diff options
Diffstat (limited to 'meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch')
-rw-r--r-- | meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch b/meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch new file mode 100644 index 0000000000..c1b00c740e --- /dev/null +++ b/meta/recipes-extended/sudo/files/CVE-2021-3156-4.patch @@ -0,0 +1,29 @@ +Upstream-Status: Backport [https://www.sudo.ws/repos/sudo/rev/09f98816fc89] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +CVE: CVE-2021-3156 + +# HG changeset patch +# User Todd C. Miller <Todd.Miller@sudo.ws> +# Date 1611416640 25200 +# Node ID 09f98816fc8978f1d8623a857073d2d5746f0379 +# Parent 049ad90590be1e5dfb7df2675d2eb3e37c96ab86 +Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL. +We want to zero the struct starting at flags, not type (which was just set). +Found by Qualys. + +diff -r 049ad90590be -r 09f98816fc89 plugins/sudoers/timestamp.c +--- a/plugins/sudoers/timestamp.c Sat Jan 23 08:43:59 2021 -0700 ++++ b/plugins/sudoers/timestamp.c Sat Jan 23 08:44:00 2021 -0700 +@@ -643,8 +643,8 @@ + if (entry.size == sizeof(struct timestamp_entry_v1)) { + /* Old sudo record, convert it to TS_LOCKEXCL. */ + entry.type = TS_LOCKEXCL; +- memset((char *)&entry + offsetof(struct timestamp_entry, type), 0, +- nread - offsetof(struct timestamp_entry, type)); ++ memset((char *)&entry + offsetof(struct timestamp_entry, flags), 0, ++ nread - offsetof(struct timestamp_entry, flags)); + if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1) + debug_return_bool(false); + } else { + + |