[kirkstone] dbus: fix CVE-2022-42011 dbus-daemon can be crashed by messages with array length inconsistent with element type

From: Xiangyu Chen <xiangyu.chen@eng.windriver.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-Core][kirkstone][PATCH] dbus: fix CVE-2022-42011 dbus-daemon can
 be crashed by messages with array length inconsistent with element type
Date: Mon, 14 Nov 2022 14:21:23 +0800
Message-Id: <20221114062123.93041-1-xiangyu.chen@eng.windriver.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 +fSvuoVyWbd3l9yXhQWyL60e+xeuhsOUxRdPmJKm1PBY83msH1+6vMeeGsdsjMsftqOR/8KlKOy/FivzVTobmgAIySHxrxk3+o9dJcOapQkBr36Uq+5HxgUeoiXxwhmgI3CxW/B8Kz6ymT0EHfVgiRNWBMN8ZPerjvrxDdI9RUJJjmPMw+yWCdYRmCvErupSxXDYbjx8pnyDX/Zx40NKAwyqDoXPM4+p2XKzjYLPNvm42PUDW0fjTrcvKCQqA/BrF9doP9Av740JuwauH21ZfsdaIewmpWnEqpLVBVXNQHh9cdKQTWgdCPpkjkUkkZr2sxpd0CU4YspIz55uPtRoUT4rfxQpjzdkPBLdEWGdsMbXx9Fxg1PMuytcmvZ8L432eQyGQYFNsfzmVSE/ZgFdtXQgxGcIFJ3zyXRBzQrwcmMPEDiRVX+zpR6jc8NmhdGXVuIvH9BMkffH099Y3s1zUf7kaMBizFlSP8JRhPH0osCtN9lOXbGfp3BqDE1SEtbSk8vfz2+BVaTgFCiYi6g7chAVKTki+Qft92FuoTtXgc2ys7SfeNW1GpgckDQ4Oo6ICwZz3iZZt4GkfqoBni62qMzuYdCS//n2FJAoWbpcBAObC7EwrvBl4wy+iNxl7TwGQr0sTAtxJyxgx5lxV9DPQnZO6buwYHoaxCBnkM1xCP5OD5ll76VWlSu33IvR+D4KCPjlipKGXaQBjBStu2ptwa8h+yZu1LvogpdsA38F/vcdnPyQ5HJGJj26vMUdt/0cV6d4Wqp9mZsBK0ZlNRDXsZfQkBGLhloPvbAEYhSWQbY9wMUj1QLpSrjdg8bd0kVZSMK/4OFzAhMN8B7RbbdSEsoIS92NrZf0zJu6vVYYjY56z0M59cCesduV/QxwxBXiaKPODp+PTZH/UUjFItwcsc0YAXFHaRvssFTf7MOcHSSJwQDGIZJCSWsTGwuZJEILBgtBH+q9TgG0CIcWGqi0HNWjejo3DWukoNWHzp2Aal6SOS9+PDh1XOFPslo+FV6S3KJWsrW55I7XxQAtzXdhNQw4bXrZITTOJ7+qzZCL0bjt0Bcb7eEgKVYlsCn/aSK1rJQKDpVMHFq9MH0P0WerLmym6yBm10tA8cQ/Wf29A+F5KuozVNOWaLLrCQ0fz4iERom3djWIs/ZPlYI5tIDO2GmWwLliZAU41J3WiBUBWuNLuvQ//tHJmOuKnoA4OXeMEj0c/3f158SLa+YBCx+5Vi1GxBOQzroVzMgy9TSE6cG8Qdg1cpMPDOMORmJIZu7zV8WNDRsB8GrmWbwZXu6qGd0oCt5sph3uWqDGR86yFwpsiAgyKXeL/BSp7uHY/sskKvNVElbC9HEk2FHYiLNxP/+WpKP0dkNCtpTETb/zGDpO6ky0D+uvItyOROjQIXsCx1kU/U6SOKgv9h6GAtCT4COkYSeUDxIJtYSgf5Fj7ZkguynPT6zAgQeEVL6HuhSCb8n7iRUil5Wx29hRf29KHZFCVeaeDDB5sQuPdWtNNT9b9LqKMuwegn3MCxTfX/cwcs9+BnVDSRy2PeaXWreOCz5aLjs2mMBhzPVM/whxD1Vb/mvJv1eoYxA6TLJNupgW4liW22wWkjZgzAXQBr3G+g==
X-OriginatorOrg: eng.windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 c0fd803f-9d82-4864-0ca0-08dac6088042
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5824.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Nov 2022 06:21:44.2228
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 fXn509bZK49p9NaKKaHG1Bkh1VaF1brkugOqp7LBsKFcsavHocJMn/IEdm0+WXEyiOCAcPdjvaWgoFbEeXlUSiNk0cRNaJtWoFJ+TSbusuk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0PR11MB5710
X-Proofpoint-GUID: PRTQSnKnZMZPz0jF7qswI4JMyUD2ugJT
X-Proofpoint-ORIG-GUID: PRTQSnKnZMZPz0jF7qswI4JMyUD2ugJT
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-11-14_05,2022-11-11_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 impostorscore=0
 suspectscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501
 clxscore=1015 spamscore=0 mlxscore=0 phishscore=0 bulkscore=0
 lowpriorityscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.12.0-2210170000 definitions=main-2211140046
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 14 Nov 2022 06:21:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/173226

Message ID	20221114062123.93041-1-xiangyu.chen@eng.windriver.com
State	Accepted, archived
Commit	5d96a3c244388623d87a2999dafaa25d0bd216b6
Headers	show Return-Path: <xiangyu.chen@eng.windriver.com> ip: 205.220.178.238, mailfrom: prvs=8317b30afd=xiangyu.chen@windriver.com) From: Xiangyu Chen <xiangyu.chen@eng.windriver.com> To: openembedded-core@lists.openembedded.org Subject: [OE-Core][kirkstone][PATCH] dbus: fix CVE-2022-42011 dbus-daemon can be crashed by messages with array length inconsistent with element type Date: Mon, 14 Nov 2022 14:21:23 +0800 Message-Id: <20221114062123.93041-1-xiangyu.chen@eng.windriver.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0
Series	[kirkstone] dbus: fix CVE-2022-42011 dbus-daemon can be crashed by messages with array length inconsistent with element type \| expand [kirkstone] dbus: fix CVE-2022-42011 dbus-daemon can be crashed by messages with array length incon…

[kirkstone] dbus: fix CVE-2022-42011 dbus-daemon can be crashed by messages with array length inconsistent with element type

Commit Message

Patch