diff options
Diffstat (limited to 'meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch')
-rw-r--r-- | meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch b/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch new file mode 100644 index 0000000000..77f6745abe --- /dev/null +++ b/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch @@ -0,0 +1,40 @@ +From 007c07fd91b6d42f8bd45187cf78ebb06801139d Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux <jbe@improsec.com> +Date: Thu, 17 Mar 2022 12:58:52 -0400 +Subject: [PATCH] CVE-2022-27239: mount.cifs: fix length check for ip option + parsing + +Previous check was true whatever the length of the input string was, +leading to a buffer overflow in the subsequent strcpy call. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=15025 + +Signed-off-by: Jeffrey Bencteux <jbe@improsec.com> +Reviewed-by: David Disseldorp <ddiss@suse.de> + +Upstream-Status: Backport [ https://git.samba.org/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d] +CVE: CVE-2022-27239 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + mount.cifs.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 84274c9..3a6b449 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -926,9 +926,10 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info) + if (!value || !*value) { + fprintf(stderr, + "target ip address argument missing\n"); +- } else if (strnlen(value, MAX_ADDRESS_LEN) <= ++ } else if (strnlen(value, MAX_ADDRESS_LEN) < + MAX_ADDRESS_LEN) { +- strcpy(parsed_info->addrlist, value); ++ strlcpy(parsed_info->addrlist, value, ++ MAX_ADDRESS_LEN); + if (parsed_info->verboseflag) + fprintf(stderr, + "ip address %s override specified\n", +-- +2.34.1 |