diff options
| author |   Hugo SIMELIERE <hsimeliere.opensource@witekio.com> | 2023-04-26 14:09:58 -0400 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2023-05-03 11:16:53 -0400 |
| commit | 34f5646bba98b909d44e3bf29cd8853199b8197a (patch) | |
| tree | 5f7e865cc811fc4aa6afba01de7ff593097a137b | |
| parent | 0a8fa5e716bda609b0fd404c88744ab920c96596 (diff) | |
| download | meta-openembedded-contrib-34f5646bba98b909d44e3bf29cd8853199b8197a.tar.gz | |
libmodbus: Fix CVE-2022-0367
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch | 38 | ||||
| -rw-r--r-- | meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb | 5 |
2 files changed, 42 insertions, 1 deletions
diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch b/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch new file mode 100644 index 0000000000..2aec818574 --- /dev/null +++ b/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch @@ -0,0 +1,38 @@ +From 790ff6dad16b70e68804a2d53ad54db40412e889 Mon Sep 17 00:00:00 2001 +From: Michael Heimpold <mhei@heimpold.de> +Date: Sat, 8 Jan 2022 20:00:50 +0100 +Subject: [PATCH] modbus_reply: fix copy & paste error in sanity check (fixes + #614) + +[ Upstream commit b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 ] + +While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets +must be checked, i.e. the read and the write address must be within the +mapping range. + +At the moment, only the read address was considered, it looks like a +simple copy and paste error, so let's fix it. + +CVE: CVE-2022-0367 + +Signed-off-by: Michael Heimpold <mhei@heimpold.de> +--- + src/modbus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/modbus.c b/src/modbus.c +index 68a28a3..c871152 100644 +--- a/src/modbus.c ++++ b/src/modbus.c +@@ -961,7 +961,7 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, + nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS); + } else if (mapping_address < 0 || + (mapping_address + nb) > mb_mapping->nb_registers || +- mapping_address < 0 || ++ mapping_address_write < 0 || + (mapping_address_write + nb_write) > mb_mapping->nb_registers) { + rsp_length = response_exception( + ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, +-- +2.39.1 + diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb index 075487ae90..5c59312760 100644 --- a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb +++ b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb @@ -2,7 +2,10 @@ require libmodbus.inc SRC_URI += "file://f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch \ file://Fix-float-endianness-issue-on-big-endian-arch.patch \ - file://Fix-typo.patch" + file://Fix-typo.patch \ + file://CVE-2022-0367.patch \ + " + SRC_URI[md5sum] = "15c84c1f7fb49502b3efaaa668cfd25e" SRC_URI[sha256sum] = "d7d9fa94a16edb094e5fdf5d87ae17a0dc3f3e3d687fead81835d9572cf87c16" |