summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/tftpy
diff options
context:
space:
mode:
authorArchana Polampalli <archana.polampalli@windriver.com>2025-04-24 15:24:40 +0000
committerArmin Kuster <akuster808@gmail.com>2025-04-26 15:50:27 -0400
commitefe887a5b8453a59b961b3ac90a5f2c5a5edb536 (patch)
treea5a99399235d420c0ed3b72f80e593bd5bc0edd7 /meta-python/recipes-devtools/python/tftpy
parenta4c57ecb8ca54a64652dafa376199c9b29b1448f (diff)
downloadmeta-openembedded-efe887a5b8453a59b961b3ac90a5f2c5a5edb536.tar.gz
tftpy: fix CVE-2023-46566
Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/tftpy')
-rw-r--r--meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch
new file mode 100644
index 0000000000..0131dedb1c
--- /dev/null
+++ b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch
@@ -0,0 +1,26 @@
1From 5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f Mon Sep 17 00:00:00 2001
2From: Dave Wapstra <dwapstra@cisco.com>
3Date: Wed, 3 Jul 2024 14:32:58 +1200
4Subject: [PATCH] Add packet size check
5
6CVE: CVE-2023-46566
7
8Upstream-Status: Backport [https://github.com/msoulier/tftpy/commit/5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f]
9---
10 tftpy/TftpPacketFactory.py | 1 +
11 1 file changed, 1 insertion(+)
12
13diff --git a/tftpy/TftpPacketFactory.py b/tftpy/TftpPacketFactory.py
14index 41f39a9..a8c9cd0 100644
15--- a/tftpy/TftpPacketFactory.py
16+++ b/tftpy/TftpPacketFactory.py
17@@ -29,6 +29,7 @@ class TftpPacketFactory(object):
18 """This method is used to parse an existing datagram into its
19 corresponding TftpPacket object. The buffer is the raw bytes off of
20 the network."""
21+ tftpassert(len(buffer) > 2, 'Invalid packet size')
22 log.debug("parsing a %d byte packet" % len(buffer))
23 (opcode,) = struct.unpack(str("!H"), buffer[:2])
24 log.debug("opcode is %d" % opcode)
25--
262.40.0