From patchwork Wed Feb 22 09:51:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Hugo Simeliere X-Patchwork-Id: 19981 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F00CC6379F for ; Wed, 22 Feb 2023 09:51:16 +0000 (UTC) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (EUR01-DB5-obe.outbound.protection.outlook.com [40.107.15.40]) by mx.groups.io with SMTP id smtpd.web11.5164.1677059472851814287 for ; Wed, 22 Feb 2023 01:51:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@witekio.com header.s=selector2 header.b=q66dhLN8; spf=pass (domain: witekio.com, ip: 40.107.15.40, mailfrom: hsimeliere.opensource@witekio.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i+m9y1pRV9ZdnYapFhiLjpm6bFwVBknQkKvcdoqoN5OnNpE3pXlXCO3iMzOGSWRwXYxIStbRAU/B9ICt31CWfRQjusjXKZf2sa7+8tJkrBTjneLHKhfs+RvAD3Fhe0jrbmk3Y6jB3bderEzNl2tXrGEzwqWhbnOeXqS9FHfvoEIvcP2aAijWlO0RlVro7fDGpH6eqyxw4lVpjk5SZNGm2/37Rs2dSUPMpfqVQfwL04kK3DFEljIfz2KJ4RdPUkrBuQ7018cS13/4JtFExzPbvwO46hK1DyPwc+d1LyAr5XCA9KUK2qLPo5VxJhEYdKR7eZMRNp28uR5W201K9/iHZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hiyuMQtOI9EXkwDdhLLcu5yoCaZRK+PKhv/tC0umyXg=; b=GBwdNjfOWaRpWP5mh/R2GxbAre+bs6NV2Mg3o2PJ2QJm8GQspiQnG23R7UjS/rZuc5/JjVxHV2oNOK6hDjEY/E+V121wt5mspYCgd7ZdvY/eDHB8zvm7KgHBjIH4dj43tmRPQ+zWkhDsD0HpPsoLQDa1qE4nAlFDfLrOQhMU8qPifKe2ggz5VW4NwrTW2V0JfMnnb68iRL6g11FuFM5PpPCY3ZF/9xay8PHr6tLhTw/gCisKSSgFAjYhkMIa+eACwyUjv6f79PHGJx9tAaX7uOGvBY0m9mm2ayQshFPWFh3hEFc5qinMWPLU+kOp4sHSKWNolfk5/2l8URGM+k9u3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=witekio.com; dmarc=pass action=none header.from=witekio.com; dkim=pass header.d=witekio.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=witekio.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hiyuMQtOI9EXkwDdhLLcu5yoCaZRK+PKhv/tC0umyXg=; b=q66dhLN8rmB1qJlijpvZd6iRkPDYV/tKOe0P0CPDRSozwvjMeyvg8A2llY+/ue6phVCuvJvn67I1I9oPIfjpNYeSY6+7LN2N6Y9RnfFQdjuDI3QFOh0Z2GTdusFRw6rT6jAE7ldwaUXE37qADUewpJbslgpioWZRzt1QN/3v7Lsag3JbCpe/cGAvstucfkx3vmthC5h1sxckB79eSk2j7fzMK7qW45HhilYNDdmVHPR185t9J9pXnAuGfwWLtQP8YsdZRmCW0vVR55jhI0U4nS57kcpFfE1s+BDGy+f9zrGb/ErLZT36UwaX4kfzB3LalOiyUPwezmxg1c4Otgbc3Q== Received: from PR3P192MB0714.EURP192.PROD.OUTLOOK.COM (2603:10a6:102:48::10) by VE1P192MB0543.EURP192.PROD.OUTLOOK.COM (2603:10a6:800:165::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.19; Wed, 22 Feb 2023 09:51:09 +0000 Received: from PR3P192MB0714.EURP192.PROD.OUTLOOK.COM ([fe80::c795:3853:7373:322]) by PR3P192MB0714.EURP192.PROD.OUTLOOK.COM ([fe80::c795:3853:7373:322%8]) with mapi id 15.20.6134.019; Wed, 22 Feb 2023 09:51:09 +0000 From: Hugo SIMELIERE To: "openembedded-devel@lists.openembedded.org" Subject: [meta-oe][dunfell][PATCH] libmodbus: Fix CVE-2022-0367 Thread-Topic: [meta-oe][dunfell][PATCH] libmodbus: Fix CVE-2022-0367 Thread-Index: AQHZRqMINV/VQN7CWk+W4MgSoWqk1w== Date: Wed, 22 Feb 2023 09:51:09 +0000 Message-ID: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=witekio.