mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-15 21:23:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

systemd: CVE-2022-3821 Fix buffer overrun

Browse Source 
Upstream-Status: Backport from 72d4c15a94

Affects "systemd <= 251"

(From OE-Core rev: 4a29ef039897e2d45e5c0b7416ce30a22b668453)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Hitendra Prajapati
2022-11-16 09:51:56 +05:30
committed by Richard Purdie
parent 24f6bf271b
commit 277e97deb2
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
meta/recipes-core/systemd/systemd/CVE-2022-3821.patch Normal file
View File

@@ -0,0 +1,45 @@
From bff52d96598956163d73b7c7bdec7b0ad5b3c2d4 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Tue, 15 Nov 2022 16:52:03 +0530
Subject: [PATCH] CVE-2022-3821
Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7]
CVE: CVE-2022-3821
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
src/basic/time-util.c | 2 +-
src/test/test-time-util.c | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index b659d6905d..89dc593d44 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -588,7 +588,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) {
t = b;
}
- n = MIN((size_t) k, l);
+ n = MIN((size_t) k, l-1);
l -= n;
p += n;
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
index 4d0131827e..8db6b25279 100644
--- a/src/test/test-time-util.c
+++ b/src/test/test-time-util.c
@@ -238,6 +238,11 @@ TEST(format_timespan) {
test_format_timespan_accuracy(1);
test_format_timespan_accuracy(USEC_PER_MSEC);
test_format_timespan_accuracy(USEC_PER_SEC);
+
+ /* See issue #23928. */
+ _cleanup_free_ char *buf;
+ assert_se(buf = new(char, 5));
+ assert_se(buf == format_timespan(buf, 5, 100005, 1000));
}
TEST(verify_timezone) {
--
2.25.1

1
meta/recipes-core/systemd/systemd_250.5.bb
View File

@@ -25,6 +25,7 @@ SRC_URI += "file://touchscreen.rules \
file://0003-implment-systemd-sysv-install-for-OE.patch \
file://0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch \
file://0001-resolve-Use-sockaddr-pointer-type-for-bind.patch \
file://CVE-2022-3821.patch \
"
# patches needed by musl