]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 44d8263)
lrzsz: fix CVE-2018-10195
authorRoss Burton <ross.burton@intel.com>
Tue, 11 Sep 2018 09:37:40 +0000 (10:37 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 11 Sep 2018 09:46:12 +0000 (10:46 +0100)
"Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak
information to receiver."

Take a patch from Fedora to resolve CVE-2018-10195.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch [new file with mode: 0644] patch | blob
meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb patch | blob | history

diff --git a/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch b/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch
new file mode 100644 (file)
index 0000000..dea2986
--- /dev/null
+++ b/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch
@@ -0,0 +1,28 @@
+Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver.
+
+Patch taken from Fedora.
+
+CVE: CVE-2018-10195
+Upstream-Status: Inappropriate (dead upstream)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff -urN lrzsz-0.12.20/src/zm.c lrzsz-0.12.20.new/src/zm.c
+--- lrzsz-0.12.20/src/zm.c     Tue Dec 29 09:48:38 1998
++++ lrzsz-0.12.20.new/src/zm.c Tue Oct  8 12:46:58 2002
+@@ -431,10 +431,12 @@
+       VPRINTF(3,("zsdata: %lu %s", (unsigned long) length, 
+               Zendnames[(frameend-ZCRCE)&3]));
+       crc = 0;
+-      do {
+-              zsendline(*buf); crc = updcrc((0377 & *buf), crc);
+-              buf++;
+-      } while (--length>0);
++
++      for( ; length; length--) {
++        zsendline(*buf); crc = updcrc((0377 & *buf), crc);
++        buf++;
++      }
++
+       xsendline(ZDLE); xsendline(frameend);
+       crc = updcrc(frameend, crc);
\ No newline at end of file
diff --git a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
index 4b349be32f7586aeb300894b1c7b5fc773fb7af3..002c774c6d8f2841caf893a5f8d17d28e939ed96 100644 (file)
--- a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
+++ b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://www.ohse.de/uwe/releases/lrzsz-${PV}.tar.gz \
           file://acdefine.patch \
           file://lrzsz_fix_for_automake-1.12.patch \
            file://lrzsz-check-locale.h.patch \
+           file://cve-2018-10195.patch \
            "
 
 SRC_URI[md5sum] = "b5ce6a74abc9b9eb2af94dffdfd372a4"
Mirror of the official openembedded-core repository