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PR3P192MB0714:EE_|VE1P192MB0543:EE_ x-ms-office365-filtering-correlation-id: 948a1508-c458-485b-ef7c-08db14ba530c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /DnfeF58IxtdWZE9U5WYEKhzHM3opo4QPTup0P2xkyh6EYeGr9VnSjodujnkaL1NbdNZJrUMzoSz8abxd7hxXmSiUjcVu9J29CD+W2ELc4OD/9NY8w9KVgU4cXzKkDy9lYXBXOKKlweu7slg3fPxP77TabueSETtaQ2UtFMRpqTe+92Nxho8gUVKgL1fca7vd/42MgyrqNuIM1d/XTJKTp8cPxEpLvrKKYRHZO/TjeZNIzoX0tFfTiVaREbsfoBztEMbb4hwjoDi6L/DnmwW47HPWfzWTT6yVJ5Sm5Gr+UoREbTXYSmxLN5k+nkY6F524J8yPyN3ZEXtHwKs7eyv0VhZCKjboiyAKP9jmASjuSTCSy1oTRg5fDkdXmGn8dRHyu+GP8N5j6Uz/xIa5upGcHhxv0H6ExpPMm3/vPU/Cl6jpQystty5C+tq5knV6v+Lven3raJrQS71uZWgc/t2IoA5DCn7J5mjLYudiWlyy9AXlpSTx1lTNs7KFJMUukvjoVtqZTS7mUllYrbfcqLivPrOSqW1SBNCzNGJ9UVw3QtNGj1j6iJuWHvnEYBVcgc+IAEpbZ1bPoWyKVNjr+kKsJJbDsyKeZjvXEiZ84BpWWeDya1sP0h5RRokcS5lBOBXb775TAbKbsmXS0UIc34MEYeksh7E1/b2G0XHGaup5d7uEwdCMCozqPj3pidCxXm9GEqq3J3OWLcqaDxV2fVSvA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PR3P192MB0714.EURP192.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230025)(376002)(39840400004)(366004)(346002)(136003)(396003)(451199018)(19627405001)(83380400001)(122000001)(91956017)(71200400001)(66946007)(478600001)(8676002)(26005)(64756008)(316002)(6916009)(66556008)(66476007)(66446008)(76116006)(186003)(6506007)(9686003)(38070700005)(38100700002)(55016003)(86362001)(33656002)(2906002)(41300700001)(8936002)(5660300002)(52536014)(7696005)(55236004);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?N6shWvZ0cEYqeFtP8rmUOeO2tiSP?= =?utf-8?q?h55aqpAWopey3lSWPjdhyTThWOglIKNESvO33Ftg2JPwEZ/aOMO5DRjZ+p7WYYR2q?= =?utf-8?q?yrKXmL6nmVORVVrOtjVSKlGCWCJhwhRf6Xs3VNLkXM6yBns1qRm5r53iroM9CVn9X?= =?utf-8?q?eLxI+Woe97SQdWMi1UO9p12SYePNHT7Of8uCWMdNcKz2CUNIDsL4NgiH1Z44GVX9U?= =?utf-8?q?fjk2HsmHyqav5nKu8UP4syUkm3Wm7CYKOe8m6kyjGHQ560F9uK3AOYUz/Af+EtbvD?= =?utf-8?q?QNNTz5UIzfZPRPELK6WAFncTTH3E5pAqDa8i1ZifrSJeMgle6WkAlkLZy2IvHZ6la?= =?utf-8?q?r7HdijSRSPNksaQRNMS5N/YJaETY6Tx3c5iZL11MqHBdaGUy+6EJhw6C2lUgGXESK?= =?utf-8?q?q8hQnwRrXCHRwsiUrvKwd8RTsZhswKMx3fcM8DkV3zzj1ikPcrF3wV4NGPS8CfBeI?= =?utf-8?q?/BF58XCGeB7h+QnfU2FeKD6BI/sxUtj23VRkV7J/RsP7I2M/A3zOaTC3+NO54g5/k?= =?utf-8?q?UYqX6orhGFJKLm4i/JlO+xqGJrW8T9fLaEvA3YizI6Kgcjt13IU0R+DIqnnswP9Df?= =?utf-8?q?yB7cXvcpx5JF3QZdndSard8lkaC8wQtljc3AWfMZlezR32ZY7TKvSiETLFLZNchu8?= =?utf-8?q?flwKBVdLnVNP5xkNj2k9g+TeX0ic4sEwWywg9FITtE6SR80YQTYOC3eJg6Mil4Er2?= =?utf-8?q?PYepHi3MTRdZrFa+qGRlqAXcUt2grGQv3jhOxMbs8M96mZuOMZo//m23Y6eHniMve?= =?utf-8?q?J/1mPNKKu1WzI9M1Wilu4Dj8QDKfEB4NToTwYnrw7u3wub1sswy8lS2R//6gqg1/k?= =?utf-8?q?qkKs3Leg2EHUzS87ZACmuBPpRXJ964QGtyjvujPFaqBffvITT8S1r36w1zk4WhTLZ?= =?utf-8?q?V3jrkOkcql9Re+GS8J4AZMQ67fiEA4lC46J5RF+UpRd88MTvEysbPBWMWAa5dEvAe?= =?utf-8?q?eRlt4014d7Wme7G8rNwMiiQZfD0qTQ4/CivHMCzq7VskrHq3w70VR2DkoO4BPxf7w?= =?utf-8?q?bP6yKinrS8xhCeoztEp0jiMwj08Rqhpm9mRC1SfZv3tx2abfmveR+0R4mIjiHKK8I?= =?utf-8?q?qsCmQOaXBnevz6LaFt7NrQgzC9xWukFvma2XjIwHLLNtMoyviRdrW+rZxwOqrqOJk?= =?utf-8?q?YsfZS50r8Bc2IKy3AnlAWiMzkwKjbgWYLFsel7pG2ITeYh/I3Zk7mRZ8mrN4LUrMb?= =?utf-8?q?63Rr4oHqkOvnDtyrmlpy/Dj1SIAX/ifLyzzhNKYdWc0QTlq2SUAcle7dSI6K/1dnd?= =?utf-8?q?4pEwSjPKjun3b/D4PbGKExgCS8mFWjUHGrtcFi+UBUxUq2hqp+quwtrXahTWCuVdJ?= =?utf-8?q?rGchjjeeq0DkcUaObq460f+EDhLsor6IW5ehTgWZOPEocD/AafnNXikj5t8l4zmcQ?= =?utf-8?q?y4xCH33vqbxf01jAKtIE9vIH5VLt/hi3klWhEGR3gHOaXb0uRPUbD3wNu8O7IM16D?