diff options
author | Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | 2022-11-14 20:20:23 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-23 00:26:19 +0000 |
commit | e2db40ca49b8ed217f14c7f861087837e8b3f389 (patch) | |
tree | 4f25ba0739a0e7f7ca7b97ad1ea7a95bc6026439 /meta | |
parent | d1bdb663e6a69993d3f42547a27296b606965d47 (diff) | |
download | openembedded-core-contrib-e2db40ca49b8ed217f14c7f861087837e8b3f389.tar.gz |
systemd: Fix CVE-2022-3821 issue
An off-by-one Error issue was discovered in Systemd in format_timespan()
function of time-util.c. An attacker could supply specific values for
time and accuracy that leads to buffer overrun in format_timespan(),
leading to a Denial of Service.
Add a patch to solve above CVE issue
Link: https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/systemd/systemd/CVE-2022-3821.patch | 47 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd_244.5.bb | 1 |
2 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch b/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch new file mode 100644 index 0000000000..f9c6704cfc --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch @@ -0,0 +1,47 @@ +From 9102c625a673a3246d7e73d8737f3494446bad4e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 7 Jul 2022 18:27:02 +0900 +Subject: [PATCH] time-util: fix buffer-over-run + +Fixes #23928. + +CVE: CVE-2022-3821 +Upstream-Status: Backport [https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e.patch] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> +Comment: Both the hunks refreshed to backport + +--- + src/basic/time-util.c | 2 +- + src/test/test-time-util.c | 5 +++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index abbc4ad5cd70..26d59de12348 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -514,7 +514,7 @@ char *format_timespan(char *buf, size_t + t = b; + } + +- n = MIN((size_t) k, l); ++ n = MIN((size_t) k, l-1); + + l -= n; + p += n; +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index e8e4e2a67bb1..58c5fa9be40c 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -501,6 +501,12 @@ int main(int argc, char *argv[]) { + test_format_timespan(1); + test_format_timespan(USEC_PER_MSEC); + test_format_timespan(USEC_PER_SEC); ++ ++ /* See issue #23928. */ ++ _cleanup_free_ char *buf; ++ assert_se(buf = new(char, 5)); ++ assert_se(buf == format_timespan(buf, 5, 100005, 1000)); ++ + test_timezone_is_valid(); + test_get_timezones(); + test_usec_add(); diff --git a/meta/recipes-core/systemd/systemd_244.5.bb b/meta/recipes-core/systemd/systemd_244.5.bb index f3e5395465..77ef2bc42f 100644 --- a/meta/recipes-core/systemd/systemd_244.5.bb +++ b/meta/recipes-core/systemd/systemd_244.5.bb @@ -33,6 +33,7 @@ SRC_URI += "file://touchscreen.rules \ file://CVE-2021-3997-1.patch \ file://CVE-2021-3997-2.patch \ file://CVE-2021-3997-3.patch \ + file://CVE-2022-3821.patch \ " # patches needed by musl |