summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHitendra Prajapati <hprajapati@mvista.com>2022-12-08 12:51:14 +0530
committerArmin Kuster <akuster808@gmail.com>2023-01-19 07:49:31 -0500
commit82f77e2b3c5956c68f64a833f6af83ce522f617e (patch)
tree5adaf9ade05409852800408c24fde934670f22aa
parent7952135f650b4a754e2255f5aa03973a32344123 (diff)
downloadmeta-openembedded-82f77e2b3c5956c68f64a833f6af83ce522f617e.tar.gz
proftpd: CVE-2021-46854 memory disclosure to radius server
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
-rw-r--r--meta-networking/recipes-daemons/proftpd/files/CVE-2021-46854.patch51
-rw-r--r--meta-networking/recipes-daemons/proftpd/proftpd_1.3.6.bb1
2 files changed, 52 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/proftpd/files/CVE-2021-46854.patch b/meta-networking/recipes-daemons/proftpd/files/CVE-2021-46854.patch
new file mode 100644
index 0000000000..712d5db07d
--- /dev/null
+++ b/meta-networking/recipes-daemons/proftpd/files/CVE-2021-46854.patch
@@ -0,0 +1,51 @@
1From ed31fe2cbd5b8b1148b467f84f7acea66fa43bb8 Mon Sep 17 00:00:00 2001
2From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
3Date: Tue, 3 Aug 2021 21:53:28 +0200
4Subject: [PATCH] CVE-2021-46854
5
6mod_radius: copy _only_ the password
7
8Upstream-Status: Backport [https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43]
9CVE: CVE-2021-46854
10Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
11---
12 contrib/mod_radius.c | 11 ++++++++---
13 1 file changed, 8 insertions(+), 3 deletions(-)
14
15diff --git a/contrib/mod_radius.c b/contrib/mod_radius.c
16index b56cdfe..f234dd5 100644
17--- a/contrib/mod_radius.c
18+++ b/contrib/mod_radius.c
19@@ -2319,21 +2319,26 @@ static void radius_add_passwd(radius_packet_t *packet, unsigned char type,
20
21 pwlen = strlen((const char *) passwd);
22
23+ /* Clear the buffers. */
24+ memset(pwhash, '\0', sizeof(pwhash));
25+
26 if (pwlen == 0) {
27 pwlen = RADIUS_PASSWD_LEN;
28
29 } if ((pwlen & (RADIUS_PASSWD_LEN - 1)) != 0) {
30+ /* pwlen is not a multiple of RADIUS_PASSWD_LEN, need to prepare a proper buffer */
31+ memcpy(pwhash, passwd, pwlen);
32
33 /* Round up the length. */
34 pwlen += (RADIUS_PASSWD_LEN - 1);
35
36 /* Truncate the length, as necessary. */
37 pwlen &= ~(RADIUS_PASSWD_LEN - 1);
38+ } else {
39+ /* pwlen is a multiple of RADIUS_PASSWD_LEN, we can just use it. */
40+ memcpy(pwhash, passwd, pwlen);
41 }
42
43- /* Clear the buffers. */
44- memset(pwhash, '\0', sizeof(pwhash));
45- memcpy(pwhash, passwd, pwlen);
46
47 /* Find the password attribute. */
48 attrib = radius_get_attrib(packet, RADIUS_PASSWORD);
49--
502.25.1
51
diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.6.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.6.bb
index 1e4697a633..9ec97b9237 100644
--- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.6.bb
+++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.6.bb
@@ -12,6 +12,7 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \
12 file://contrib.patch \ 12 file://contrib.patch \
13 file://build_fixup.patch \ 13 file://build_fixup.patch \
14 file://proftpd.service \ 14 file://proftpd.service \
15 file://CVE-2021-46854.patch \
15 " 16 "
16SRC_URI[md5sum] = "13270911c42aac842435f18205546a1b" 17SRC_URI[md5sum] = "13270911c42aac842435f18205546a1b"
17SRC_URI[sha256sum] = "91ef74b143495d5ff97c4d4770c6804072a8c8eb1ad1ecc8cc541b40e152ecaf" 18SRC_URI[sha256sum] = "91ef74b143495d5ff97c4d4770c6804072a8c8eb1ad1ecc8cc541b40e152ecaf"