diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2016-08-17 14:31:25 -0500 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2016-08-22 16:43:26 +0000 |
commit | 60f9d69e016b11c468c98ea75ba0a60c44afbbc4 (patch) | |
tree | ecb49581a9e41a37943c22cd9ef3f63451b20ee7 /import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch | |
parent | e18c61205e0234b03697129c20cc69c9b3940efc (diff) | |
download | blackbird-openbmc-60f9d69e016b11c468c98ea75ba0a60c44afbbc4.tar.gz blackbird-openbmc-60f9d69e016b11c468c98ea75ba0a60c44afbbc4.zip |
yocto-poky: Move to import-layers subdir
We are going to import additional layers, so create a subdir to
hold all of the layers that we import with git-subtree.
Change-Id: I6f732153a22be8ca663035c518837e3cc5ec0799
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch')
-rw-r--r-- | import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch new file mode 100644 index 000000000..c5a0be86f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch @@ -0,0 +1,30 @@ +ppp: Buffer overflow in radius plugin + +From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450 + +Upstream-Status: Backport +CVE: CVE-2015-3310 + +On systems with more than 65535 processes running, pppd aborts when +sending a "start" accounting message to the RADIUS server because of a +buffer overflow in rc_mksid. + +The process id is used in rc_mksid to generate a pseudo-unique string, +assuming that the hex representation of the pid will be at most 4 +characters (FFFF). __sprintf_chk(), used when compiling with +optimization levels greater than 0 and FORTIFY_SOURCE, detects the +buffer overflow and makes pppd crash. + +The following patch fixes the problem. + +--- ppp-2.4.6.orig/pppd/plugins/radius/util.c ++++ ppp-2.4.6/pppd/plugins/radius/util.c +@@ -77,7 +77,7 @@ rc_mksid (void) + static unsigned short int cnt = 0; + sprintf (buf, "%08lX%04X%02hX", + (unsigned long int) time (NULL), +- (unsigned int) getpid (), ++ (unsigned int) getpid () % 65535, + cnt & 0xFF); + cnt++; + return buf; |