diff mbox series

[meta-oe,08/20] ndpi: remove unused CVE-2021-36082.patch

Message ID 20230524075253.1033593-8-Martin.Jansa@gmail.com
State Under Review
Headers show
Series [meta-oe,01/20] libsquish: remove unused 0001-makefile-Add-LIBDIR.patch | expand

Commit Message

Martin Jansa May 24, 2023, 7:52 a.m. UTC
* it was removed from SRC_URI in:
  https://git.openembedded.org/meta-openembedded/commit/?id=8359cf87458d185011831a8132b8af17bcbc9605

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
---
 .../ntopng/files/CVE-2021-36082.patch         | 116 ------------------
 1 file changed, 116 deletions(-)
 delete mode 100644 meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch b/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch
deleted file mode 100644
index 8fdd62d186..0000000000
--- a/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch
+++ /dev/null
@@ -1,116 +0,0 @@ 
-From 1ec621c85b9411cc611652fd57a892cfef478af3 Mon Sep 17 00:00:00 2001
-From: Luca Deri <deri@ntop.org>
-Date: Sat, 15 May 2021 19:53:46 +0200
-Subject: [PATCH] Added further checks
-
-Upstream-Status: Backport [https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3]
-CVE: CVE-2021-36082
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
----
- src/lib/protocols/netbios.c |  2 +-
- src/lib/protocols/tls.c     | 32 +++++++++++++++++---------------
- 2 files changed, 18 insertions(+), 16 deletions(-)
-
-diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
-index 1f3850cb..0d3b705f 100644
---- a/src/lib/protocols/netbios.c
-+++ b/src/lib/protocols/netbios.c
-@@ -42,7 +42,7 @@ int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len
-   int ret = 0, len, idx = inlen;
-   char *b;
- 
--  len = (*in++)/2;
-+  len = (*in++)/2, inlen--;
-   b  = out;
-   *out = 0;
- 
-diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
-index 5b572cae..c115ac08 100644
---- a/src/lib/protocols/tls.c
-+++ b/src/lib/protocols/tls.c
-@@ -994,21 +994,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
- 	i += 4 + extension_len, offset += 4 + extension_len;
-       }
- 
--      ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version);
-+      ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version);
- 
--      for(i=0; i<ja3.num_cipher; i++) {
--	rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]);
-+      for(i=0; (i<ja3.num_cipher) && (JA3_STR_LEN > ja3_str_len); i++) {
-+	rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]);
- 
- 	if(rc <= 0) break; else ja3_str_len += rc;
-       }
- 
--      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
--      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
-+      if(JA3_STR_LEN > ja3_str_len) {
-+          rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
-+          if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
-+      }
- 
-       /* ********** */
- 
--      for(i=0; i<ja3.num_tls_extension; i++) {
--	int rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]);
-+      for(i=0; (i<ja3.num_tls_extension) && (JA3_STR_LEN-ja3_str_len); i++) {
-+	int rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]);
- 
- 	if(rc <= 0) break; else ja3_str_len += rc;
-       }
-@@ -1443,41 +1445,41 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
- 	      int rc;
- 
- 	    compute_ja3c:
--	      ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version);
-+	      ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version);
- 
- 	      for(i=0; i<ja3.num_cipher; i++) {
--		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
-+		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
- 			      (i > 0) ? "-" : "", ja3.cipher[i]);
- 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
- 	      }
- 
--	      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
-+	      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
- 	      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
- 
- 	      /* ********** */
- 
- 	      for(i=0; i<ja3.num_tls_extension; i++) {
--		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
-+		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
- 			      (i > 0) ? "-" : "", ja3.tls_extension[i]);
- 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
- 	      }
- 
--	      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
-+	      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
- 	      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
- 
- 	      /* ********** */
- 
- 	      for(i=0; i<ja3.num_elliptic_curve; i++) {
--		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
-+		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
- 			      (i > 0) ? "-" : "", ja3.elliptic_curve[i]);
- 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
- 	      }
- 
--	      rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ",");
-+	      rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",");
- 	      if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc;
- 
- 	      for(i=0; i<ja3.num_elliptic_curve_point_format; i++) {
--		rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u",
-+		rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
- 			      (i > 0) ? "-" : "", ja3.elliptic_curve_point_format[i]);
- 		if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break;
- 	      }
--- 
-2.17.1
-