diff options
Diffstat (limited to 'meta/recipes-core/busybox/busybox/CVE-2016-2147.patch')
-rw-r--r-- | meta/recipes-core/busybox/busybox/CVE-2016-2147.patch | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-2147.patch b/meta/recipes-core/busybox/busybox/CVE-2016-2147.patch deleted file mode 100644 index 84cae6aa2c..0000000000 --- a/meta/recipes-core/busybox/busybox/CVE-2016-2147.patch +++ /dev/null @@ -1,57 +0,0 @@ -From d474ffc68290e0a83651c4432eeabfa62cd51e87 Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko <vda.linux@googlemail.com> -Date: Thu, 10 Mar 2016 11:47:58 +0100 -Subject: [PATCH] udhcp: fix a SEGV on malformed RFC1035-encoded domain name - -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> - -Upstream-Status: Backport -CVE: CVE-2016-2147 - -https://git.busybox.net/busybox/commit/?id=d474ffc -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - networking/udhcp/domain_codec.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -Index: busybox-1.23.2/networking/udhcp/domain_codec.c -=================================================================== ---- busybox-1.23.2.orig/networking/udhcp/domain_codec.c -+++ busybox-1.23.2/networking/udhcp/domain_codec.c -@@ -63,11 +63,10 @@ char* FAST_FUNC dname_dec(const uint8_t - if (crtpos + *c + 1 > clen) /* label too long? abort */ - return NULL; - if (dst) -- memcpy(dst + len, c + 1, *c); -+ /* \3com ---> "com." */ -+ ((char*)mempcpy(dst + len, c + 1, *c))[0] = '.'; - len += *c + 1; - crtpos += *c + 1; -- if (dst) -- dst[len - 1] = '.'; - } else { - /* NUL: end of current domain name */ - if (retpos == 0) { -@@ -78,7 +77,10 @@ char* FAST_FUNC dname_dec(const uint8_t - crtpos = retpos; - retpos = depth = 0; - } -- if (dst) -+ if (dst && len != 0) -+ /* \4host\3com\0\4host and we are at \0: -+ * \3com was converted to "com.", change dot to space. -+ */ - dst[len - 1] = ' '; - } - -@@ -228,6 +230,9 @@ int main(int argc, char **argv) - int len; - uint8_t *encoded; - -+ uint8_t str[6] = { 0x00, 0x00, 0x02, 0x65, 0x65, 0x00 }; -+ printf("NUL:'%s'\n", dname_dec(str, 6, "")); -+ - #define DNAME_DEC(encoded,pre) dname_dec((uint8_t*)(encoded), sizeof(encoded), (pre)) - printf("'%s'\n", DNAME_DEC("\4host\3com\0", "test1:")); - printf("test2:'%s'\n", DNAME_DEC("\4host\3com\0\4host\3com\0", "")); |