diff options
Diffstat (limited to 'meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch')
| -rw-r--r-- | meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch deleted file mode 100644 index 182c5ca29c..0000000000 --- a/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001 -From: Nathan Crandall <ncrandall@tesla.com> -Date: Tue, 12 Jul 2022 08:56:34 +0200 -Subject: gweb: Fix OOB write in received_data() - -There is a mismatch of handling binary vs. C-string data with memchr -and strlen, resulting in pos, count, and bytes_read to become out of -sync and result in a heap overflow. Instead, do not treat the buffer -as an ASCII C-string. We calculate the count based on the return value -of memchr, instead of strlen. - -Fixes: CVE-2022-32292 - -CVE: CVE-2022-32292 - -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - gweb/gweb.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gweb/gweb.c b/gweb/gweb.c -index 12fcb1d8..13c6c5f2 100644 ---- a/gweb/gweb.c -+++ b/gweb/gweb.c -@@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond, - } - - *pos = '\0'; -- count = strlen((char *) ptr); -+ count = pos - ptr; - if (count > 0 && ptr[count - 1] == '\r') { - ptr[--count] = '\0'; - bytes_read--; --- -cgit - |