aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/ppp/APKBUILD8
-rw-r--r--main/ppp/fix-bound-check-eap.patch40
2 files changed, 47 insertions, 1 deletions
diff --git a/main/ppp/APKBUILD b/main/ppp/APKBUILD
index 260c9479e6..01e08cedb0 100644
--- a/main/ppp/APKBUILD
+++ b/main/ppp/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ppp
pkgver=2.4.8
-pkgrel=0
+pkgrel=1
pkgdesc="A daemon which implements the PPP protocol for dial-up networking"
url="https://ppp.samba.org/"
arch="all"
@@ -27,12 +27,17 @@ source="https://github.com/paulusmack/ppp/archive/ppp-$pkgver.tar.gz
0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
fix-pppd-magic.h.patch
fix-pppd-pppoe.h.patch
+ fix-bound-check-eap.patch
ip-down
ip-up
pppd.initd"
builddir="$srcdir"/$pkgname-$pkgname-$pkgver
+# secfixes:
+# 2.4.8-r1:
+# - CVE-2020-8597
+
build() {
# fix CFLAGS
@@ -169,6 +174,7 @@ sha512sums="a99b3b6c7bd80cd133bda4e29d33c793a76f3b67e1f8db774547e88932ce29564fad
b490971d03fef4de66b61123f80a0087270bcb88466ae8ed98ea9a08b35d4c7c46b2dadd304e2970a4206bb5760a14370d7e3873de6240119d88e927ecef840c 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
d1067defff79d6c9f67121a9214e41a1bcca1e3b8a345ad905d223fdb8835142bad7cc3b556a3eca509ddf51cf808741773f31f4dca74e834b612a15854a5e6b fix-pppd-magic.h.patch
d76237c82af0a3ed7ede9e814d6849b94221f1fd15e4ee68cadd33a308a32d87d635acd14f84508c9e38a10ad0a9e96ce391044da37e217d11b89a4f6631abf7 fix-pppd-pppoe.h.patch
+ba0c062f93400008ddf47897ac2ab6a2f5017bc7f4167d1a93dd3a5c04068a922490eb4082b0da80f0c3aea6c87fdfbca3568548724a0abc148588ab86a6df32 fix-bound-check-eap.patch
160260bd2a788beaac395eadb38efbfd1e0e1a458fe151555acacf2c4f3a12381d644672c664f9793db6e3459a4f05a54e3ff6d407b0d37e8014b15bd0f11bcc ip-down
8258c95a6b6e8e94d6001b5cd3a99bd3270f29ba0f2e5050a26c8d5f1b67eead8d039e71ce86a784d45e620047b0a2bb14b258d80a9ea62084ba588a4c2e2d84 ip-up
bd6f43588b037367ffdb57f5e331492dcaa5969003e219c2dc8b90e6be1aa407282ff6114b91d1379ebeff766983fa0622456520cc0ac592b4f0b1496acf21bf pppd.initd"
diff --git a/main/ppp/fix-bound-check-eap.patch b/main/ppp/fix-bound-check-eap.patch
new file mode 100644
index 0000000000..746eb70961
--- /dev/null
+++ b/main/ppp/fix-bound-check-eap.patch
@@ -0,0 +1,40 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname). This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f5..1b93db0 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+--
+2.25.0
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 11:08:59 +0000