diff options
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch')
-rw-r--r-- | meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch new file mode 100644 index 0000000000..07f4a18a2f --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch @@ -0,0 +1,38 @@ +From eb87af0c2d189c25294c7daf483a47b03af80c2c Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@secure-endpoints.com> +Date: Wed, 17 Nov 2021 20:00:29 -0500 +Subject: [PATCH] lib/wind: find_normalize read past end of array + +find_normalize() can under some circumstances read one element +beyond the input array. The contents are discarded immediately +without further use. + +This change prevents the unintended read. + +(cherry picked from commit 357a38fc7fb582ae73f4b7f4a90a4b0b871b149e) + +Change-Id: Ia2759a5632d64f7fa6553f879b5bbbf43ba3513e + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c] +CVE: CVE-2022-41916 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/wind/normalize.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/wind/normalize.c b/lib/wind/normalize.c +index 20e8a4a04b..8f3991d10e 100644 +--- a/lib/wind/normalize.c ++++ b/lib/wind/normalize.c +@@ -227,9 +227,9 @@ find_composition(const uint32_t *in, unsigned in_len) + unsigned i; + + if (n % 5 == 0) { +- cur = *in++; + if (in_len-- == 0) + return c->val; ++ cur = *in++; + } + + i = cur >> 16; |