Patch improper sanitization of shell escapes (CVE-2018-10932)

Signed-off-by: Petr Machata <pmachata@gmail.com>
2018-10-23 00:55:27 +02:00 · 2018-10-23 00:55:27 +02:00 · 2c53a6b4b9
commit 2c53a6b4b9
parent 9c1bec86cb
2 changed files with 57 additions and 1 deletions
--- a/lldpad.spec
+++ b/lldpad.spec
@ -45,6 +45,11 @@ Patch27:	open-lldp-v1.0.1-27-fix-build-warnings.patch
 # https://github.com/intel/openlldp/pull/9
 Patch28:	open-lldp-v1.0.1-28-support-DSCP-selectors.patch

+# https://bugzilla.redhat.com/show_bug.cgi?id=1614932
+# https://bugzilla.redhat.com/show_bug.cgi?id=1614896 (CVE-2018-10932)
+# https://github.com/intel/openlldp/pull/7
+Patch29:	open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch
+
 BuildRequires:      automake autoconf libtool
 BuildRequires:      flex >= 2.5.33
 BuildRequires:      kernel-headers >= 2.6.32
@ -117,7 +122,9 @@ rm -f %{buildroot}%{_libdir}/liblldp_clif.la
 %{_libdir}/liblldp_clif.so

 %changelog
-* Thu Aug 16 2018 Petr Machata <pmachata@gmail.com> - 1.0.1-12.git036e314
+* Tue Oct 23 2018 Petr Machata <pmachata@gmail.com> - 1.0.1-12.git036e314
+- Add open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch (BZ 1614932,
+  1614896 (CVE-2018-10932)
 - Add open-lldp-v1.0.1-28-support-DSCP-selectors.patch (BZ 1618377)

 * Tue Jul 24 2018 Adam Williamson <awilliam@redhat.com> - 1.0.1-11.git036e314
--- a/open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch
+++ b/open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch
@ -0,0 +1,49 @@
+From cf3f54d1883e5bc23e4c4006a63e1dde88684013 Mon Sep 17 00:00:00 2001
+From: Aaron Conole <aconole@redhat.com>
+Date: Thu, 21 Jun 2018 13:28:48 -0400
+Subject: [PATCH] basman_clif: print the OID properly
+
+When invoking the lldp tool to view the management information, the display
+for the OID is printed as the actual binary bits, rather than the
+OID dotted-notation form.
+
+This change will display the OID as expected.
+
+Signed-off-by: Aaron Conole <aconole@redhat.com>
+---
+ lldp_basman_clif.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/lldp_basman_clif.c b/lldp_basman_clif.c
+index 7dba9d2..abd152d 100644
+--- a/lldp_basman_clif.c
+++ b/lldp_basman_clif.c
+@@ -272,8 +272,15 @@ void print_mng_addr(u16 len, char *info)
+ 		memset(buf, 0, sizeof(buf));
+ 		if (hexstr2bin(info+offset, (u8 *)&buf, oidlen))
+ 			printf("\tOID: Error parsing OID\n");
+-		else
+-			printf("\tOID: %s\n", buf);
+		else {
+			printf("\tOID: 0.");
+			for (i = 0; i < oidlen; ++i) {
+				printf("%d", buf[i]);
+				if (i != (oidlen - 1))
+					printf(".");
+			}
+			printf("\n");
+		}
+ 	} else if (oidlen > 128) {
+ 		printf("\tOID: Invalid length = %d\n", oidlen);
+ 	}
+@@ -310,3 +317,10 @@ u32 basman_lookup_tlv_name(char *tlvid_str)
+ 	}
+ 	return INVALID_TLVID;
+ }
+
+/* Local Variables:    */
+/* c-indent-level: 8   */
+/* c-basic-offset: 8   */
+/* tab-width: 8        */
+/* indent-tabs-mode: t */
+/* End:                */