= =?utf-8?q?2sJbTRcdPv018QLXvcmBDvDVKT4HxGhUrmlk1rhrok3XjbbdA/TTnmAqqKvseMN7s?= =?utf-8?q?OOrhdaDu9bnp?= MIME-Version: 1.0 X-OriginatorOrg: witekio.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PR3P192MB0714.EURP192.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 948a1508-c458-485b-ef7c-08db14ba530c X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2023 09:51:09.2730 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 317e086a-301a-49af-9ea4-48a1c458b903 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3rK2q824YcQQYhHAvScNnj8V18XBOKbhwu9wpiqSCUcq5m3FkP9JccZuB+OWrL3UIE7Uc96nNGoiM4pbzO8ncg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1P192MB0543 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 22 Feb 2023 09:51:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/101206 Signed-off-by: Hugo SIMELIERE --- .../libmodbus/libmodbus/CVE-2022-0367.patch | 38 +++++++++++++++++++ .../libmodbus/libmodbus_3.1.6.bb | 4 +- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch -- 2.39.2 diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch b/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch new file mode 100644 index 000000000..120954e4f --- /dev/null +++ b/meta-oe/recipes-extended/libmodbus/libmodbus/CVE-2022-0367.patch @@ -0,0 +1,38 @@ +From 790ff6dad16b70e68804a2d53ad54db40412e889 Mon Sep 17 00:00:00 2001 +From: Michael Heimpold +Date: Sat, 8 Jan 2022 20:00:50 +0100 +Subject: [PATCH] modbus_reply: fix copy & paste error in sanity check (fixes + #614) + +[ Upstream commit b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 ] + +While handling MODBUS_FC_WRITE_AND_READ_REGISTERS, both address offsets +must be checked, i.e. the read and the write address must be within the +mapping range. + +At the moment, only the read address was considered, it looks like a +simple copy and paste error, so let's fix it. + +CVE: CVE-2022-0367 + +Signed-off-by: Michael Heimpold +--- + src/modbus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/modbus.c b/src/modbus.c +index 68a28a3..c871152 100644 +--- a/src/modbus.c ++++ b/src/modbus.c +@@ -961,7 +961,7 @@ int modbus_reply(modbus_t *ctx, const uint8_t *req, + nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS); + } else if (mapping_address < 0 || + (mapping_address + nb) > mb_mapping->nb_registers || +- mapping_address < 0 || ++ mapping_address_write < 0 || + (mapping_address_write + nb_write) > mb_mapping->nb_registers) { + rsp_length = response_exception( + ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, +-- +2.39.1 + diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb index 075487ae9..0822a1144 100644 --- a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb +++ b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.6.bb @@ -2,7 +2,9 @@ require libmodbus.inc SRC_URI += "file://f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch \       file://Fix-float-endianness-issue-on-big-endian-arch.patch \ -      file://Fix-typo.patch" +      file://Fix-typo.patch \ +      file://CVE-2022-0367.patch \" + SRC_URI[md5sum] = "15c84c1f7fb49502b3efaaa668cfd25e" SRC_URI[sha256sum] = "d7d9fa94a16edb094e5fdf5d87ae17a0dc3f3e3d687fead81835d9572cf87c16"