diff options
Diffstat (limited to 'meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch')
| -rw-r--r-- | meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch b/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch deleted file mode 100644 index bc85b4c0e6..0000000000 --- a/meta-oe/recipes-extended/collectd/collectd/CVE-2016-6254.patch +++ /dev/null @@ -1,55 +0,0 @@ -From dd8483a4beb6f61521d8b32c726523bbea21cd92 Mon Sep 17 00:00:00 2001 -From: Florian Forster <octo@collectd.org> -Date: Tue, 19 Jul 2016 10:00:37 +0200 -Subject: [PATCH] network plugin: Fix heap overflow in parse_packet(). - -Emilien Gaspar has identified a heap overflow in parse_packet(), the -function used by the network plugin to parse incoming network packets. - -This is a vulnerability in collectd, though the scope is not clear at -this point. At the very least specially crafted network packets can be -used to crash the daemon. We can't rule out a potential remote code -execution though. - -Fixes: CVE-2016-6254 - -cherry picked from upstream commit b589096f - -Upstream Status: Backport - -Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> ---- - src/network.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/network.c b/src/network.c -index 551bd5c..cb979b2 100644 ---- a/src/network.c -+++ b/src/network.c -@@ -1444,6 +1444,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ - printed_ignore_warning = 1; - } - buffer = ((char *) buffer) + pkg_length; -+ buffer_size -= (size_t) pkg_length; - continue; - } - #endif /* HAVE_LIBGCRYPT */ -@@ -1471,6 +1472,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ - printed_ignore_warning = 1; - } - buffer = ((char *) buffer) + pkg_length; -+ buffer_size -= (size_t) pkg_length; - continue; - } - #endif /* HAVE_LIBGCRYPT */ -@@ -1612,6 +1614,7 @@ static int parse_packet (sockent_t *se, /* {{{ */ - DEBUG ("network plugin: parse_packet: Unknown part" - " type: 0x%04hx", pkg_type); - buffer = ((char *) buffer) + pkg_length; -+ buffer_size -= (size_t) pkg_length; - } - } /* while (buffer_size > sizeof (part_header_t)) */ - --- -2.7.4 - |