diff options
| author |   Alexandru Moise <alexandru.moise@windriver.com> | 2016-09-07 12:34:11 +0300 |
|---|---|---|
| committer |   Martin Jansa <Martin.Jansa@gmail.com> | 2016-09-15 10:22:46 +0200 |
| commit | 4fad615950a92db633d2d46fddd3fc491a853e55 (patch) | |
| tree | 9f3850de7b2d7588a73e7de378c2a8c1415bcac7 /meta-oe/recipes-extended/collectd/collectd | |
| parent | 2f157021ff6376f2e3f96f161db6a72900f85a97 (diff) | |
| download | meta-openembedded-contrib-4fad615950a92db633d2d46fddd3fc491a853e55.tar.gz | |
collectd: CVE-2016-6254
Heap-based buffer overflow in the parse_packet function in network.c in
collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to
cause a denial of service (daemon crash) or possibly execute arbitrary
code via a crafted network packet.
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-extended/collectd/collectd')
| -rw-r--r-- | meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch b/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch new file mode 100644 index 0000000000..bc85b4c0e6 --- /dev/null +++ b/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch @@ -0,0 +1,55 @@ +From dd8483a4beb6f61521d8b32c726523bbea21cd92 Mon Sep 17 00:00:00 2001 +From: Florian Forster <octo@collectd.org> +Date: Tue, 19 Jul 2016 10:00:37 +0200 +Subject: [PATCH] network plugin: Fix heap overflow in parse_packet(). + +Emilien Gaspar has identified a heap overflow in parse_packet(), the +function used by the network plugin to parse incoming network packets. + +This is a vulnerability in collectd, though the scope is not clear at +this point. At the very least specially crafted network packets can be +used to crash the daemon. We can't rule out a potential remote code +execution though. + +Fixes: CVE-2016-6254 + +cherry picked from upstream commit b589096f + +Upstream Status: Backport + +Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> +--- + src/network.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/network.c b/src/network.c +index 551bd5c..cb979b2 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -1444,6 +1444,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ + printed_ignore_warning = 1; + } + buffer = ((char *) buffer) + pkg_length; ++ buffer_size -= (size_t) pkg_length; + continue; + } + #endif /* HAVE_LIBGCRYPT */ +@@ -1471,6 +1472,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ + printed_ignore_warning = 1; + } + buffer = ((char *) buffer) + pkg_length; ++ buffer_size -= (size_t) pkg_length; + continue; + } + #endif /* HAVE_LIBGCRYPT */ +@@ -1612,6 +1614,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ + DEBUG ("network plugin: parse_packet: Unknown part" + " type: 0x%04hx", pkg_type); + buffer = ((char *) buffer) + pkg_length; ++ buffer_size -= (size_t) pkg_length; + } + } /* while (buffer_size > sizeof (part_header_t)) */ + +-- +2.7.4 + |