new file mode 100644
@@ -0,0 +1,50 @@
+From d8708b85c1e8fe25af7803e8a20cf20e7201d8a4 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <mgerstner@suse.de>
+Date: Tue, 25 Jan 2022 10:00:25 +0100
+Subject: dnsproxy: Avoid 100 % busy loop in TCP server case
+
+Once the TCP socket is connected and until the remote server is
+responding (if ever) ConnMan executes a 100 % CPU loop, since
+the connected socket will always be writable (G_IO_OUT).
+
+To fix this, modify the watch after the connection is established to
+remove the G_IO_OUT from the callback conditions.
+
+Fixes: CVE-2022-23098
+
+Upstream-Status: Backport
+https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4
+
+CVE: CVE-2022-23098
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ src/dnsproxy.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/dnsproxy.c b/src/dnsproxy.c
+index c027bcb9..1ccf36a9 100644
+--- a/src/dnsproxy.c
++++ b/src/dnsproxy.c
+@@ -2360,6 +2360,18 @@ hangup:
+ }
+ }
+
++ /*
++ * Remove the G_IO_OUT flag from the watch, otherwise we end
++ * up in a busy loop, because the socket is constantly writable.
++ *
++ * There seems to be no better way in g_io to do that than
++ * re-adding the watch.
++ */
++ g_source_remove(server->watch);
++ server->watch = g_io_add_watch(server->channel,
++ G_IO_IN | G_IO_HUP | G_IO_NVAL | G_IO_ERR,
++ tcp_server_event, server);
++
+ server->connected = true;
+ server_list = g_slist_append(server_list, server);
+
+--
+cgit 1.2.3-1.el7
+
@@ -10,6 +10,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
file://CVE-2021-26676-0001.patch \
file://CVE-2021-26676-0002.patch \
file://CVE-2022-23096-7.patch \
+ file://CVE-2022-23098.patch \
"
SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. Backport patch from: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4 CVE: CVE-2022-23098 Signed-off-by: Steve Sakoman <steve@sakoman.com> --- .../connman/connman/CVE-2022-23098.patch | 50 +++++++++++++++++++ .../connman/connman_1.37.bb | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch