From 3557a7b599b5b443730f8d0634a39c1694646ce3 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Thu, 14 Sep 2023 23:18:39 +0200 Subject: [PATCH] package/lldpd: fix CVE-2023-41910 An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- ...-overflow-when-parsing-CDP-addresses.patch | 24 +++++++++++++++++++ package/lldpd/lldpd.mk | 3 +++ 2 files changed, 27 insertions(+) create mode 100644 package/lldpd/0001-daemon-fix-read-overflow-when-parsing-CDP-addresses.patch diff --git a/package/lldpd/0001-daemon-fix-read-overflow-when-parsing-CDP-addresses.patch b/package/lldpd/0001-daemon-fix-read-overflow-when-parsing-CDP-addresses.patch new file mode 100644 index 0000000000..05d882a07a --- /dev/null +++ b/package/lldpd/0001-daemon-fix-read-overflow-when-parsing-CDP-addresses.patch @@ -0,0 +1,24 @@ +From a9aeabdf879c25c584852a0bb5523837632f099b Mon Sep 17 00:00:00 2001 +From: Vincent Bernat +Date: Wed, 12 Apr 2023 07:38:31 +0200 +Subject: [PATCH] daemon: fix read overflow when parsing CDP addresses + +Upstream: https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b +Signed-off-by: Fabrice Fontaine +--- + NEWS | 4 ++++ + src/daemon/protocols/cdp.c | 1 + + 2 files changed, 5 insertions(+) + +diff --git a/src/daemon/protocols/cdp.c b/src/daemon/protocols/cdp.c +index 8a1be863..42861c0e 100644 +--- a/src/daemon/protocols/cdp.c ++++ b/src/daemon/protocols/cdp.c +@@ -466,6 +466,7 @@ cdp_decode(struct lldpd *cfg, char *frame, int s, struct lldpd_hardware *hardwar + goto malformed; + } + PEEK_DISCARD(address_len); ++ addresses_len -= address_len; + (void)PEEK_SAVE(pos_next_address); + /* Next, we go back and try to extract + IPv4 address */ diff --git a/package/lldpd/lldpd.mk b/package/lldpd/lldpd.mk index dd6f8dcf5d..d4abfade81 100644 --- a/package/lldpd/lldpd.mk +++ b/package/lldpd/lldpd.mk @@ -16,6 +16,9 @@ LLDPD_LICENSE = ISC LLDPD_LICENSE_FILES = LICENSE LLDPD_CPE_ID_VENDOR = lldpd_project +# 0001-daemon-fix-read-overflow-when-parsing-CDP-addresses.patch +LLDPD_IGNORE_CVES += CVE-2023-41910 + # Detection of c99 support in configure fails without WCHAR. To enable # automatic detection of c99 support by configure, we need to enable # WCHAR in toolchain. But actually we do not need WCHAR at lldpd