This patch appears to be intended for meta-openembedded, not oe-core. You should resend to: [email protected]
Steve On Sun, Jun 19, 2022 at 6:44 PM Hitendra Prajapati <[email protected]> wrote: > > Source: https://github.com/cyrusimap/cyrus-sasl > MR: 118501 > Type: Security Fix > Disposition: Backport from > https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc > ChangeID: 5e0fc4c28d97b498128e4aa5d3e7c012e914ef51 > Description: > CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows > an attacker to execute arbitrary SQL commands. > > Signed-off-by: Hitendra Prajapati <[email protected]> > --- > .../cyrus-sasl/CVE-2022-24407.patch | 83 +++++++++++++++++++ > .../cyrus-sasl/cyrus-sasl_2.1.27.bb | 1 + > 2 files changed, 84 insertions(+) > create mode 100644 > meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch > > diff --git > a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch > b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch > new file mode 100644 > index 000000000..0ddea03c6 > --- /dev/null > +++ > b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch > @@ -0,0 +1,83 @@ > +From 906b863c5308567086c6437ce17335b1922a78d1 Mon Sep 17 00:00:00 2001 > +From: Hitendra Prajapati <[email protected]> > +Date: Wed, 15 Jun 2022 10:44:50 +0530 > +Subject: [PATCH] CVE-2022-24407 > + > +Upstream-Status: Backport > [https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc] > +CVE: CVE-2022-24407 > +Signed-off-by: Hitendra Prajapati <[email protected]> > +--- > + plugins/sql.c | 26 +++++++++++++++++++++++--- > + 1 file changed, 23 insertions(+), 3 deletions(-) > + > +diff --git a/plugins/sql.c b/plugins/sql.c > +index 95f5f707..5d20759b 100644 > +--- a/plugins/sql.c > ++++ b/plugins/sql.c > +@@ -1150,6 +1150,7 @@ static int sql_auxprop_store(void *glob_context, > + char *statement = NULL; > + char *escap_userid = NULL; > + char *escap_realm = NULL; > ++ char *escap_passwd = NULL; > + const char *cmd; > + > + sql_settings_t *settings; > +@@ -1221,6 +1222,11 @@ static int sql_auxprop_store(void *glob_context, > + "Unable to begin transaction\n"); > + } > + for (cur = to_store; ret == SASL_OK && cur->name; cur++) { > ++ /* Free the buffer, current content is from previous loop. */ > ++ if (escap_passwd) { > ++ sparams->utils->free(escap_passwd); > ++ escap_passwd = NULL; > ++ } > + > + if (cur->name[0] == '*') { > + continue; > +@@ -1242,19 +1248,32 @@ static int sql_auxprop_store(void *glob_context, > + } > + sparams->utils->free(statement); > + > ++ if (cur->values[0]) { > ++ escap_passwd = (char > *)sparams->utils->malloc(strlen(cur->values[0])*2+1); > ++ if (!escap_passwd) { > ++ ret = SASL_NOMEM; > ++ break; > ++ } > ++ settings->sql_engine->sql_escape_str(escap_passwd, > cur->values[0]); > ++ } > ++ > + /* create a statement that we will use */ > + statement = sql_create_statement(cmd, cur->name, escap_userid, > + escap_realm, > +- cur->values && cur->values[0] ? > +- cur->values[0] : SQL_NULL_VALUE, > ++ escap_passwd ? > ++ escap_passwd : SQL_NULL_VALUE, > + sparams->utils); > ++ if (!statement) { > ++ ret = SASL_NOMEM; > ++ break; > ++ } > + > + { > + char *log_statement = > + sql_create_statement(cmd, cur->name, > + escap_userid, > + escap_realm, > +- cur->values && cur->values[0] ? > ++ escap_passwd ? > + "<omitted>" : SQL_NULL_VALUE, > + sparams->utils); > + sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, > +@@ -1287,6 +1306,7 @@ static int sql_auxprop_store(void *glob_context, > + done: > + if (escap_userid) sparams->utils->free(escap_userid); > + if (escap_realm) sparams->utils->free(escap_realm); > ++ if (escap_passwd) sparams->utils->free(escap_passwd); > + if (conn) settings->sql_engine->sql_close(conn); > + if (userid) sparams->utils->free(userid); > + if (realm) sparams->utils->free(realm); > +-- > +2.25.1 > + > diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb > b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb > index db5f94444..3e7056d67 100644 > --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb > +++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb > @@ -17,6 +17,7 @@ SRC_URI = > "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=master \ > > file://0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch \ > file://0001-makeinit.sh-fix-parallel-build-issue.patch \ > file://CVE-2019-19906.patch \ > + file://CVE-2022-24407.patch \ > " > > UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives"; > -- > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#167117): https://lists.openembedded.org/g/openembedded-core/message/167117 Mute This Topic: https://lists.openembedded.org/mt/91871133/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
