Patch improper sanitization of shell escapes (CVE-2018-10932)
Signed-off-by: Petr Machata <pmachata@gmail.com>
This commit is contained in:
Petr Machata
parent
9c1bec86cb
commit
2c53a6b4b9
@ -45,6 +45,11 @@ Patch27: open-lldp-v1.0.1-27-fix-build-warnings.patch
|
|||||||
# https://github.com/intel/openlldp/pull/9
|
# https://github.com/intel/openlldp/pull/9
|
||||||
Patch28: open-lldp-v1.0.1-28-support-DSCP-selectors.patch
|
Patch28: open-lldp-v1.0.1-28-support-DSCP-selectors.patch
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1614932
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1614896 (CVE-2018-10932)
|
||||||
|
# https://github.com/intel/openlldp/pull/7
|
||||||
|
Patch29: open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch
|
||||||
|
|
||||||
BuildRequires: automake autoconf libtool
|
BuildRequires: automake autoconf libtool
|
||||||
BuildRequires: flex >= 2.5.33
|
BuildRequires: flex >= 2.5.33
|
||||||
BuildRequires: kernel-headers >= 2.6.32
|
BuildRequires: kernel-headers >= 2.6.32
|
||||||
@ -117,7 +122,9 @@ rm -f %{buildroot}%{_libdir}/liblldp_clif.la
|
|||||||
%{_libdir}/liblldp_clif.so
|
%{_libdir}/liblldp_clif.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Aug 16 2018 Petr Machata <pmachata@gmail.com> - 1.0.1-12.git036e314
|
* Tue Oct 23 2018 Petr Machata <pmachata@gmail.com> - 1.0.1-12.git036e314
|
||||||
|
- Add open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch (BZ 1614932,
|
||||||
|
1614896 (CVE-2018-10932)
|
||||||
- Add open-lldp-v1.0.1-28-support-DSCP-selectors.patch (BZ 1618377)
|
- Add open-lldp-v1.0.1-28-support-DSCP-selectors.patch (BZ 1618377)
|
||||||
|
|
||||||
* Tue Jul 24 2018 Adam Williamson <awilliam@redhat.com> - 1.0.1-11.git036e314
|
* Tue Jul 24 2018 Adam Williamson <awilliam@redhat.com> - 1.0.1-11.git036e314
|
||||||
|
|||||||
49
open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch
Normal file
49
open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
From cf3f54d1883e5bc23e4c4006a63e1dde88684013 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Aaron Conole <aconole@redhat.com>
|
||||||
|
Date: Thu, 21 Jun 2018 13:28:48 -0400
|
||||||
|
Subject: [PATCH] basman_clif: print the OID properly
|
||||||
|
|
||||||
|
When invoking the lldp tool to view the management information, the display
|
||||||
|
for the OID is printed as the actual binary bits, rather than the
|
||||||
|
OID dotted-notation form.
|
||||||
|
|
||||||
|
This change will display the OID as expected.
|
||||||
|
|
||||||
|
Signed-off-by: Aaron Conole <aconole@redhat.com>
|
||||||
|
---
|
||||||
|
lldp_basman_clif.c | 18 ++++++++++++++++--
|
||||||
|
1 file changed, 16 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lldp_basman_clif.c b/lldp_basman_clif.c
|
||||||
|
index 7dba9d2..abd152d 100644
|
||||||
|
--- a/lldp_basman_clif.c
|
||||||
|
+++ b/lldp_basman_clif.c
|
||||||
|
@@ -272,8 +272,15 @@ void print_mng_addr(u16 len, char *info)
|
||||||
|
memset(buf, 0, sizeof(buf));
|
||||||
|
if (hexstr2bin(info+offset, (u8 *)&buf, oidlen))
|
||||||
|
printf("\tOID: Error parsing OID\n");
|
||||||
|
- else
|
||||||
|
- printf("\tOID: %s\n", buf);
|
||||||
|
+ else {
|
||||||
|
+ printf("\tOID: 0.");
|
||||||
|
+ for (i = 0; i < oidlen; ++i) {
|
||||||
|
+ printf("%d", buf[i]);
|
||||||
|
+ if (i != (oidlen - 1))
|
||||||
|
+ printf(".");
|
||||||
|
+ }
|
||||||
|
+ printf("\n");
|
||||||
|
+ }
|
||||||
|
} else if (oidlen > 128) {
|
||||||
|
printf("\tOID: Invalid length = %d\n", oidlen);
|
||||||
|
}
|
||||||
|
@@ -310,3 +317,10 @@ u32 basman_lookup_tlv_name(char *tlvid_str)
|
||||||
|
}
|
||||||
|
return INVALID_TLVID;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/* Local Variables: */
|
||||||
|
+/* c-indent-level: 8 */
|
||||||
|
+/* c-basic-offset: 8 */
|
||||||
|
+/* tab-width: 8 */
|
||||||
|
+/* indent-tabs-mode: t */
|
||||||
|
+/* End: */
|
||||||
Loading…
Reference in New Issue
Block a user