The CVE-2014-9645 fix was merged in Busybox prior to the 1.23.0 release [1]. The fix was then reworked in Busybox 1.23.1, in such a way that the original change was no longer required [2].
Although oe-core's CVE-2014-9645 patch still applies cleanly to Busybox 1.23.1 and 1.23.2, applying it partially reverts the second version of the upstream fix. [1] http://git.busybox.net/busybox/commit/modutils/modprobe.c?h=1_23_stable&id=4e314faa0aecb66717418e9a47a4451aec59262b [2] http://git.busybox.net/busybox/commit/modutils/modprobe.c?h=1_23_stable&id=1ecfe811fe2f70380170ef7d820e8150054e88ca This is a fido (busybox 1.23.1) backport of the fix already in oe-core master (busybox 1.23.2): http://git.openembedded.org/openembedded-core/commit/?id=a753d3d8884b96baad5ed1a03335a81586420b86 Signed-off-by: Andre McCurdy <armccu...@gmail.com> --- ..._busybox_reject_module_names_with_slashes.patch | 41 ---------------------- meta/recipes-core/busybox/busybox_1.23.1.bb | 1 - 2 files changed, 42 deletions(-) delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch diff --git a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch deleted file mode 100644 index 4e76067..0000000 --- a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch +++ /dev/null @@ -1,41 +0,0 @@ -Upstream-status: Backport -http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b - -CVE-2014-9645 fix. - -[YOCTO #7257] - -Signed-off-by: Armin Kuster <akus...@mvista.com> - -From 4e314faa0aecb66717418e9a47a4451aec59262b Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko <vda.li...@googlemail.com> -Date: Thu, 20 Nov 2014 17:24:33 +0000 -Subject: modprobe,rmmod: reject module names with slashes - -function old new delta -add_probe 86 113 +27 - -Signed-off-by: Denys Vlasenko <vda.li...@googlemail.com> ---- -Index: busybox-1.22.1/modutils/modprobe.c -=================================================================== ---- busybox-1.22.1.orig/modutils/modprobe.c -+++ busybox-1.22.1/modutils/modprobe.c -@@ -238,6 +238,17 @@ static void add_probe(const char *name) - { - struct module_entry *m; - -+ /* -+ * get_or_add_modentry() strips path from name and works -+ * on remaining basename. -+ * This would make "rmmod dir/name" and "modprobe dir/name" -+ * to work like "rmmod name" and "modprobe name", -+ * which is wrong, and can be abused via implicit modprobing: -+ * "ifconfig /usbserial up" tries to modprobe netdev-/usbserial. -+ */ -+ if (strchr(name, '/')) -+ bb_error_msg_and_die("malformed module name '%s'", name); -+ - m = get_or_add_modentry(name); - if (!(option_mask32 & (OPT_REMOVE | OPT_SHOW_DEPS)) - && (m->flags & MODULE_FLAG_LOADED) diff --git a/meta/recipes-core/busybox/busybox_1.23.1.bb b/meta/recipes-core/busybox/busybox_1.23.1.bb index 1742390..7c3ed84 100644 --- a/meta/recipes-core/busybox/busybox_1.23.1.bb +++ b/meta/recipes-core/busybox/busybox_1.23.1.bb @@ -30,7 +30,6 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://login-utilities.cfg \ file://recognize_connmand.patch \ file://busybox-cross-menuconfig.patch \ - file://CVE-2014-9645_busybox_reject_module_names_with_slashes.patch \ " SRC_URI[tarball.md5sum] = "5c94d6301a964cd91619bd4d74605245" -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
