aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTrevor Gamblin <trevor.gamblin@windriver.com>2019-10-11 12:06:57 -0400
committerKhem Raj <raj.khem@gmail.com>2019-10-11 17:09:41 -0700
commita73d898f31236cd83d82c33754a594898acf3016 (patch)
tree954f185d8488ce83aaeb0dc9085880bea25db00a
parent663493e98883ada2a13a6e873700ed0eda654bb3 (diff)
downloadmeta-openembedded-contrib-a73d898f31236cd83d82c33754a594898acf3016.tar.gz
meta-openembedded-contrib-a73d898f31236cd83d82c33754a594898acf3016.tar.bz2
meta-openembedded-contrib-a73d898f31236cd83d82c33754a594898acf3016.zip
rsyslog: fix CVE-2019-17040
Backport CVE-2019-17040 fix to zeus. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
-rw-r--r--meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch31
-rw-r--r--meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb1
2 files changed, 32 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
new file mode 100644
index 0000000000..b494ca687e
--- /dev/null
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
@@ -0,0 +1,31 @@
+From b0894088b680666035a3418326e13bc99d4fed49 Mon Sep 17 00:00:00 2001
+From: Philippe Duveau <pduveau@users.noreply.github.com>
+Date: Tue, 24 Sep 2019 20:45:25 +0200
+Subject: [PATCH] Out of bounds issue
+
+Add a new sanity check after determining the level len.
+---
+ contrib/pmdb2diag/pmdb2diag.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/commit/b0894088b6]
+CVE: CVE-2019-17040
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+diff --git a/contrib/pmdb2diag/pmdb2diag.c b/contrib/pmdb2diag/pmdb2diag.c
+index 2b5916301..5810eb4df 100644
+--- a/contrib/pmdb2diag/pmdb2diag.c
++++ b/contrib/pmdb2diag/pmdb2diag.c
+@@ -134,6 +134,10 @@ CODESTARTparse2
+ ABORT_FINALIZE(0);
+ }
+
++ /* let recheck with the real level len */
++ if(pMsg->iLenRawMsg - (int)pMsg->offAfterPRI < pInst->levelpos+lvl_len)
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++
+ DBGPRINTF("db2parse Level %d\n", pMsg->iSeverity);
+
+ end = (char*)pMsg->pszRawMsg + pMsg->iLenRawMsg ;
+--
+2.17.1
+
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
index bbb4b119a6..bd0dbc1a2d 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
@@ -23,6 +23,7 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t
file://rsyslog.logrotate \
file://use-pkgconfig-to-check-libgcrypt.patch \
file://run-ptest \
+ file://0001-Out-of-bounds-issue.patch \
"
SRC_URI_append_libc-musl = " \