[meta-oe,scarthgap,1/1] tftpy: fix CVE-2023-46566

Message ID	20250424152440.2427997-1-archana.polampalli@windriver.com
State	New
Headers	show Return-Path: <archana.polampalli@windriver.com> ip: 205.220.166.238, mailfrom: prvs=6209e62087=archana.polampalli@windriver.com) From: <archana.polampalli@windriver.com> To: <openembedded-devel@lists.openembedded.org> Subject: [oe][meta-oe][scarthgap][PATCH 1/1] tftpy: fix CVE-2023-46566 Date: Thu, 24 Apr 2025 15:24:40 +0000 Message-ID: <20250424152440.2427997-1-archana.polampalli@windriver.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	[meta-oe,scarthgap,1/1] tftpy: fix CVE-2023-46566 \| expand [meta-oe,scarthgap,1/1] tftpy: fix CVE-2023-46566

Message ID

20250424152440.2427997-1-archana.polampalli@windriver.com

State

New

Headers

From: <archana.polampalli@windriver.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: [oe][meta-oe][scarthgap][PATCH  1/1] tftpy: fix CVE-2023-46566
Date: Thu, 24 Apr 2025 15:24:40 +0000
Message-ID: <20250424152440.2427997-1-archana.polampalli@windriver.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Sensitive_Customer_Information: Yes
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40
 definitions=2025-04-24_06,2025-04-24_01,2025-02-21_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 lowpriorityscore=0
 priorityscore=1501 clxscore=1015 adultscore=0 spamscore=0 bulkscore=0
 impostorscore=0 malwarescore=0 mlxlogscore=999 mlxscore=0 suspectscore=0
 phishscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound
 adjust=0 reason=mlx scancount=1 engine=8.21.0-2504070000
 definitions=main-2504240105
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Thu, 24 Apr 2025 15:24:45 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/117095

Series

[meta-oe,scarthgap,1/1] tftpy: fix CVE-2023-46566 | expand

Commit Message

Polampalli, Archana April 24, 2025, 3:24 p.m. UTC

From: Archana Polampalli <archana.polampalli@windriver.com>

Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c
allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
 .../python/tftpy/CVE-2023-46566.patch         | 26 +++++++++++++++++++
 .../recipes-devtools/python/tftpy_0.8.2.bb    |  2 ++
 2 files changed, 28 insertions(+)
 create mode 100644 meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch

diff --git a/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch
new file mode 100644
index 0000000000..0131dedb1c
--- /dev/null
+++ b/meta-python/recipes-devtools/python/tftpy/CVE-2023-46566.patch
@@ -0,0 +1,26 @@ 
+From 5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f Mon Sep 17 00:00:00 2001
+From: Dave Wapstra <dwapstra@cisco.com>
+Date: Wed, 3 Jul 2024 14:32:58 +1200
+Subject: [PATCH] Add packet size check
+
+CVE: CVE-2023-46566
+
+Upstream-Status: Backport [https://github.com/msoulier/tftpy/commit/5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f]
+---
+ tftpy/TftpPacketFactory.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tftpy/TftpPacketFactory.py b/tftpy/TftpPacketFactory.py
+index 41f39a9..a8c9cd0 100644
+--- a/tftpy/TftpPacketFactory.py
++++ b/tftpy/TftpPacketFactory.py
+@@ -29,6 +29,7 @@ class TftpPacketFactory(object):
+         """This method is used to parse an existing datagram into its
+         corresponding TftpPacket object. The buffer is the raw bytes off of
+         the network."""
++        tftpassert(len(buffer) > 2, 'Invalid packet size')
+         log.debug("parsing a %d byte packet" % len(buffer))
+         (opcode,) = struct.unpack(str("!H"), buffer[:2])
+         log.debug("opcode is %d" % opcode)
+--
+2.40.0
diff --git a/meta-python/recipes-devtools/python/tftpy_0.8.2.bb b/meta-python/recipes-devtools/python/tftpy_0.8.2.bb
index c1b3234f72..c169916845 100644
--- a/meta-python/recipes-devtools/python/tftpy_0.8.2.bb
+++ b/meta-python/recipes-devtools/python/tftpy_0.8.2.bb
@@ -11,3 +11,5 @@  LIC_FILES_CHKSUM = "file://LICENSE;md5=22770e72ae03c61f5bcc4e333b61368d"
 SRC_URI[sha256sum] = "e1d1a680efd88eba176b351175844253067392a9b0f8b81588e3ff2b9e7bbb5b"
 
 inherit pypi setuptools3
+
+SRC_URI += "file://CVE-2023-46566.patch"

[meta-oe,scarthgap,1/1] tftpy: fix CVE-2023-46566

Commit Message

Patch