fix CVE-2020-8597
This commit is contained in:
Vchanger
parent
e64fd2bb8a
commit
dae984715c
40
ppp-CVE-2020-8597.patch
Normal file
40
ppp-CVE-2020-8597.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
From ab6e265950d447cd143cef40a340daac81fe0127 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paul Mackerras <paulus@ozlabs.org>
|
||||||
|
Date: Mon, 3 Feb 2020 15:53:28 +1100
|
||||||
|
Subject: [PATCH] pppd: Fix bounds check in EAP code
|
||||||
|
|
||||||
|
Given that we have just checked vallen < len, it can never be the case
|
||||||
|
that vallen >= len + sizeof(rhostname). This fixes the check so we
|
||||||
|
actually avoid overflowing the rhostname array.
|
||||||
|
|
||||||
|
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
|
||||||
|
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
|
||||||
|
---
|
||||||
|
pppd/eap.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pppd/eap.c b/pppd/eap.c
|
||||||
|
index 99fb0d9..6309e1b 100644
|
||||||
|
--- a/pppd/eap.c
|
||||||
|
+++ b/pppd/eap.c
|
||||||
|
@@ -1661,7 +1661,7 @@ int len;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Not so likely to happen. */
|
||||||
|
- if (vallen >= len + sizeof (rhostname)) {
|
||||||
|
+ if (len - vallen >= sizeof (rhostname)) {
|
||||||
|
dbglog("EAP: trimming really long peer name down");
|
||||||
|
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
|
||||||
|
rhostname[sizeof (rhostname) - 1] = '\0';
|
||||||
|
@@ -2251,7 +2251,7 @@ int len;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Not so likely to happen. */
|
||||||
|
- if (vallen >= len + sizeof (rhostname)) {
|
||||||
|
+ if (len - vallen >= sizeof (rhostname)) {
|
||||||
|
dbglog("EAP: trimming really long peer name down");
|
||||||
|
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
|
||||||
|
rhostname[sizeof (rhostname) - 1] = '\0';
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
||||||
9
ppp.spec
9
ppp.spec
@ -1,6 +1,6 @@
|
|||||||
Name: ppp
|
Name: ppp
|
||||||
Version: 2.4.7
|
Version: 2.4.7
|
||||||
Release: 28
|
Release: 29
|
||||||
Summary: The Point-to-Point Protocol
|
Summary: The Point-to-Point Protocol
|
||||||
|
|
||||||
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
||||||
@ -59,6 +59,7 @@ Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
|
|||||||
Patch0029: ppp-2.4.7-DES-openssl.patch
|
Patch0029: ppp-2.4.7-DES-openssl.patch
|
||||||
Patch0030: ppp-2.4.7-honor-ldflags.patch
|
Patch0030: ppp-2.4.7-honor-ldflags.patch
|
||||||
Patch6000: ppp-CVE-2015-3310.patch
|
Patch6000: ppp-CVE-2015-3310.patch
|
||||||
|
Patch6001: ppp-CVE-2020-8597.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The Point-to-Point Protocol (PPP) provides a standard way to establish
|
The Point-to-Point Protocol (PPP) provides a standard way to establish
|
||||||
@ -151,6 +152,12 @@ install -m 644 -p %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/ppp.conf
|
|||||||
%{_mandir}/man8/*.8.gz
|
%{_mandir}/man8/*.8.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 17 2020 chenzhen <chenzhen44@huawei.com> - 2.4.7-29
|
||||||
|
- Type:cves
|
||||||
|
- ID:CVE-2020-8597
|
||||||
|
- SUG:restart
|
||||||
|
- DESC:fix CVE-2020-8597
|
||||||
|
|
||||||
* Fri Dec 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.4.7-28
|
* Fri Dec 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.4.7-28
|
||||||
- Type:cves
|
- Type:cves
|
||||||
- ID:CVE-2015-3310
|
- ID:CVE-2015-3310
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user