diff options
2 files changed, 44 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch new file mode 100644 index 0000000000..4140c46d07 --- /dev/null +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch | |||
| @@ -0,0 +1,43 @@ | |||
| 1 | From 70a74758bfe0042c27f15ce590fb21a2bc54d745 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: John Wolfe <jwolfe@vmware.com> | ||
| 3 | Date: Sun, 21 Aug 2022 07:56:49 -0700 | ||
| 4 | Subject: [PATCH] Properly check authorization on incoming guestOps requests. | ||
| 5 | |||
| 6 | Fix public pipe request checks. Only a SessionRequest type should | ||
| 7 | be accepted on the public pipe. | ||
| 8 | |||
| 9 | CVE: CVE-2022-31676 | ||
| 10 | |||
| 11 | Upstream-Status: Backport | ||
| 12 | [https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745] | ||
| 13 | |||
| 14 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
| 15 | --- | ||
| 16 | open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++- | ||
| 17 | 1 file changed, 5 insertions(+), 1 deletion(-) | ||
| 18 | |||
| 19 | diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c | ||
| 20 | index db7159ee..6c672601 100644 | ||
| 21 | --- a/open-vm-tools/vgauth/serviceImpl/proto.c | ||
| 22 | +++ b/open-vm-tools/vgauth/serviceImpl/proto.c | ||
| 23 | @@ -1,5 +1,5 @@ | ||
| 24 | /********************************************************* | ||
| 25 | - * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved. | ||
| 26 | + * Copyright (C) 2011-2016,2019-2022 VMware, Inc. All rights reserved. | ||
| 27 | * | ||
| 28 | * This program is free software; you can redistribute it and/or modify it | ||
| 29 | * under the terms of the GNU Lesser General Public License as published | ||
| 30 | @@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn, | ||
| 31 | VGAuthError err; | ||
| 32 | gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn); | ||
| 33 | |||
| 34 | + if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) { | ||
| 35 | + return VGAUTH_E_PERMISSION_DENIED; | ||
| 36 | + } | ||
| 37 | + | ||
| 38 | switch (req->reqType) { | ||
| 39 | /* | ||
| 40 | * This comes over the public connection; alwsys let it through. | ||
| 41 | -- | ||
| 42 | 2.25.1 | ||
| 43 | |||
diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb index 1c3545f960..4670a85a67 100644 --- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb | |||
| @@ -44,6 +44,7 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=maste | |||
| 44 | file://0001-Make-HgfsConvertFromNtTimeNsec-aware-of-64-bit-time_.patch;patchdir=.. \ | 44 | file://0001-Make-HgfsConvertFromNtTimeNsec-aware-of-64-bit-time_.patch;patchdir=.. \ |
| 45 | file://0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch;patchdir=.. \ | 45 | file://0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch;patchdir=.. \ |
| 46 | file://0001-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \ | 46 | file://0001-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \ |
| 47 | file://0001-Properly-check-authorization-on-incoming-guestOps-re.patch;patchdir=.. \ | ||
| 47 | " | 48 | " |
| 48 | 49 | ||
| 49 | UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)" | 50 | UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)" |