negative index in dlt_file_message
+
+Fixes #436
+
+Signed-off-by: Michael Methner <mmethner@de.adit-jv.com>
+
+CVE: CVE-2023-36321
+Upstream-Status: Backport [https://github.com/michael-methner/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/shared/dlt_common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c
+index 4303c50..34da70a 100644
+--- a/src/shared/dlt_common.c
++++ b/src/shared/dlt_common.c
+@@ -1718,7 +1718,7 @@ DltReturnValue dlt_file_message(DltFile *file, int index, int verbose)
+         return DLT_RETURN_WRONG_PARAMETER;
+
+     /* check if message is in range */
+-    if (index >= file->counter) {
++    if (index < 0 || index >= file->counter) {
+         dlt_vlog(LOG_WARNING, "Message %d out of range!\r\n", index);
+         return DLT_RETURN_WRONG_PARAMETER;
+     }
+--
+2.40.0

meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb

@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \
            file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
            file://0001-Fix-memory-leak.patch \
            file://CVE-2022-39836-CVE-2022-39837.patch \
+           file://CVE-2023-36321.patch \
            "
 SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2"