diff mbox series

[meta-oe,dunfell] libmodbus: Fix CVE-2022-0367

Message ID PR3P192MB07149FF5BBC1D51EFA509D26DAAA9@PR3P192MB0714.EURP192.PROD.OUTLOOK.COM
State New
Headers show
Series [meta-oe,dunfell] libmodbus: Fix CVE-2022-0367 | expand

Commit Message

Hugo Simeliere Feb. 22, 2023, 9:51 a.m. UTC 
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
---
 .../libmodbus/libmodbus/CVE-2022-0367.patch   | 38 +++++++++++++++++++
 .../libmodbus/libmodbus_3.1.6.bb              |  4 +-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch

--
2.39.2

Comments

Hugo Simeliere April 25, 2023, 2:31 p.m. UTC | #1 
Hello, will this patch to fix CVE-2022-0367 be integrated?
Best regards,
Hugo SIMELIERE
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch b/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch
new file mode 100644
index 000000000..120954e4f
--- /dev/null
+++ b/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch
@@ -0,0 +1,38 @@ 
+From 790ff6dad16b70e68804a2d53ad54db40412e889 Mon Sep 17 00:00:00 2001
+From: Michael Heimpold <mhei@heimpold.de>
+Date: Sat, 8 Jan 2022 20:00:50 +0100
+Subject: [PATCH] modbus_reply: fix copy & paste error in sanity check (fixes
+ #614)
+
+[ Upstream commit b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 ]
+
+While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets
+must be checked, i.e. the read and the write address must be within the
+mapping range.
+
+At the moment, only the read address was considered, it looks like a
+simple copy and paste error, so let's fix it.
+
+CVE: CVE-2022-0367
+
+Signed-off-by: Michael Heimpold <mhei@heimpold.de>
+---
+ src/modbus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/modbus.c b/src/modbus.c
+index 68a28a3..c871152 100644
+--- a/src/modbus.c
++++ b/src/modbus.c
+@@ -961,7 +961,7 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req,
+                 nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS);
+         } else if (mapping_address < 0 ||
+                    (mapping_address + nb) > mb_mapping->nb_registers ||
+-                   mapping_address < 0 ||
++                   mapping_address_write < 0 ||
+                    (mapping_address_write + nb_write) > mb_mapping->nb_registers) {
+             rsp_length = response_exception(
+                 ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE,
+--
+2.39.1
+
diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb
index 075487ae9..0822a1144 100644
--- a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb
+++ b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb
@@ -2,7 +2,9 @@  require libmodbus.inc

 SRC_URI += "file://f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch \
          file://Fix-float-endianness-issue-on-big-endian-arch.patch \
-         file://Fix-typo.patch"
+         file://Fix-typo.patch \
+         file://CVE-2022-0367.patch \"
+
 SRC_URI[md5sum] = "15c84c1f7fb49502b3efaaa668cfd25e"
 SRC_URI[sha256sum] = "d7d9fa94a16edb094e5fdf5d87ae17a0dc3f3e3d687fead81835d9572cf87c16"