summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRick Farina <zerochaos@gentoo.org>2022-03-16 16:53:38 -0400
committerRick Farina <zerochaos@gentoo.org>2022-03-16 16:54:29 -0400
commit048b1381de72db7437e5c7643bb2c72fa56cc930 (patch)
tree2764f3012f52db94f3bcd071c94a45a80f1681f2 /net-wireless
parentnet-wireless/rtl_433: eapi and eclass bump (diff)
downloadgentoo-048b1381de72db7437e5c7643bb2c72fa56cc930.tar.gz
gentoo-048b1381de72db7437e5c7643bb2c72fa56cc930.tar.bz2
gentoo-048b1381de72db7437e5c7643bb2c72fa56cc930.zip
net-wireless/rtl_433: add CVE fix patch to 21.12
Bug: https://bugs.gentoo.org/834454 Signed-off-by: Rick Farina <zerochaos@gentoo.org>
Diffstat (limited to 'net-wireless')
-rw-r--r--net-wireless/rtl_433/files/rtl_433-21.12-CVE.patch55
-rw-r--r--net-wireless/rtl_433/rtl_433-21.12.ebuild4
2 files changed, 59 insertions, 0 deletions
diff --git a/net-wireless/rtl_433/files/rtl_433-21.12-CVE.patch b/net-wireless/rtl_433/files/rtl_433-21.12-CVE.patch
new file mode 100644
index 000000000000..1ce26c468e87
--- /dev/null
+++ b/net-wireless/rtl_433/files/rtl_433-21.12-CVE.patch
@@ -0,0 +1,55 @@
+From 2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8 Mon Sep 17 00:00:00 2001
+From: "Christian W. Zuckschwerdt" <christian@zuckschwerdt.org>
+Date: Mon, 24 Jan 2022 15:53:20 +0100
+Subject: [PATCH] minor: Fix overflow in Clipsal-CMR113 and Somfy-IOHC reported
+ by aug5t7
+
+---
+ src/devices/cmr113.c | 4 ++--
+ src/devices/somfy_iohc.c | 9 +++++----
+ 2 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/src/devices/cmr113.c b/src/devices/cmr113.c
+index c85dfac56..19ec5d421 100644
+--- a/src/devices/cmr113.c
++++ b/src/devices/cmr113.c
+@@ -42,8 +42,8 @@ Kudos to Jon Oxer for decoding this stream and putting it here:
+
+ */
+
+-#define COMPARE_BITS 83
+-#define COMPARE_BYTES (COMPARE_BITS/8)
++#define COMPARE_BITS 83
++#define COMPARE_BYTES ((COMPARE_BITS + 7) / 8)
+
+ static int cmr113_decode(r_device *decoder, bitbuffer_t *bitbuffer)
+ {
+diff --git a/src/devices/somfy_iohc.c b/src/devices/somfy_iohc.c
+index 906cae53e..2c88067b5 100644
+--- a/src/devices/somfy_iohc.c
++++ b/src/devices/somfy_iohc.c
+@@ -100,11 +100,12 @@ static int somfy_iohc_decode(r_device *decoder, bitbuffer_t *bitbuffer)
+ if (bitbuffer->num_rows != 1)
+ return DECODE_ABORT_EARLY;
+
+- int offset = bitbuffer_search(bitbuffer, 0, 0, preamble_pattern, 24) + 24;
+- if (offset >= bitbuffer->bits_per_row[0] - 19 * 10)
++ unsigned offset = bitbuffer_search(bitbuffer, 0, 0, preamble_pattern, 24) + 24;
++ if (offset + 19 * 10 >= bitbuffer->bits_per_row[0])
+ return DECODE_ABORT_EARLY;
+
+- int num_bits = bitbuffer->bits_per_row[0] - offset;
++ unsigned num_bits = bitbuffer->bits_per_row[0] - offset;
++ num_bits = MIN(num_bits, sizeof (b) * 8);
+
+ int len = extract_bytes_uart(bitbuffer->bb[0], offset, num_bits, b);
+ if (len < 19)
+@@ -120,7 +121,7 @@ static int somfy_iohc_decode(r_device *decoder, bitbuffer_t *bitbuffer)
+ // calculate and verify checksum
+ if (crc16lsb(b, len, 0x8408, 0x0000) != 0) // unreflected poly 0x1021
+ return DECODE_FAIL_MIC;
+- bitrow_printf(b, len * 8, "%s: offset %d, num_bits %d, len %d, msg_len %d\n", __func__, offset, num_bits, len, msg_len);
++ bitrow_printf(b, len * 8, "%s: offset %u, num_bits %u, len %d, msg_len %d\n", __func__, offset, num_bits, len, msg_len);
+
+ int msg_type = (b[0]);
+ int dst_id = ((unsigned)b[4] << 24) | (b[3] << 16) | (b[2] << 8) | (b[1]); // assume Little-Endian
diff --git a/net-wireless/rtl_433/rtl_433-21.12.ebuild b/net-wireless/rtl_433/rtl_433-21.12.ebuild
index 1af88f9c6024..61394dce0c3e 100644
--- a/net-wireless/rtl_433/rtl_433-21.12.ebuild
+++ b/net-wireless/rtl_433/rtl_433-21.12.ebuild
@@ -27,6 +27,10 @@ RDEPEND="${DEPEND}"
# https://github.com/merbanan/rtl_433/issues/2010
RESTRICT="test"
+PATCHES=(
+ "${FILESDIR}/${P}-CVE.patch"
+)
+
src_configure() {
mycmakeargs=(
-DENABLE_RTLSDR="$(usex rtlsdr)"