[oe] [meta-networking][kirkstone][PATCH 5/5] lldpd: patch CVE-2021-43612

Sun, 04 Jan 2026 01:13:07 -0800 

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-43612

Pick the patch referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../lldpd/files/CVE-2021-43612.patch          | 93 +++++++++++++++++++
 .../recipes-daemons/lldpd/lldpd_1.0.8.bb      | 12 +--
 2 files changed, 99 insertions(+), 6 deletions(-)
 create mode 100644 
meta-networking/recipes-daemons/lldpd/files/CVE-2021-43612.patch

diff --git a/meta-networking/recipes-daemons/lldpd/files/CVE-2021-43612.patch 
b/meta-networking/recipes-daemons/lldpd/files/CVE-2021-43612.patch
new file mode 100644
index 0000000000..30d416d769
--- /dev/null
+++ b/meta-networking/recipes-daemons/lldpd/files/CVE-2021-43612.patch
@@ -0,0 +1,93 @@
+From 97ea7541a12540fa6680058f09d47be451275725 Mon Sep 17 00:00:00 2001
+From: Vincent Bernat <[email protected]>
+Date: Sun, 19 Sep 2021 21:18:47 +0200
+Subject: [PATCH] sonmp: fix heap overflow when reading SONMP packets
+
+By sending short SONMP packets, an attacker can make the decoder crash
+by reading too much data on the heap. SONMP packets are fixed in size,
+just ensure we get the enough bytes to contain a SONMP packet.
+
+CVE-2021-43612
+
+CVE: CVE-2021-43612
+Upstream-Status: Backport 
[https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ src/daemon/protocols/sonmp.c |  2 +-
+ src/daemon/protocols/sonmp.h |  2 +-
+ tests/check_sonmp.c          | 10 +++++-----
+ 3 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/daemon/protocols/sonmp.c b/src/daemon/protocols/sonmp.c
+index d2eed15..6c80cb0 100644
+--- a/src/daemon/protocols/sonmp.c
++++ b/src/daemon/protocols/sonmp.c
+@@ -311,7 +311,7 @@ sonmp_decode(struct lldpd *cfg, char *frame, int s,
+ 
+       length = s;
+       pos = (u_int8_t*)frame;
+-      if (length < SONMP_SIZE) {
++      if (length < SONMP_SIZE + 2*ETHER_ADDR_LEN + sizeof(u_int16_t)) {
+               log_warnx("sonmp", "too short SONMP frame received on %s", 
hardware->h_ifname);
+               goto malformed;
+       }
+diff --git a/src/daemon/protocols/sonmp.h b/src/daemon/protocols/sonmp.h
+index 0e60106..ff7a720 100644
+--- a/src/daemon/protocols/sonmp.h
++++ b/src/daemon/protocols/sonmp.h
+@@ -24,7 +24,7 @@
+ #define LLC_ORG_NORTEL { 0x00, 0x00, 0x81 }
+ #define LLC_PID_SONMP_HELLO 0x01a2
+ #define LLC_PID_SONMP_FLATNET 0x01a1
+-#define SONMP_SIZE (2*ETHER_ADDR_LEN + sizeof(u_int16_t) + 8)
++#define SONMP_SIZE 19
+ 
+ struct sonmp_chassis {
+       int type;
+diff --git a/tests/check_sonmp.c b/tests/check_sonmp.c
+index 8c7a208..b25f0e2 100644
+--- a/tests/check_sonmp.c
++++ b/tests/check_sonmp.c
+@@ -33,7 +33,7 @@ START_TEST (test_send_sonmp)
+ IEEE 802.3 Ethernet 
+     Destination: Bay-Networks-(Synoptics)-autodiscovery (01:00:81:00:01:00)
+     Source: 5e:10:8e:e7:84:ad (5e:10:8e:e7:84:ad)
+-    Length: 22
++    Length: 19
+ Logical-Link Control
+     DSAP: SNAP (0xaa)
+     IG Bit: Individual
+@@ -55,7 +55,7 @@ Nortel Networks / SynOptics Network Management Protocol
+ IEEE 802.3 Ethernet 
+     Destination: Bay-Networks-(Synoptics)-autodiscovery (01:00:81:00:01:01)
+     Source: 5e:10:8e:e7:84:ad (5e:10:8e:e7:84:ad)
+-    Length: 22
++    Length: 19
+ Logical-Link Control
+     DSAP: SNAP (0xaa)
+     IG Bit: Individual
+@@ -76,13 +76,13 @@ Nortel Networks / SynOptics Network Management Protocol
+       */
+       char pkt1[] = {
+               0x01, 0x00, 0x81, 0x00, 0x01, 0x00, 0x5e, 0x10,
+-              0x8e, 0xe7, 0x84, 0xad, 0x00, 0x16, 0xaa, 0xaa,
++              0x8e, 0xe7, 0x84, 0xad, 0x00, 0x13, 0xaa, 0xaa,
+               0x03, 0x00, 0x00, 0x81, 0x01, 0xa2, 0xac, 0x11,
+               0x8e, 0x25, 0x00, 0x00, 0x04, 0x01, 0x0c, 0x03,
+               0x01 };
+       char pkt2[] = {
+               0x01, 0x00, 0x81, 0x00, 0x01, 0x01, 0x5e, 0x10,
+-              0x8e, 0xe7, 0x84, 0xad, 0x00, 0x16, 0xaa, 0xaa,
++              0x8e, 0xe7, 0x84, 0xad, 0x00, 0x13, 0xaa, 0xaa,
+               0x03, 0x00, 0x00, 0x81, 0x01, 0xa1, 0xac, 0x11,
+               0x8e, 0x25, 0x00, 0x00, 0x04, 0x01, 0x0c, 0x03,
+               0x01 };
+@@ -99,7 +99,7 @@ Nortel Networks / SynOptics Network Management Protocol
+       chassis.c_id_len = ETHER_ADDR_LEN;
+       TAILQ_INIT(&chassis.c_mgmt);
+       addr = inet_addr("172.17.142.37");
+-      mgmt = lldpd_alloc_mgmt(LLDPD_AF_IPV4, 
++      mgmt = lldpd_alloc_mgmt(LLDPD_AF_IPV4,
+                               &addr, sizeof(in_addr_t), 0);
+       if (mgmt == NULL)
+               ck_abort();
diff --git a/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb 
b/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb
index 022bb62dd8..34cde7b929 100644
--- a/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb
+++ b/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb
@@ -5,12 +5,12 @@ LIC_FILES_CHKSUM = 
"file://${COREBASE}/meta/files/common-licenses/ISC;md5=f3b90e
 
 DEPENDS = "libbsd libevent"
 
-SRC_URI = "\
-    http://media.luffy.cx/files/${BPN}/${BPN}-${PV}.tar.gz \
-    file://lldpd.init.d \
-    file://lldpd.default \
-    file://CVE-2023-41910.patch \
-    "
+SRC_URI = "http://media.luffy.cx/files/${BPN}/${BPN}-${PV}.tar.gz \
+           file://lldpd.init.d \
+           file://lldpd.default \
+           file://CVE-2023-41910.patch \
+           file://CVE-2021-43612.patch \
+           "
 
 SRC_URI[md5sum] = "000042dbf5b445f750b5ba01ab25c8ba"
 SRC_URI[sha256sum] = 
"98d200e76e30f6262c4a4493148c1840827898329146a57a34f8f0f928ca3def"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#123113): 
https://lists.openembedded.org/g/openembedded-devel/message/123113
Mute This Topic: https://lists.openembedded.org/mt/117068317/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to