mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-22 15:32:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

lrzsz: fix CVE-2018-10195

Browse Source 
"Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak
information to receiver."

Take a patch from Fedora to resolve CVE-2018-10195.

(From OE-Core rev: a7b50fcee9a295de57f743fa3637905992da722e)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Ross Burton
2018-09-11 10:37:40 +01:00
committed by Richard Purdie
parent a22a2cca9b
commit a75936df89
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch Normal file
View File

@@ -0,0 +1,28 @@
Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver.
Patch taken from Fedora.
CVE: CVE-2018-10195
Upstream-Status: Inappropriate (dead upstream)
Signed-off-by: Ross Burton <ross.burton@intel.com>
diff -urN lrzsz-0.12.20/src/zm.c lrzsz-0.12.20.new/src/zm.c
--- lrzsz-0.12.20/src/zm.c Tue Dec 29 09:48:38 1998
+++ lrzsz-0.12.20.new/src/zm.c Tue Oct 8 12:46:58 2002
@@ -431,10 +431,12 @@
VPRINTF(3,("zsdata: %lu %s", (unsigned long) length,
Zendnames[(frameend-ZCRCE)&3]));
crc = 0;
- do {
- zsendline(*buf); crc = updcrc((0377 & *buf), crc);
- buf++;
- } while (--length>0);
+
+ for( ; length; length--) {
+ zsendline(*buf); crc = updcrc((0377 & *buf), crc);
+ buf++;
+ }
+
xsendline(ZDLE); xsendline(frameend);
crc = updcrc(frameend, crc);

1
meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb
View File

@@ -19,6 +19,7 @@ SRC_URI = "http://www.ohse.de/uwe/releases/lrzsz-${PV}.tar.gz \
file://acdefine.patch \
file://lrzsz_fix_for_automake-1.12.patch \
file://lrzsz-check-locale.h.patch \
file://cve-2018-10195.patch \
"
SRC_URI[md5sum] = "b5ce6a74abc9b9eb2af94dffdfd372a4"