* [Buildroot] [PATCH 1/1] package/rtl_433: fix CVE-2022-27419
@ 2022-04-24 20:16 Fabrice Fontaine
2022-04-25 20:26 ` Arnout Vandecappelle
2022-05-27 8:49 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-04-24 20:16 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
rtl_433 21.12 was discovered to contain a stack overflow in the function
acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows
attackers to cause a Denial of Service (DoS) via a crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...0004-Fix-overflow-in-Acurite-00275rm.patch | 35 +++++++++++++++++++
package/rtl_433/rtl_433.mk | 3 ++
2 files changed, 38 insertions(+)
create mode 100644 package/rtl_433/0004-Fix-overflow-in-Acurite-00275rm.patch
diff --git a/package/rtl_433/0004-Fix-overflow-in-Acurite-00275rm.patch b/package/rtl_433/0004-Fix-overflow-in-Acurite-00275rm.patch
new file mode 100644
index 0000000000..057bf9cf64
--- /dev/null
+++ b/package/rtl_433/0004-Fix-overflow-in-Acurite-00275rm.patch
@@ -0,0 +1,35 @@
+From 37455483889bd1c641bdaafc493d1cc236b74904 Mon Sep 17 00:00:00 2001
+From: "Christian W. Zuckschwerdt" <christian@zuckschwerdt.org>
+Date: Fri, 18 Mar 2022 08:09:15 +0100
+Subject: [PATCH] Fix overflow in Acurite-00275rm (closes #2012)
+
+[Retrieved from:
+https://github.com/merbanan/rtl_433/commit/37455483889bd1c641bdaafc493d1cc236b74904]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/devices/acurite.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/devices/acurite.c b/src/devices/acurite.c
+index 6879e52da..4f3e83eb3 100644
+--- a/src/devices/acurite.c
++++ b/src/devices/acurite.c
+@@ -1318,15 +1318,15 @@ static int acurite_00275rm_decode(r_device *decoder, bitbuffer_t *bitbuffer)
+
+ // Combine signal if exactly three repeats were found
+ if (n_rows == 3) {
+- uint8_t *b = bitbuffer->bb[bitbuffer->num_rows];
++ bitbuffer_add_row(bitbuffer);
++ uint8_t *b = bitbuffer->bb[bitbuffer->num_rows - 1];
+ for (int i = 0; i < 11; ++i) {
+ // The majority bit count wins
+ b[i] = (b_rows[0][i] & b_rows[1][i]) |
+ (b_rows[1][i] & b_rows[2][i]) |
+ (b_rows[2][i] & b_rows[0][i]);
+ }
+- bitbuffer->bits_per_row[bitbuffer->num_rows] = 88;
+- bitbuffer->num_rows += 1;
++ bitbuffer->bits_per_row[bitbuffer->num_rows - 1] = 88;
+ }
+
+ // Output the first valid row
diff --git a/package/rtl_433/rtl_433.mk b/package/rtl_433/rtl_433.mk
index d1c28adbf5..8326caedb2 100644
--- a/package/rtl_433/rtl_433.mk
+++ b/package/rtl_433/rtl_433.mk
@@ -20,6 +20,9 @@ RTL_433_CONF_OPTS = \
# 0003-minor-Fix-overflow-in-Clipsal-CMR113-and-Somfy-IOHC.patch
RTL_433_IGNORE_CVES += CVE-2022-25051
+# 0004-Fix-overflow-in-Acurite-00275rm.patch
+RTL_433_IGNORE_CVES += CVE-2022-27419
+
ifeq ($(BR2_PACKAGE_LIBRTLSDR),y)
RTL_433_DEPENDENCIES += librtlsdr
RTL_433_CONF_OPTS += -DENABLE_RTLSDR=ON
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/rtl_433: fix CVE-2022-27419
2022-04-24 20:16 [Buildroot] [PATCH 1/1] package/rtl_433: fix CVE-2022-27419 Fabrice Fontaine
@ 2022-04-25 20:26 ` Arnout Vandecappelle
2022-05-27 8:49 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Arnout Vandecappelle @ 2022-04-25 20:26 UTC (permalink / raw)
To: Fabrice Fontaine, buildroot
On 24/04/2022 22:16, Fabrice Fontaine wrote:
> rtl_433 21.12 was discovered to contain a stack overflow in the function
> acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows
> attackers to cause a Denial of Service (DoS) via a crafted file.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
This package is racking up CVEs :-)
Applied to master, thanks.
