summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch')
-rw-r--r--meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch30
1 files changed, 0 insertions, 30 deletions
diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
deleted file mode 100644
index c5a0be86f5..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-ppp: Buffer overflow in radius plugin
-
-From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450
-
-Upstream-Status: Backport
-CVE: CVE-2015-3310
-
-On systems with more than 65535 processes running, pppd aborts when
-sending a "start" accounting message to the RADIUS server because of a
-buffer overflow in rc_mksid.
-
-The process id is used in rc_mksid to generate a pseudo-unique string,
-assuming that the hex representation of the pid will be at most 4
-characters (FFFF). __sprintf_chk(), used when compiling with
-optimization levels greater than 0 and FORTIFY_SOURCE, detects the
-buffer overflow and makes pppd crash.
-
-The following patch fixes the problem.
-
---- ppp-2.4.6.orig/pppd/plugins/radius/util.c
-+++ ppp-2.4.6/pppd/plugins/radius/util.c
-@@ -77,7 +77,7 @@ rc_mksid (void)
- static unsigned short int cnt = 0;
- sprintf (buf, "%08lX%04X%02hX",
- (unsigned long int) time (NULL),
-- (unsigned int) getpid (),
-+ (unsigned int) getpid () % 65535,
- cnt & 0xFF);
- cnt++;
- return buf;
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-24 17:26:15 +0000