From patchwork Tue Nov 15 15:52:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ranjitsinh Rathod X-Patchwork-Id: 15494 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D7B4C433FE for ; Tue, 15 Nov 2022 15:53:07 +0000 (UTC) Received: from IND01-BMX-obe.outbound.protection.outlook.com (IND01-BMX-obe.outbound.protection.outlook.com [40.107.239.61]) by mx.groups.io with SMTP id smtpd.web10.7252.1668527584875315210 for ; Tue, 15 Nov 2022 07:53:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@kpit.com header.s=selector1 header.b=pJH5sNAx; spf=pass (domain: kpit.com, ip: 40.107.239.61, mailfrom: ranjitsinh.rathod@kpit.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YGQ1aG7xNFyWG+wqG+VhkNHEmxhqG7BsY7ITReB6ieGnH+eyf93TogChXbLr488oOX93t9QCdhexCWuET21op2YSH+yMqiUmdYnfNLFtUJjh9sb4S9JzZuhtpA36zvH+/wyrDt3wUM2Ms9h2fy4QDlU7MHt7Qxy64QXnMH3cu1LMR0mr5/JFWFf7yHrQ7qARrnvS4PTX+D2Fvt7hdE/P514nUI+SOww+RyrTw9bXV9pSMdx4RgcZjDNB2Nk3DK66gyexQJDxbMefoz5W0piJN6D1X96ljrh3WUPTNJbAJyD0wDZlMdngtlmt/DZKtEvpO1cmZCHg1Zj67yz2fAMZsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FAvIl2AJUbofuBgcOqDtxFHzXoMdXrA8EmiYL5KZiww=; b=gOLzrboVjzj6Of+DGYVBOKagty+sYjEBRJ7H2Z3q/fBnHOgvG0s4G3vayIbv6YtzAfIy5+knZac1HTf3KxAMEvvAgYRJGaZ/emoA5XPm+GoKWz8kLK58IC/HEXbBlPeUsC7DsFpbMZhUKqpP0lvMl2l0Crc/sgIU7z+VmWe3xvN3pylWmnV+9NgeZHytU4EF1uAY1zxlXfDYgxQ0nXEKN9MFt4u2Gf1FZH0qaeVHpE8fK2HQ33gGjmuhaQYBL6V/D3gJz9DmfxZqpSKhEQ8hFLrIUfhWyj2g3qiO66uU8bURjEJH4TRuSGVPngrhBH9ICEn4nDqkKJyWJ+EvjOtZPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kpit.com; dmarc=pass action=none header.from=kpit.com; dkim=pass header.d=kpit.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kpit.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FAvIl2AJUbofuBgcOqDtxFHzXoMdXrA8EmiYL5KZiww=; b=pJH5sNAxxQexWDEHEq1MNA6Z8RlRlzsx9AbAJI1j5pnodkw+6226uWg+adovmZ2kj2iOEUsukbQUW8ajvKlx4Ob/jbOqFvINKRJD964Yb0js2/Ga3yjVMI973oUZndkGbmgw8W3Mv5/jUHCDZr6q547LNvCHRkqECADzPXggDzQ= Received: from PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM (2603:1096:c01:8d::14) by PN0PR01MB5549.INDPRD01.PROD.OUTLOOK.COM (2603:1096:c01:60::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5813.18; Tue, 15 Nov 2022 15:52:58 +0000 Received: from PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM ([fe80::a014:20d0:1677:9d04]) by PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM ([fe80::a014:20d0:1677:9d04%7]) with mapi id 15.20.5813.017; Tue, 15 Nov 2022 15:52:58 +0000 From: Ranjitsinh Rathod To: Steve Sakoman , "Openembedded-core@lists.openembedded.org" Subject: [OE-Core][dunfell][PATCH] systemd: Fix CVE-2022-3821 issue Thread-Topic: [OE-Core][dunfell][PATCH] systemd: Fix CVE-2022-3821 issue Thread-Index: AQHY+Ql9wyTxPUg5nUGQYNegxWomuQ== Date: Tue, 15 Nov 2022 15:52:58 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: msip_labels: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=kpit.