Squashed 'import-layers/meta-openembedded/' content from commit 247b126
Change-Id: I40827e9ce5fba63f1cca2a0be44976ae8383b4c0
git-subtree-dir: import-layers/meta-openembedded
git-subtree-split: 247b1267bbe95719cd4877d2d3cfbaf2a2f4865a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch
new file mode 100644
index 0000000..c83e6ab
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch
@@ -0,0 +1,48 @@
+From 0fe108ecb2bbdf684f159950eaa55d22f07c4008 Mon Sep 17 00:00:00 2001
+From: Catalin Enache <catalin.enache@windriver.com>
+Date: Wed, 20 Apr 2016 15:17:18 +0300
+Subject: [PATCH] pinger: Fix buffer overflow in Icmp6::Recv
+
+Upstream-Status: Backport
+CVE: CVE-2016-3947
+
+Author: Yuriy M. Kaminskiy <yumkam@gmail.com>
+Committer: Amos Jeffries <squid3@treenet.co.nz
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ src/icmp/Icmp6.cc | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/icmp/Icmp6.cc b/src/icmp/Icmp6.cc
+index 794a51a..ee84b80 100644
+--- a/src/icmp/Icmp6.cc
++++ b/src/icmp/Icmp6.cc
+@@ -256,7 +256,7 @@ Icmp6::Recv(void)
+ #define ip6_hops // HOPS!!! (can it be true??)
+
+ ip = (struct ip6_hdr *) pkt;
+- pkt += sizeof(ip6_hdr);
++ NP: echo size needs to +sizeof(ip6_hdr);
+
+ debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt <<
+ ", ip6_plen=" << ip->ip6_plen <<
+@@ -267,7 +267,6 @@ Icmp6::Recv(void)
+ */
+
+ icmp6header = (struct icmp6_hdr *) pkt;
+- pkt += sizeof(icmp6_hdr);
+
+ if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) {
+
+@@ -292,7 +291,7 @@ Icmp6::Recv(void)
+ return;
+ }
+
+- echo = (icmpEchoData *) pkt;
++ echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr));
+
+ preply.opcode = echo->opcode;
+
+--
+2.7.4
+