diff options
| author |   Chen Qi <Qi.Chen@windriver.com> | 2016-12-22 16:37:00 +0800 |
|---|---|---|
| committer | Chen Qi <Qi.Chen@windriver.com> | 2017-01-03 16:45:12 +0800 |
| commit | 0615a5dfe258d66aee2b41a980536bbffe6874de (patch) | |
| tree | 45b4020569a6f7e0812d9a511d36478b0b65e86f /meta/recipes-core/busybox/busybox/CVE-2016-2148.patch | |
| parent | 425afe2484707640ac71194885fdb263e95e9950 (diff) | |
| download | openembedded-core-contrib-ChenQi/busybox-1.25.1.tar.gz | |
busybox: upgrade to 1.25.1ChenQi/busybox-1.25.1
Upgrade busybox to 1.25.1. Also upgrade the git version to the corresponding
commit.
Patches backported, merged or the problem it covers is solved in another way
upstream are removed. Other patches are rebased.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Diffstat (limited to 'meta/recipes-core/busybox/busybox/CVE-2016-2148.patch')
| -rw-r--r-- | meta/recipes-core/busybox/busybox/CVE-2016-2148.patch | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-2148.patch b/meta/recipes-core/busybox/busybox/CVE-2016-2148.patch deleted file mode 100644 index af04a7f5bd..0000000000 --- a/meta/recipes-core/busybox/busybox/CVE-2016-2148.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 352f79acbd759c14399e39baef21fc4ffe180ac2 Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko <vda.linux@googlemail.com> -Date: Fri, 26 Feb 2016 15:54:56 +0100 -Subject: [PATCH] udhcpc: fix OPTION_6RD parsing (could overflow its malloced - buffer) - -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> - -Upstream-Status: Backport -CVE: CVE-2016-2148 -https://git.busybox.net/busybox/commit/?id=352f79 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - networking/udhcp/common.c | 15 +++++++++++++-- - networking/udhcp/dhcpc.c | 4 ++-- - 2 files changed, 15 insertions(+), 4 deletions(-) - -Index: busybox-1.23.2/networking/udhcp/common.c -=================================================================== ---- busybox-1.23.2.orig/networking/udhcp/common.c -+++ busybox-1.23.2/networking/udhcp/common.c -@@ -142,7 +142,7 @@ const char dhcp_option_strings[] ALIGN1 - * udhcp_str2optset: to determine how many bytes to allocate. - * xmalloc_optname_optval: to estimate string length - * from binary option length: (option[LEN] / dhcp_option_lengths[opt_type]) -- * is the number of elements, multiply in by one element's string width -+ * is the number of elements, multiply it by one element's string width - * (len_of_option_as_string[opt_type]) and you know how wide string you need. - */ - const uint8_t dhcp_option_lengths[] ALIGN1 = { -@@ -162,7 +162,18 @@ const uint8_t dhcp_option_lengths[] ALIG - [OPTION_S32] = 4, - /* Just like OPTION_STRING, we use minimum length here */ - [OPTION_STATIC_ROUTES] = 5, -- [OPTION_6RD] = 22, /* ignored by udhcp_str2optset */ -+ [OPTION_6RD] = 12, /* ignored by udhcp_str2optset */ -+ /* The above value was chosen as follows: -+ * len_of_option_as_string[] for this option is >60: it's a string of the form -+ * "32 128 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 255.255.255.255 ". -+ * Each additional ipv4 address takes 4 bytes in binary option and appends -+ * another "255.255.255.255 " 16-byte string. We can set [OPTION_6RD] = 4 -+ * but this severely overestimates string length: instead of 16 bytes, -+ * it adds >60 for every 4 bytes in binary option. -+ * We cheat and declare here that option is in units of 12 bytes. -+ * This adds more than 60 bytes for every three ipv4 addresses - more than enough. -+ * (Even 16 instead of 12 should work, but let's be paranoid). -+ */ - }; - - -Index: busybox-1.23.2/networking/udhcp/dhcpc.c -=================================================================== ---- busybox-1.23.2.orig/networking/udhcp/dhcpc.c -+++ busybox-1.23.2/networking/udhcp/dhcpc.c -@@ -103,7 +103,7 @@ static const uint8_t len_of_option_as_st - [OPTION_IP ] = sizeof("255.255.255.255 "), - [OPTION_IP_PAIR ] = sizeof("255.255.255.255 ") * 2, - [OPTION_STATIC_ROUTES ] = sizeof("255.255.255.255/32 255.255.255.255 "), -- [OPTION_6RD ] = sizeof("32 128 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 255.255.255.255 "), -+ [OPTION_6RD ] = sizeof("132 128 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 255.255.255.255 "), - [OPTION_STRING ] = 1, - [OPTION_STRING_HOST ] = 1, - #if ENABLE_FEATURE_UDHCP_RFC3397 -@@ -214,7 +214,7 @@ static NOINLINE char *xmalloc_optname_op - type = optflag->flags & OPTION_TYPE_MASK; - optlen = dhcp_option_lengths[type]; - upper_length = len_of_option_as_string[type] -- * ((unsigned)(len + optlen - 1) / (unsigned)optlen); -+ * ((unsigned)(len + optlen) / (unsigned)optlen); - - dest = ret = xmalloc(upper_length + strlen(opt_name) + 2); - dest += sprintf(ret, "%s=", opt_name); |