diff mbox series

[meta-oe,kirkstone,1/1] dlt-daemon: fix CVE-2023-36321

Message ID 20250221063325.798888-1-yogita.urade@windriver.com
State New
Headers show
Series [meta-oe,kirkstone,1/1] dlt-daemon: fix CVE-2023-36321 | expand

Commit Message

yurade Feb. 21, 2025, 6:33 a.m. UTC 
From: Yogita Urade <yogita.urade@windriver.com>

Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas
discovered to contain a buffer overflow via the component
/shared/dlt_common.c.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36321

Upstream patch:
https://github.com/michael-methner/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
 .../dlt-daemon/CVE-2023-36321.patch           | 32 +++++++++++++++++++
 .../dlt-daemon/dlt-daemon_2.18.8.bb           |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2023-36321.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2023-36321.patch b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2023-36321.patch
new file mode 100644
index 0000000000..05f3fd4343
--- /dev/null
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/CVE-2023-36321.patch
@@ -0,0 +1,32 @@ 
+From 8ac9a080bee25e67e49bd138d81c992ce7b6d899 Mon Sep 17 00:00:00 2001
+From: Michael Methner <mmethner@de.adit-jv.com>
+Date: Fri, 27 Jan 2023 10:51:07 +0100
+Subject: [PATCH] Check for negative index in dlt_file_message
+
+Fixes #436
+
+Signed-off-by: Michael Methner <mmethner@de.adit-jv.com>
+
+CVE: CVE-2023-36321
+Upstream-Status: Backport [https://github.com/michael-methner/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/shared/dlt_common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c
+index 4303c50..34da70a 100644
+--- a/src/shared/dlt_common.c
++++ b/src/shared/dlt_common.c
+@@ -1718,7 +1718,7 @@ DltReturnValue dlt_file_message(DltFile *file, int index, int verbose)
+         return DLT_RETURN_WRONG_PARAMETER;
+
+     /* check if message is in range */
+-    if (index >= file->counter) {
++    if (index < 0 || index >= file->counter) {
+         dlt_vlog(LOG_WARNING, "Message %d out of range!\r\n", index);
+         return DLT_RETURN_WRONG_PARAMETER;
+     }
+--
+2.40.0
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
index 8ef056651b..d3ae2a460e 100644
--- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb
@@ -20,6 +20,7 @@  SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \
            file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
            file://0001-Fix-memory-leak.patch \
            file://CVE-2022-39836-CVE-2022-39837.patch \
+           file://CVE-2023-36321.patch \
            "
 SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2"