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PN3PR01MB7382:EE_|PN0PR01MB5549:EE_ x-ms-office365-filtering-correlation-id: 96ef5c3e-8def-420f-ec2c-08dac72177a4 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: tRUIIlYiXMRd4S+REXYLotGVG0Ow2HmG1LwGHD3+pmp3uc5gOX+76eVpaT3ocKoZgzDGzz5OBYzZQVZ3mGoBLH4j7mFk3ixPIWq8V1xerf62K6RMcBbL+SHushXlI4RdAFX+oMH8MzaJ3b++zSapxenoiTEWGs4Kc86yG1//p2scxfCy6MaXsYzSg1RF5rpmc1ZIbznebKJ1q45RDUCwgI26MA6m77sqNsYAMI6t9TJmyexOqwIFiEHoT3iYMnHTlpNQAF5uoEZSpeXq7GjY1H0ZUgyYts52URWrrbp0XmDcn4gzGXxewXJJsOGxLcbxKG2gPwVSA/Jn/XPfeWuUAuBq5sldo419NvXaznYdz09vEtqsYVgPOROyMy0G7qK9NYoksrBFs8n1MONHvzj4Kn5rwjs9cPXa0RqokkrhTbXfTlybdZ0+NzXmiMtjdhhQeF4yLEpW+FFMtptgtTNnwZFQ+5x+gRdGbxi1MVeULR8vogm9PxJdhOlGoq19xaXSoz/067T6GA5YRvWl4sy79ok3mJ+NBAr1DB5e5IP0KKwO+Ktlsiajh5eqtfsUC02N0fFukNHx6jj/GuL6gFVuZOXCGGhiTNUN88BW/F6wppNRWfiBqIAAqZQ0zdXNksoOqmK/w9KBqAozBAqSQHJzOnosFPffqF+ITPb5canjL4yROk9MOy8NRWVAnktyNthrjc18LaNbu3W9gbNuet+uTKDNefIzMbTQ1xgyBkRNasiumcFzxtV7D88UpioRet9r+2wMbbhJOvtqzVH8oEve4bGEepPJ7fkxALgNkaBcei3LvBW+QYqCbcgQ+hlECdGnwgBTkIR62QotKrAJ38r8Gg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(136003)(39850400004)(346002)(366004)(396003)(376002)(451199015)(2906002)(19627405001)(66574015)(316002)(83380400001)(186003)(110136005)(7066003)(9686003)(38100700002)(26005)(71200400001)(55016003)(41300700001)(8936002)(52536014)(7696005)(6506007)(8676002)(66446008)(38070700005)(64756008)(5660300002)(66476007)(86362001)(91956017)(66556008)(66946007)(122000001)(33656002)(99936003)(76116006)(45080400002)(478600001)(166002)(4744005);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?nio2Zs30QTsDKhmkuz8PGOf?= =?iso-8859-1?q?s4/zbk5FhcHTLoClFXc8ZE9hcMWjo33ictPMEjaKp8ARUzgqhiv4TSrbYqOQ?= =?iso-8859-1?q?QUFW1Met1CuAo1fmFYEYfe9LPZ2l8lo/QVJjegCdy+oqHuiACW5Qm9OHi9LK?= =?iso-8859-1?q?Vx2IsLfZukEepk75SfK+qcLfmzydB1vbGWV93/eE61sQPrgYbE51vtiIKz7r?= =?iso-8859-1?q?LYbvwiIR0E8FG/o/HAe8J7Qsxmh5STHCMDKDpyD/WH1KrAi4AySAF/W4qPs4?= =?iso-8859-1?q?h3BOP6kzB2rsHoPuhtBkcE/hDFEm4jttJbYpqg2IXX6rUJimBPU0e9x+Ljxo?= =?iso-8859-1?q?ceGJCyevdk+on1GGPXCZeQfQs/UoYQR+NWFqMERbILjPj2HOMQeGiG0sjgV1?= =?iso-8859-1?q?fHkF+XRX0nixT6nWOnqbc9hMZNcoWYc4K1fkrVFJF1jRyJDZCGmsL9lWBCHa?= =?iso-8859-1?q?QdRSNjx40zAk9g5jU76I9psuQC+aGMw4KSRwuWk02vvfqTJAIUbotSgiwsP5?= =?iso-8859-1?q?QmHirirhwrvuDQh7SUtfyiHyI3w0i/8NP7tw58WQjdjxACnYdcUfmZmwQr5V?= =?iso-8859-1?q?+5VPWTtQO9++lLCF6XMtiHbmMsjYV9AGtg3N86iw6WleRY9YeMUyqnye9x9i?= =?iso-8859-1?q?eTqrSGQGNsnhZBxatX+IXieQoN4GrwgVfK+MSvBretYx+zgBXtfPhgDGrvX2?= =?iso-8859-1?q?EcoGKZSIm0DB8aAEe4mRi6jwns+/1+A8G0bSMWWAoTJQ4/rzz2E2CDaPGvW/?= =?iso-8859-1?q?gtNcV50lwxhvkUZkvZguR5VmaydC17pMry8xfLai+7zCrwH5k5CalMT2KEZE?= =?iso-8859-1?q?l2YUX2WY5luGOnfWQdIJ0rvW1VXUia3vCpvOAY2b5Hq15WT9rQ3Pz4klQZfk?= =?iso-8859-1?q?kjpQtD7nySLcllj/24RFxmE7PdJkavD//EIfc8lghHl+F/ToTqoSNMsufiyM?= =?iso-8859-1?q?tcZdNyerGAokJxzHQXqWVg10M1TSoQOKScr1vwvrUrWJ0xSFUTTVWfgGkVuW?= =?iso-8859-1?q?cRDwUMXVgsJQW3faCww3ho3sRsQrzIpFWEPBANK+zF5cDZHozs805cDqhh/G?= =?iso-8859-1?q?FAX11/Izf2QOwQuiO9xPEk31HuIHT0N+tqI8DfIM/m5HLNTwp9nyoUHsKhN/?= =?iso-8859-1?q?3IjDpriykq4HQFEYUuMgvOu+VCjHBGExYgtamF598a/EJ7ibVQ+D+Ct3vPp0?= =?iso-8859-1?q?a3/YZgm/BdriS/hHt+sIRnK6vWV9+OameqGBdMoSTkl0BsuuDVMXCJWTu1o1?= =?iso-8859-1?q?V8XqHARiN5119z3t2v5HCw8XcIIoSS04DhTyZcdudn5Tv/PFRQsz+febJbE/?= =?iso-8859-1?q?zNX0wUyH+joJHYDBD2bJPqxQzteHKDzZZDGjf7ypT+dk+p0kpudp6P52xH4+?= =?iso-8859-1?q?t4r6wvh80ERWtNO0Uomu8ktsAaugqRxMFfSHs19qWEUxZj33bDEQpUfTg46b?= =?iso-8859-1?q?2Ucbw0CleKaf8f0P5FjuF93xMAgae8B5ix+LiAvW7cQmOQqQ2Tdv2nVCSEes?= =?iso-8859-1?q?gqzG2B1RnbhZWAnTGxGvBlOTqBJMwLRmIedJ0hskR2RkV6o0WMI2Urr0+YcP?= =?iso-8859-1?q?hTVbxBFLkfuLymC5j03OQJpbKLBo68QovqKbyUMXG6ujT6JJlA02DsZOZ89p?= =?iso-8859-1?q?jlxYW0rpTHN7blVlZ?= MIME-Version: 1.0 X-OriginatorOrg: kpit.