isc-dhcp: fix CVE-2022-2929
Backport the source patch from the version 4.4.1-2.3+deb11u2. [https://sources.debian.org/src/isc-dhcp/4.4.1-2.3+deb11u2/debian/patches/CVE-2022-2929.patch] Refer to: https://security-tracker.debian.org/tracker/DSA-5251-1 It refers to two issues, CVE-2022-2928 and CVE-2022-2929. CVE-2022-2928 has been fixed in [https://review.opendev.org/c/starlingx/integ/+/865278] Pass: build-pkgs -c -p isc-dhcp Pass: build-pkgs -a Pass: build-image Pass: Debian AIO jenkins installation Issue is very difficult to reproduce, so we are simply focused on making sure that this doesn't break anything. Closes-Bug: 2043434 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Change-Id: Ie9148ea007526160b34c57df5f98d776c04dbe3a
This commit is contained in:
Zhixiong Chi
parent
a2261f79a9
commit
dcb205850c
47
base/dhcp/debian/patches/CVE-2022-2929.patch
Normal file
47
base/dhcp/debian/patches/CVE-2022-2929.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From 10c175968fbbabc20316b85b85185f946499ec40 Mon Sep 17 00:00:00 2001
|
||||
From: Zhixiong Chi <zhixiong.chi@windriver.com>
|
||||
Date: Mon, 13 Nov 2023 18:12:08 -0800
|
||||
Subject: [PATCH] CVE-2022-2929
|
||||
|
||||
Description: DHCP memory leak
|
||||
Origin: upstream
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-2929
|
||||
Forwarded: not-needed
|
||||
Last-Update: 2022-10-04
|
||||
|
||||
The upstream patch is only in diff format without a git header which I
|
||||
have created here.
|
||||
[Backport patch from https://sources.debian.org/src/isc-dhcp/4.4.1-2.3%252Bdeb11u2/debian/patches/CVE-2022-2929.patch]
|
||||
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
|
||||
---
|
||||
common/options.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/common/options.c b/common/options.c
|
||||
index 253cbc1..c70a8ac 100644
|
||||
--- a/common/options.c
|
||||
+++ b/common/options.c
|
||||
@@ -449,16 +449,16 @@ int fqdn_universe_decode (struct option_state *options,
|
||||
while (s < &bp -> data[0] + length + 2) {
|
||||
len = *s;
|
||||
if (len > 63) {
|
||||
- log_info ("fancy bits in fqdn option");
|
||||
- return 0;
|
||||
+ log_info ("label length exceeds 63 in fqdn option");
|
||||
+ goto bad;
|
||||
}
|
||||
if (len == 0) {
|
||||
terminated = 1;
|
||||
break;
|
||||
}
|
||||
if (s + len > &bp -> data [0] + length + 3) {
|
||||
- log_info ("fqdn tag longer than buffer");
|
||||
- return 0;
|
||||
+ log_info ("fqdn label longer than buffer");
|
||||
+ goto bad;
|
||||
}
|
||||
|
||||
if (first_len == 0) {
|
||||
--
|
||||
2.42.0
|
||||
|
||||
@ -3,3 +3,4 @@ dhclient-ipv6-bind-to-interface.patch
|
||||
dhclient-ipv6-conditionally-set-hostname.patch
|
||||
dhclient-set-the-default-prefix-length-to-64.patch
|
||||
CVE-2022-2928.patch
|
||||
CVE-2022-2929.patch
|
||||
|
||||
Loading…
Reference in New Issue
Block a user