Blame - meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch - openbmc/openbmc

blob: 75065eb0549e8a386d3e11347c0c618f6044d90c [file] [log] [blame]

Andrew Geissler	8fc454f	2020-12-11 16:27:59 -0600	[diff] [blame]	1	Upstream-status: Backport
				2	CVE: CVE-2020-29394
				3	From 7f5cd5404a03fa330e192084f6bdafb2dc9bdcb7 Mon Sep 17 00:00:00 2001
				4	From: GwanYeong Kim <gy741.kim@gmail.com>
				5	Date: Sat, 28 Nov 2020 12:24:46 +0900
				6	Subject: [PATCH] dlt_common: Fix buffer overflow in dlt_filter_load
				7
				8	A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.
				9
				10	Fixed: #274
				11
				12	Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
				13	---
				14	src/shared/dlt_common.c \| 4 ++--
				15	1 file changed, 2 insertions(+), 2 deletions(-)
				16
				17	diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c
				18	index 254f4ce4..d15b1cec 100644
				19	--- a/src/shared/dlt_common.c
				20	+++ b/src/shared/dlt_common.c
				21	@@ -404,7 +404,7 @@ DltReturnValue dlt_filter_load(DltFilter filter, const char filename, int verb
				22	while (!feof(handle)) {
				23	str1[0] = 0;
				24
				25	- if (fscanf(handle, "%s", str1) != 1)
				26	+ if (fscanf(handle, "%254s", str1) != 1)
				27	break;
				28
				29	if (str1[0] == 0)
				30	@@ -419,7 +419,7 @@ DltReturnValue dlt_filter_load(DltFilter filter, const char filename, int verb
				31
				32	str1[0] = 0;
				33
				34	- if (fscanf(handle, "%s", str1) != 1)
				35	+ if (fscanf(handle, "%254s", str1) != 1)
				36	break;
				37
				38	if (str1[0] == 0)