diff options
| author |   Catalin Enache <catalin.enache@windriver.com> | 2016-04-20 18:59:16 +0300 |
|---|---|---|
| committer |   Joe MacDonald <joe_macdonald@mentor.com> | 2016-05-05 11:41:29 -0400 |
| commit | f79a851b64ead15476d60012ff657c2329b00220 (patch) | |
| tree | ba5ee005995ed7007eada8743c5eaaef17e1c682 /meta-networking | |
| parent | 275b6c30fbe4f2e6d8c607e9f2eedd5c230c0802 (diff) | |
| download | meta-openembedded-contrib-f79a851b64ead15476d60012ff657c2329b00220.tar.gz | |
squid: CVE-2016-3947
Heap-based buffer overflow in the Icmp6::Recv function in
icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x
before 4.0.8 allows remote servers to cause a denial of
service (performance degradation or transition failures)
or write sensitive information to log files via an ICMPv6
packet.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3947
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch | 48 | ||||
| -rw-r--r-- | meta-networking/recipes-daemons/squid/squid_3.5.7.bb | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch new file mode 100644 index 0000000000..c83e6ab512 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch @@ -0,0 +1,48 @@ +From 0fe108ecb2bbdf684f159950eaa55d22f07c4008 Mon Sep 17 00:00:00 2001 +From: Catalin Enache <catalin.enache@windriver.com> +Date: Wed, 20 Apr 2016 15:17:18 +0300 +Subject: [PATCH] pinger: Fix buffer overflow in Icmp6::Recv + +Upstream-Status: Backport +CVE: CVE-2016-3947 + +Author: Yuriy M. Kaminskiy <yumkam@gmail.com> +Committer: Amos Jeffries <squid3@treenet.co.nz +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + src/icmp/Icmp6.cc | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/icmp/Icmp6.cc b/src/icmp/Icmp6.cc +index 794a51a..ee84b80 100644 +--- a/src/icmp/Icmp6.cc ++++ b/src/icmp/Icmp6.cc +@@ -256,7 +256,7 @@ Icmp6::Recv(void) + #define ip6_hops // HOPS!!! (can it be true??) + + ip = (struct ip6_hdr *) pkt; +- pkt += sizeof(ip6_hdr); ++ NP: echo size needs to +sizeof(ip6_hdr); + + debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt << + ", ip6_plen=" << ip->ip6_plen << +@@ -267,7 +267,6 @@ Icmp6::Recv(void) + */ + + icmp6header = (struct icmp6_hdr *) pkt; +- pkt += sizeof(icmp6_hdr); + + if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) { + +@@ -292,7 +291,7 @@ Icmp6::Recv(void) + return; + } + +- echo = (icmpEchoData *) pkt; ++ echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr)); + + preply.opcode = echo->opcode; + +-- +2.7.4 + diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb index c3eabcdb3c..750484a7be 100644 --- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb +++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb @@ -19,6 +19,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P file://squid-use-serial-tests-config-needed-by-ptest.patch \ file://run-ptest \ file://volatiles.03_squid \ + file://CVE-2016-3947.patch \ " LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \ |