- CVE-2020-8597, bsc#1162610: rhostname buffer overflow in the
eap_request and eap_response functions. OBS-URL: https://build.opensuse.org/package/show/network/ppp?expand=0&rev=49
This commit is contained in:
Reinhard Max
Git OBS Bridge
parent
47136598ad
commit
22ec66be50
35
ppp-CVE-2020-8597.patch
Normal file
35
ppp-CVE-2020-8597.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Mackerras <paulus@ozlabs.org>
|
||||
Date: Mon, 3 Feb 2020 15:53:28 +1100
|
||||
Subject: [PATCH] pppd: Fix bounds check in EAP code
|
||||
|
||||
Given that we have just checked vallen < len, it can never be the case
|
||||
that vallen >= len + sizeof(rhostname). This fixes the check so we
|
||||
actually avoid overflowing the rhostname array.
|
||||
|
||||
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
|
||||
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
|
||||
---
|
||||
pppd/eap.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- pppd/eap.c.orig
|
||||
+++ pppd/eap.c
|
||||
@@ -1421,7 +1421,7 @@ int len;
|
||||
}
|
||||
|
||||
/* Not so likely to happen. */
|
||||
- if (vallen >= len + sizeof (rhostname)) {
|
||||
+ if (len - vallen >= sizeof (rhostname)) {
|
||||
dbglog("EAP: trimming really long peer name down");
|
||||
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
|
||||
rhostname[sizeof (rhostname) - 1] = '\0';
|
||||
@@ -1847,7 +1847,7 @@ int len;
|
||||
}
|
||||
|
||||
/* Not so likely to happen. */
|
||||
- if (vallen >= len + sizeof (rhostname)) {
|
||||
+ if (len - vallen >= sizeof (rhostname)) {
|
||||
dbglog("EAP: trimming really long peer name down");
|
||||
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
|
||||
rhostname[sizeof (rhostname) - 1] = '\0';
|
||||
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 7 14:30:35 UTC 2020 - Reinhard Max <max@suse.com>
|
||||
|
||||
- CVE-2020-8597, bsc#1162610: rhostname buffer overflow in the
|
||||
eap_request and eap_response functions.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 4 15:18:10 UTC 2018 - schwab@suse.de
|
||||
|
||||
|
||||
4
ppp.spec
4
ppp.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package ppp
|
||||
#
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2020 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -75,6 +75,7 @@ Patch23: ppp-send-padt.patch
|
||||
Patch24: ppp-CVE-2015-3310.patch
|
||||
Patch25: fix-header-conflict.patch
|
||||
Patch26: ppp-2.4.7-DES-openssl.patch
|
||||
Patch27: ppp-CVE-2020-8597.patch
|
||||
BuildRequires: libpcap-devel
|
||||
BuildRequires: linux-atm-devel
|
||||
BuildRequires: openssl-devel
|
||||
@ -146,6 +147,7 @@ you can disable unnecessary or disable everything.
|
||||
%patch24
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
%patch27
|
||||
sed -i -e '1s/local\///' scripts/secure-card
|
||||
find scripts -type f | xargs chmod a-x
|
||||
find -type f -name '*.orig' | xargs rm -f
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user