mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

usrsctp: patch CVE-2019-20503

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-20503

Pick the patch mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2025-11-14 20:45:20 +01:00
parent 57bbdc95e7
commit eeda504ce9
2 changed files with 56 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-protocols/usrsctp/usrsctp/CVE-2019-20503.patch
+54
View File
@@ -0,0 +1,54 @@
From c7f318fc788472da19f0a2579d2c2d439e362f04 Mon Sep 17 00:00:00 2001
From: Michael Tuexen <tuexen@fh-muenster.de>
Date: Fri, 20 Dec 2019 17:02:02 +0100
Subject: [PATCH] Improve input validation for some parameters having a too
small reported length.
Thanks to Natalie Silvanovich from Google for finding one of these
issues in the SCTP userland stack and reporting it.
CVE: CVE-2019-20503
Upstream-Status: Backport [https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
usrsctplib/netinet/sctp_auth.c | 3 ++-
usrsctplib/netinet/sctp_pcb.c | 5 ++++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/usrsctplib/netinet/sctp_auth.c b/usrsctplib/netinet/sctp_auth.c
index 5e5813b..0660af4 100755
--- a/usrsctplib/netinet/sctp_auth.c
+++ b/usrsctplib/netinet/sctp_auth.c
@@ -1455,7 +1455,8 @@ sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m,
ptype = ntohs(phdr->param_type);
plen = ntohs(phdr->param_length);
- if ((plen == 0) || (offset + plen > length))
+ if ((plen < sizeof(struct sctp_paramhdr)) ||
+ (offset + plen > length))
break;
if (ptype == SCTP_RANDOM) {
diff --git a/usrsctplib/netinet/sctp_pcb.c b/usrsctplib/netinet/sctp_pcb.c
index 6629f24..b99d089 100755
--- a/usrsctplib/netinet/sctp_pcb.c
+++ b/usrsctplib/netinet/sctp_pcb.c
@@ -7245,7 +7245,7 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
if (offset + plen > limit) {
break;
}
- if (plen == 0) {
+ if (plen < sizeof(struct sctp_paramhdr)) {
break;
}
#ifdef INET
@@ -7461,6 +7461,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
if (plen > sizeof(lstore)) {
return (-23);
}
+ if (plen < sizeof(struct sctp_asconf_addrv4_param)) {
+ return (-101);
+ }
phdr = sctp_get_next_param(m, offset,
(struct sctp_paramhdr *)&lstore,
plen);
meta-networking/recipes-protocols/usrsctp/usrsctp_git.bb
+2 -1
View File
@@ -4,7 +4,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=ffcf846341f3856d79a483eafa18e2a5"
SRCREV = "a10cd498d964508c0e6ec6bd2be9dd4afcbb4d86"
SRC_URI = "git://github.com/sctplab/usrsctp;protocol=https;branch=master \
"
file://CVE-2019-20503.patch \
"
S = "${WORKDIR}/git"