[OE-core] [PATCH 3/3] systemd: fix CVE-2018-15688
Chen Qi
Qi.Chen at windriver.com
Fri Nov 2 01:53:51 UTC 2018
Backport patch to fix the following CVE.
CVE: CVE-2018-15688
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
---
...sure-we-have-enough-space-for-the-DHCP6-o.patch | 36 ++++++++++++++++++++++
meta/recipes-core/systemd/systemd_239.bb | 1 +
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
diff --git a/meta/recipes-core/systemd/systemd/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch b/meta/recipes-core/systemd/systemd/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
new file mode 100644
index 0000000..86dfe6c
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
@@ -0,0 +1,36 @@
+From a6af1af8b8fa887533b048f74a6c932d99d204ed Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart at poettering.net>
+Date: Fri, 19 Oct 2018 12:12:33 +0200
+Subject: [PATCH] dhcp6: make sure we have enough space for the DHCP6 option
+ header
+
+Fixes a vulnerability originally discovered by Felix Wilhelm from
+Google.
+
+CVE-2018-15688
+LP: #1795921
+https://bugzilla.redhat.com/show_bug.cgi?id=1639067
+
+Upstream-Status: Backport
+
+Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
+---
+ src/libsystemd-network/dhcp6-option.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
+index 18196b1..0979497 100644
+--- a/src/libsystemd-network/dhcp6-option.c
++++ b/src/libsystemd-network/dhcp6-option.c
+@@ -103,7 +103,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
+ return -EINVAL;
+ }
+
+- if (*buflen < len)
++ if (*buflen < offsetof(DHCP6Option, data) + len)
+ return -ENOBUFS;
+
+ ia_hdr = *buf;
+--
+2.7.4
+
diff --git a/meta/recipes-core/systemd/systemd_239.bb b/meta/recipes-core/systemd/systemd_239.bb
index 47fff40..3dbeaac 100644
--- a/meta/recipes-core/systemd/systemd_239.bb
+++ b/meta/recipes-core/systemd/systemd_239.bb
@@ -32,6 +32,7 @@ SRC_URI += "file://touchscreen.rules \
file://0023-resolvconf-fixes-for-the-compatibility-interface.patch \
file://0001-core-when-deserializing-state-always-use-read_line-L.patch \
file://0001-chown-recursive-let-s-rework-the-recursive-logic-to-.patch \
+ file://0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch \
"
# patches made for musl are only applied on TCLIBC is musl
--
1.9.1
More information about the Openembedded-core
mailing list