diff options
author | Armin Kuster <akuster@mvista.com> | 2015-01-27 17:19:28 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-02-03 14:53:41 +0000 |
commit | 815a7b6fbf3b0cf95f5464bca687d97366d7ed6a (patch) | |
tree | 4105d21965533356d631c2980a6f64887ec3e9f1 /meta | |
parent | 894edb243a984654bb929bbbaf299d89167801f1 (diff) | |
download | openembedded-core-815a7b6fbf3b0cf95f5464bca687d97366d7ed6a.tar.gz openembedded-core-815a7b6fbf3b0cf95f5464bca687d97366d7ed6a.tar.bz2 openembedded-core-815a7b6fbf3b0cf95f5464bca687d97366d7ed6a.zip |
busybox: cve-2014-9645
modprobe,rmmod: reject module names with slashes
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch | 41 | ||||
-rw-r--r-- | meta/recipes-core/busybox/busybox_1.22.1.bb | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch new file mode 100644 index 0000000000..4e76067b3c --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch @@ -0,0 +1,41 @@ +Upstream-status: Backport +http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b + +CVE-2014-9645 fix. + +[YOCTO #7257] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +From 4e314faa0aecb66717418e9a47a4451aec59262b Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Thu, 20 Nov 2014 17:24:33 +0000 +Subject: modprobe,rmmod: reject module names with slashes + +function old new delta +add_probe 86 113 +27 + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- +Index: busybox-1.22.1/modutils/modprobe.c +=================================================================== +--- busybox-1.22.1.orig/modutils/modprobe.c ++++ busybox-1.22.1/modutils/modprobe.c +@@ -238,6 +238,17 @@ static void add_probe(const char *name) + { + struct module_entry *m; + ++ /* ++ * get_or_add_modentry() strips path from name and works ++ * on remaining basename. ++ * This would make "rmmod dir/name" and "modprobe dir/name" ++ * to work like "rmmod name" and "modprobe name", ++ * which is wrong, and can be abused via implicit modprobing: ++ * "ifconfig /usbserial up" tries to modprobe netdev-/usbserial. ++ */ ++ if (strchr(name, '/')) ++ bb_error_msg_and_die("malformed module name '%s'", name); ++ + m = get_or_add_modentry(name); + if (!(option_mask32 & (OPT_REMOVE | OPT_SHOW_DEPS)) + && (m->flags & MODULE_FLAG_LOADED) diff --git a/meta/recipes-core/busybox/busybox_1.22.1.bb b/meta/recipes-core/busybox/busybox_1.22.1.bb index dd61a2680c..a41879c23f 100644 --- a/meta/recipes-core/busybox/busybox_1.22.1.bb +++ b/meta/recipes-core/busybox/busybox_1.22.1.bb @@ -33,6 +33,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-build-system-Specify-nostldlib-when-linking-to-.o-fi.patch \ file://recognize_connmand.patch \ file://busybox-cross-menuconfig.patch \ + file://CVE-2014-9645_busybox_reject_module_names_with_slashes.patch \ " SRC_URI[tarball.md5sum] = "337d1a15ab1cb1d4ed423168b1eb7d7e" |