diff options
author | Archana Polampalli <archana.polampalli@windriver.com> | 2025-04-24 15:24:40 +0000 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2025-04-26 15:50:27 -0400 |
commit | efe887a5b8453a59b961b3ac90a5f2c5a5edb536 (patch) | |
tree | a5a99399235d420c0ed3b72f80e593bd5bc0edd7 /meta-python/recipes-devtools/python/tftpy | |
parent | a4c57ecb8ca54a64652dafa376199c9b29b1448f (diff) | |
download | meta-openembedded-efe887a5b8453a59b961b3ac90a5f2c5a5edb536.tar.gz |
tftpy: fix CVE-2023-46566
Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c
allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/tftpy')
-rw-r--r-- | meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch new file mode 100644 index 0000000000..0131dedb1c --- /dev/null +++ b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | From 5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f Mon Sep 17 00:00:00 2001 | ||
2 | From: Dave Wapstra <dwapstra@cisco.com> | ||
3 | Date: Wed, 3 Jul 2024 14:32:58 +1200 | ||
4 | Subject: [PATCH] Add packet size check | ||
5 | |||
6 | CVE: CVE-2023-46566 | ||
7 | |||
8 | Upstream-Status: Backport [https://github.com/msoulier/tftpy/commit/5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f] | ||
9 | --- | ||
10 | tftpy/TftpPacketFactory.py | 1 + | ||
11 | 1 file changed, 1 insertion(+) | ||
12 | |||
13 | diff --git a/tftpy/TftpPacketFactory.py b/tftpy/TftpPacketFactory.py | ||
14 | index 41f39a9..a8c9cd0 100644 | ||
15 | --- a/tftpy/TftpPacketFactory.py | ||
16 | +++ b/tftpy/TftpPacketFactory.py | ||
17 | @@ -29,6 +29,7 @@ class TftpPacketFactory(object): | ||
18 | """This method is used to parse an existing datagram into its | ||
19 | corresponding TftpPacket object. The buffer is the raw bytes off of | ||
20 | the network.""" | ||
21 | + tftpassert(len(buffer) > 2, 'Invalid packet size') | ||
22 | log.debug("parsing a %d byte packet" % len(buffer)) | ||
23 | (opcode,) = struct.unpack(str("!H"), buffer[:2]) | ||
24 | log.debug("opcode is %d" % opcode) | ||
25 | -- | ||
26 | 2.40.0 | ||