From: Peter Marko <[email protected]> Pick patch per [1] poiting to [2] pointing to [3].
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-40320 [2] https://github.com/libconfuse/libconfuse/issues/163 [3] https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b Signed-off-by: Peter Marko <[email protected]> --- .../libconfuse/files/CVE-2022-40320.patch | 42 +++++++++++++++++++ .../libconfuse/libconfuse_3.3.bb | 1 + 2 files changed, 43 insertions(+) create mode 100755 meta-oe/recipes-support/libconfuse/files/CVE-2022-40320.patch diff --git a/meta-oe/recipes-support/libconfuse/files/CVE-2022-40320.patch b/meta-oe/recipes-support/libconfuse/files/CVE-2022-40320.patch new file mode 100755 index 0000000000..52296b9c0f --- /dev/null +++ b/meta-oe/recipes-support/libconfuse/files/CVE-2022-40320.patch @@ -0,0 +1,42 @@ +From d73777c2c3566fb2647727bb56d9a2295b81669b Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg <[email protected]> +Date: Fri, 2 Sep 2022 16:12:46 +0200 +Subject: [PATCH] Fix #163: unterminated username used with getpwnam() + +Signed-off-by: Joachim Wiberg <[email protected]> + +CVE: CVE-2022-40320 +Upstream-Status: Backport [https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b] +Signed-off-by: Peter Marko <[email protected]> +--- + src/confuse.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/confuse.c b/src/confuse.c +index 6d1fdbd..05566b5 100644 +--- a/src/confuse.c ++++ b/src/confuse.c +@@ -1872,17 +1872,20 @@ DLLIMPORT char *cfg_tilde_expand(const char *filename) + file = filename + 1; + } else { + /* ~user or ~user/path */ +- char *user; ++ char *user; /* ~user or ~user/path */ ++ size_t len; + + file = strchr(filename, '/'); + if (file == 0) + file = filename + strlen(filename); + +- user = malloc(file - filename); ++ len = file - filename - 1; ++ user = malloc(len + 1); + if (!user) + return NULL; + +- strncpy(user, filename + 1, file - filename - 1); ++ strncpy(user, &filename[1], len); ++ user[len] = 0; + passwd = getpwnam(user); + free(user); + } diff --git a/meta-oe/recipes-support/libconfuse/libconfuse_3.3.bb b/meta-oe/recipes-support/libconfuse/libconfuse_3.3.bb index e6f28c7b69..0e2f1f27b3 100644 --- a/meta-oe/recipes-support/libconfuse/libconfuse_3.3.bb +++ b/meta-oe/recipes-support/libconfuse/libconfuse_3.3.bb @@ -6,6 +6,7 @@ SRC_URI = "https://github.com/libconfuse/libconfuse/releases/download/v${PV}/con SRC_URI[sha256sum] = "3a59ded20bc652eaa8e6261ab46f7e483bc13dad79263c15af42ecbb329707b8" SRC_URI += "file://0001-only-apply-search-path-logic-to-relative-pathnames.patch" +SRC_URI += "file://CVE-2022-40320.patch" inherit autotools-brokensep pkgconfig gettext -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114545): https://lists.openembedded.org/g/openembedded-devel/message/114545 Mute This Topic: https://lists.openembedded.org/mt/110271254/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
