]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 1af360c)
shadow: CVE-2016-6252
authorArmin Kuster <akuster808@gmail.com>
Mon, 24 Sep 2018 15:42:11 +0000 (08:42 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 10 Oct 2018 12:26:53 +0000 (13:26 +0100)
Backport patch from the upstream
https://github.com/shadow-maint/shadow/commit/
1d5a926cc2d6078d23a96222b1ef3e558724dad1

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-extended/shadow/files/CVE-2016-6252.patch [new file with mode: 0644] patch | blob
meta/recipes-extended/shadow/shadow.inc patch | blob | history

diff --git a/meta/recipes-extended/shadow/files/CVE-2016-6252.patch b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch
new file mode 100644 (file)
index 0000000..bdaba5e
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch
@@ -0,0 +1,48 @@
+From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
+From: Sebastian Krahmer <krahmer@suse.com>
+Date: Wed, 3 Aug 2016 11:51:07 -0500
+Subject: [PATCH] Simplify getulong
+
+Use strtoul to read an unsigned long, rather than reading
+a signed long long and casting it.
+
+https://bugzilla.suse.com/show_bug.cgi?id=979282
+
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ lib/getulong.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/lib/getulong.c b/lib/getulong.c
+index 61579ca..08d2c1a 100644
+--- a/lib/getulong.c
++++ b/lib/getulong.c
+@@ -44,22 +44,19 @@
+  */
+ int getulong (const char *numstr, /*@out@*/unsigned long int *result)
+ {
+-      long long int val;
++      unsigned long int val;
+       char *endptr;
+       errno = 0;
+-      val = strtoll (numstr, &endptr, 0);
++      val = strtoul (numstr, &endptr, 0);
+       if (    ('\0' == *numstr)
+            || ('\0' != *endptr)
+            || (ERANGE == errno)
+-           /*@+ignoresigns@*/
+-           || (val != (unsigned long int)val)
+-           /*@=ignoresigns@*/
+          ) {
+               return 0;
+       }
+-      *result = (unsigned long int)val;
++      *result = val;
+       return 1;
+ }
+-- 
+1.9.1
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 18eba72895ce718645037c04542647ca23c38612..f3f5bf6f072140e57ffe29007de03b768fb39056 100644 (file)
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -22,6 +22,7 @@ SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \
            file://CVE-2017-2616.patch \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
            file://CVE-2018-7169.patch \
+           file://CVE-2016-6252.patch \
            "
 
 SRC_URI_append_class-target = " \
Mirror of the official openembedded-core repository