fix CVE-2020-8597
This commit is contained in:
Vchanger
parent
e64fd2bb8a
commit
dae984715c
40
ppp-CVE-2020-8597.patch
Normal file
40
ppp-CVE-2020-8597.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From ab6e265950d447cd143cef40a340daac81fe0127 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Mackerras <paulus@ozlabs.org>
|
||||
Date: Mon, 3 Feb 2020 15:53:28 +1100
|
||||
Subject: [PATCH] pppd: Fix bounds check in EAP code
|
||||
|
||||
Given that we have just checked vallen < len, it can never be the case
|
||||
that vallen >= len + sizeof(rhostname). This fixes the check so we
|
||||
actually avoid overflowing the rhostname array.
|
||||
|
||||
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
|
||||
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
|
||||
---
|
||||
pppd/eap.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/pppd/eap.c b/pppd/eap.c
|
||||
index 99fb0d9..6309e1b 100644
|
||||
--- a/pppd/eap.c
|
||||
+++ b/pppd/eap.c
|
||||
@@ -1661,7 +1661,7 @@ int len;
|
||||
}
|
||||
|
||||
/* Not so likely to happen. */
|
||||
- if (vallen >= len + sizeof (rhostname)) {
|
||||
+ if (len - vallen >= sizeof (rhostname)) {
|
||||
dbglog("EAP: trimming really long peer name down");
|
||||
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
|
||||
rhostname[sizeof (rhostname) - 1] = '\0';
|
||||
@@ -2251,7 +2251,7 @@ int len;
|
||||
}
|
||||
|
||||
/* Not so likely to happen. */
|
||||
- if (vallen >= len + sizeof (rhostname)) {
|
||||
+ if (len - vallen >= sizeof (rhostname)) {
|
||||
dbglog("EAP: trimming really long peer name down");
|
||||
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
|
||||
rhostname[sizeof (rhostname) - 1] = '\0';
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
9
ppp.spec
9
ppp.spec
@ -1,6 +1,6 @@
|
||||
Name: ppp
|
||||
Version: 2.4.7
|
||||
Release: 28
|
||||
Release: 29
|
||||
Summary: The Point-to-Point Protocol
|
||||
|
||||
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
||||
@ -59,6 +59,7 @@ Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
|
||||
Patch0029: ppp-2.4.7-DES-openssl.patch
|
||||
Patch0030: ppp-2.4.7-honor-ldflags.patch
|
||||
Patch6000: ppp-CVE-2015-3310.patch
|
||||
Patch6001: ppp-CVE-2020-8597.patch
|
||||
|
||||
%description
|
||||
The Point-to-Point Protocol (PPP) provides a standard way to establish
|
||||
@ -151,6 +152,12 @@ install -m 644 -p %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/ppp.conf
|
||||
%{_mandir}/man8/*.8.gz
|
||||
|
||||
%changelog
|
||||
* Tue Mar 17 2020 chenzhen <chenzhen44@huawei.com> - 2.4.7-29
|
||||
- Type:cves
|
||||
- ID:CVE-2020-8597
|
||||
- SUG:restart
|
||||
- DESC:fix CVE-2020-8597
|
||||
|
||||
* Fri Dec 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.4.7-28
|
||||
- Type:cves
|
||||
- ID:CVE-2015-3310
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user