diff options
Diffstat (limited to 'yocto-poky/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2224.patch')
-rw-r--r-- | yocto-poky/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2224.patch | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/yocto-poky/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2224.patch b/yocto-poky/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2224.patch deleted file mode 100644 index 218b60a85..000000000 --- a/yocto-poky/meta/recipes-core/uclibc/uclibc-git/CVE-2016-2224.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 16719c1a7078421928e6d31dd1dec574825ef515 Mon Sep 17 00:00:00 2001 -From: Waldemar Brodkorb <wbx@openadk.org> -Date: Sun, 17 Jan 2016 15:47:22 +0100 -Subject: [PATCH] Do not follow compressed items forever. - -It is possible to get stuck in an infinite loop when receiving a -specially crafted DNS reply. Exit the loop after a number of iteration -and consider the packet invalid. - -Signed-off-by: Daniel Fahlgren <daniel@fahlgren.se> -Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org> - -Upstream-status: Backport -http://repo.or.cz/uclibc-ng.git/commit/16719c1a7078421928e6d31dd1dec574825ef515 - -CVE: CVE-2016-2224 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - libc/inet/resolv.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -Index: git/libc/inet/resolv.c -=================================================================== ---- git.orig/libc/inet/resolv.c -+++ git/libc/inet/resolv.c -@@ -666,11 +666,12 @@ int __decode_dotted(const unsigned char - bool measure = 1; - unsigned total = 0; - unsigned used = 0; -+ unsigned maxiter = 256; - - if (!packet) - return -1; - -- while (1) { -+ while (--maxiter) { - if (offset >= packet_len) - return -1; - b = packet[offset++]; -@@ -707,6 +708,8 @@ int __decode_dotted(const unsigned char - else - dest[used++] = '\0'; - } -+ if (!maxiter) -+ return -1; - - /* The null byte must be counted too */ - if (measure) |