Regards,
Arnout
> ---
> ...0004-Fix-overflow-in-Acurite-00275rm.patch | 35 +++++++++++++++++++
> package/rtl_433/rtl_433.mk | 3 ++
> 2 files changed, 38 insertions(+)
> create mode 100644 package/rtl_433/0004-Fix-overflow-in-Acurite-00275rm.patch
>
> diff --git a/package/rtl_433/0004-Fix-overflow-in-Acurite-00275rm.patch b/package/rtl_433/0004-Fix-overflow-in-Acurite-00275rm.patch
> new file mode 100644
> index 0000000000..057bf9cf64
> --- /dev/null
> +++ b/package/rtl_433/0004-Fix-overflow-in-Acurite-00275rm.patch
> @@ -0,0 +1,35 @@
> +From 37455483889bd1c641bdaafc493d1cc236b74904 Mon Sep 17 00:00:00 2001
> +From: "Christian W. Zuckschwerdt" <christian@zuckschwerdt.org>
> +Date: Fri, 18 Mar 2022 08:09:15 +0100
> +Subject: [PATCH] Fix overflow in Acurite-00275rm (closes #2012)
> +
> +[Retrieved from:
> +https://github.com/merbanan/rtl_433/commit/37455483889bd1c641bdaafc493d1cc236b74904]
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +---
> + src/devices/acurite.c | 6 +++---
> + 1 file changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/src/devices/acurite.c b/src/devices/acurite.c
> +index 6879e52da..4f3e83eb3 100644
> +--- a/src/devices/acurite.c
> ++++ b/src/devices/acurite.c
> +@@ -1318,15 +1318,15 @@ static int acurite_00275rm_decode(r_device *decoder, bitbuffer_t *bitbuffer)
> +
> + // Combine signal if exactly three repeats were found
> + if (n_rows == 3) {
> +- uint8_t *b = bitbuffer->bb[bitbuffer->num_rows];
> ++ bitbuffer_add_row(bitbuffer);
> ++ uint8_t *b = bitbuffer->bb[bitbuffer->num_rows - 1];
> + for (int i = 0; i < 11; ++i) {
> + // The majority bit count wins
> + b[i] = (b_rows[0][i] & b_rows[1][i]) |
> + (b_rows[1][i] & b_rows[2][i]) |
> + (b_rows[2][i] & b_rows[0][i]);
> + }
> +- bitbuffer->bits_per_row[bitbuffer->num_rows] = 88;
> +- bitbuffer->num_rows += 1;
> ++ bitbuffer->bits_per_row[bitbuffer->num_rows - 1] = 88;
> + }
> +
> + // Output the first valid row
> diff --git a/package/rtl_433/rtl_433.mk b/package/rtl_433/rtl_433.mk
> index d1c28adbf5..8326caedb2 100644
> --- a/package/rtl_433/rtl_433.mk
> +++ b/package/rtl_433/rtl_433.mk
> @@ -20,6 +20,9 @@ RTL_433_CONF_OPTS = \
> # 0003-minor-Fix-overflow-in-Clipsal-CMR113-and-Somfy-IOHC.patch
> RTL_433_IGNORE_CVES += CVE-2022-25051
>
> +# 0004-Fix-overflow-in-Acurite-00275rm.patch
> +RTL_433_IGNORE_CVES += CVE-2022-27419
> +
> ifeq ($(BR2_PACKAGE_LIBRTLSDR),y)
> RTL_433_DEPENDENCIES += librtlsdr
> RTL_433_CONF_OPTS += -DENABLE_RTLSDR=ON
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/rtl_433: fix CVE-2022-27419
2022-04-24 20:16 [Buildroot] [PATCH 1/1] package/rtl_433: fix CVE-2022-27419 Fabrice Fontaine
2022-04-25 20:26 ` Arnout Vandecappelle
@ 2022-05-27 8:49 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-05-27 8:49 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> rtl_433 21.12 was discovered to contain a stack overflow in the function
> acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows
> attackers to cause a Denial of Service (DoS) via a crafted file.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-05-27 8:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-24 20:16 [Buildroot] [PATCH 1/1] package/rtl_433: fix CVE-2022-27419 Fabrice Fontaine
2022-04-25 20:26 ` Arnout Vandecappelle
2022-05-27 8:49 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.