On Fri, 2022-01-14 at 13:10 -0500, Sakib Sajal wrote: > Please disregard, sorry for the barrage of incomplete patch set.
Do you also have a branch on contrib that I can pull these patches from? Thanks, Anuj > On 2022-01-14 1:03 p.m., Sakib Sajal wrote: > > > Signed-off-by: Sakib Sajal <sakib.sa...@windriver.com> > > --- > > meta/recipes-devtools/qemu/qemu.inc | 1 + > > .../qemu/qemu/CVE-2021-3593.patch | 40 > > +++++++++++++++++++ > > 2 files changed, 41 insertions(+) > > create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021- > > 3593.patch > > > > diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes- > > devtools/qemu/qemu.inc > > index 6c00bf274b..6b544a4344 100644 > > --- a/meta/recipes-devtools/qemu/qemu.inc > > +++ b/meta/recipes-devtools/qemu/qemu.inc > > @@ -73,6 +73,7 @@ SRC_URI = > > "https://download.qemu.org/${BPN}-${PV}.tar.xz \ > > file://CVE-2021-3592_1.patch \ > > file://CVE-2021-3592_2.patch \ > > file://CVE-2021-3592_3.patch \ > > + file://CVE-2021-3593.patch \ > > " > > UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" > > > > diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3593.patch > > b/meta/recipes-devtools/qemu/qemu/CVE-2021-3593.patch > > new file mode 100644 > > index 0000000000..dd14c240a8 > > --- /dev/null > > +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3593.patch > > @@ -0,0 +1,40 @@ > > +From fe99634066e1074aaf55e83b576385877d7e4bcc Mon Sep 17 00:00:00 > > 2001 > > +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= > > <marcandre.lur...@redhat.com> > > +Date: Fri, 4 Jun 2021 16:32:55 +0400 > > +Subject: [PATCH 04/12] upd6: check udp6_input buffer size > > +MIME-Version: 1.0 > > +Content-Type: text/plain; charset=UTF-8 > > +Content-Transfer-Encoding: 8bit > > + > > +Fixes: CVE-2021-3593 > > +Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/45 > > + > > +Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> > > + > > +Upstream-Status: Backport > > [de71c15de66ba9350bf62c45b05f8fbff166517b] > > +CVE: CVE-2021-3593 > > + > > +Signed-off-by: Sakib Sajal <sakib.sa...@windriver.com> > > +--- > > + slirp/src/udp6.c | 5 ++++- > > + 1 file changed, 4 insertions(+), 1 deletion(-) > > + > > +diff --git a/slirp/src/udp6.c b/slirp/src/udp6.c > > +index 6f9486bbc..8c490e4d1 100644 > > +--- a/slirp/src/udp6.c > > ++++ b/slirp/src/udp6.c > > +@@ -28,7 +28,10 @@ void udp6_input(struct mbuf *m) > > + ip = mtod(m, struct ip6 *); > > + m->m_len -= iphlen; > > + m->m_data += iphlen; > > +- uh = mtod(m, struct udphdr *); > > ++ uh = mtod_check(m, sizeof(struct udphdr)); > > ++ if (uh == NULL) { > > ++ goto bad; > > ++ } > > + m->m_len += iphlen; > > + m->m_data -= iphlen; > > + > > +-- > > +2.31.1 > > + > > > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160600): https://lists.openembedded.org/g/openembedded-core/message/160600 Mute This Topic: https://lists.openembedded.org/mt/88427080/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
