diff options
Diffstat (limited to 'meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch')
-rw-r--r-- | meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch deleted file mode 100644 index 75065eb054..0000000000 --- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch +++ /dev/null @@ -1,38 +0,0 @@ -Upstream-status: Backport -CVE: CVE-2020-29394 -From 7f5cd5404a03fa330e192084f6bdafb2dc9bdcb7 Mon Sep 17 00:00:00 2001 -From: GwanYeong Kim <gy741.kim@gmail.com> -Date: Sat, 28 Nov 2020 12:24:46 +0900 -Subject: [PATCH] dlt_common: Fix buffer overflow in dlt_filter_load - -A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument. - -Fixed: #274 - -Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> ---- - src/shared/dlt_common.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c -index 254f4ce4..d15b1cec 100644 ---- a/src/shared/dlt_common.c -+++ b/src/shared/dlt_common.c -@@ -404,7 +404,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb - while (!feof(handle)) { - str1[0] = 0; - -- if (fscanf(handle, "%s", str1) != 1) -+ if (fscanf(handle, "%254s", str1) != 1) - break; - - if (str1[0] == 0) -@@ -419,7 +419,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb - - str1[0] = 0; - -- if (fscanf(handle, "%s", str1) != 1) -+ if (fscanf(handle, "%254s", str1) != 1) - break; - - if (str1[0] == 0) |