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 96ef5c3e-8def-420f-ec2c-08dac72177a4 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2022 15:52:58.1011 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3539451e-b46e-4a26-a242-ff61502855c7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4rFWPsgvT7y/cPQl7AXDFi76i9vGDr3EAu9nFDPRNgClRgghaCzMZ2nhrFpTGCZUOMiRwYRvMKqfwyt/8V8Y0g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN0PR01MB5549 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 15 Nov 2022 15:53:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/173351 Hi Steve, Please find the attached patch for the fix of CVE-2022-3821 systemd issue. Thanks, Best Regards, Ranjitsinh Rathod Technical Leader | | KPIT Technologies Ltd. Cellphone: +91-84606 92403 From 73b9368919ed97009ee4c495837cda8ff3fa1b85 Mon Sep 17 00:00:00 2001 From: Ranjitsinh Rathod Date: Mon, 14 Nov 2022 20:20:23 +0530 Subject: [PATCH] systemd: Fix CVE-2022-3821 issue An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. Add a patch to solve above CVE issue Link: https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e Signed-off-by: Ranjitsinh Rathod --- .../systemd/systemd/CVE-2022-3821.patch | 47 +++++++++++++++++++ meta/recipes-core/systemd/systemd_244.5.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-3821.patch diff --git a/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch b/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch new file mode 100644 index 0000000000..f9c6704cfc --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch @@ -0,0 +1,47 @@ +From 9102c625a673a3246d7e73d8737f3494446bad4e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 7 Jul 2022 18:27:02 +0900 +Subject: [PATCH] time-util: fix buffer-over-run + +Fixes #23928. + +CVE: CVE-2022-3821 +Upstream-Status: Backport [https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e.patch] +Signed-off-by: Ranjitsinh Rathod +Comment: Both the hunks refreshed to backport + +--- + src/basic/time-util.c | 2 +- + src/test/test-time-util.c | 5 +++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index abbc4ad5cd70..26d59de12348 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -514,7 +514,7 @@ char *format_timespan(char *buf, size_t + t = b; + } + +- n = MIN((size_t) k, l); ++ n = MIN((size_t) k, l-1); + + l -= n; + p += n; +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index e8e4e2a67bb1..58c5fa9be40c 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -501,6 +501,12 @@ int main(int argc, char *argv[]) { + test_format_timespan(1); + test_format_timespan(USEC_PER_MSEC); + test_format_timespan(USEC_PER_SEC); ++ ++ /* See issue #23928. */ ++ _cleanup_free_ char *buf; ++ assert_se(buf = new(char, 5)); ++ assert_se(buf == format_timespan(buf, 5, 100005, 1000)); ++ + test_timezone_is_valid(); + test_get_timezones(); + test_usec_add(); diff --git a/meta/recipes-core/systemd/systemd_244.5.bb b/meta/recipes-core/systemd/systemd_244.5.bb index f3e5395465..77ef2bc42f 100644 --- a/meta/recipes-core/systemd/systemd_244.5.bb +++ b/meta/recipes-core/systemd/systemd_244.5.bb @@ -33,6 +33,7 @@ SRC_URI += "file://touchscreen.rules \ file://CVE-2021-3997-1.patch \ file://CVE-2021-3997-2.patch \ file://CVE-2021-3997-3.patch \ + file://CVE-2022-3821.patch \ " # patches needed by musl -- 2.17.1