[OpenWrt-Devel] [PATCH 18.06] libubox: backport security patches

Hauke Mehrtens hauke at hauke-m.de
Mon Jan 27 13:48:08 EST 2020 

On 1/26/20 4:55 PM, Hauke Mehrtens wrote:
> This backports some security relevant patches from libubox master. These
> patches should not change the existing API and ABI so that old
> applications still work like before without any recompilation.
> Application can not also use more secure APIs.
> 
> The new more secure interfaces are also available but not used.
> 
> OpenWrt master and 19.07.0 already have these patches by using a more
> recent libubox version.
> 
> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
> ---
> 
> This should not change the libubox ABI, but backports most of the 
> changes which are in master.
> 
> I hope I didn't miss anything important.
> 
>  package/libs/libubox/Makefile                 |   2 +-
>  ...-possible-uninitialized-struct-membe.patch |  39 +++++
>  ...hn-fix-off-by-one-in-jshn_parse_file.patch |  39 +++++
>  ...-attr-parsing-into-separate-function.patch |  97 +++++++++++
>  ...-blob-introduce-blob_parse_untrusted.patch |  78 +++++++++
>  ...ob-fix-OOB-access-in-blob_check_type.patch |  78 +++++++++
>  ...eap-buffer-overflow-in-blobmsg_parse.patch |  32 ++++
>  ...-length-check-does-not-perform-out-o.patch |  51 ++++++
>  ...lobmsg_check_attr-by-blobmsg_check_a.patch | 132 +++++++++++++++
>  ...-variants-for-all-attribute-checking.patch | 157 ++++++++++++++++++
>  ...x-array-out-of-bounds-GCC-10-warning.patch |  39 +++++
>  ...g-payload-len-passed-from-blobmsg_ch.patch |  38 +++++
>  .../0012-jshn-prefer-snprintf-usage.patch     |  61 +++++++
>  ...msg-blobmsg_vprintf-prefer-vsnprintf.patch |  38 +++++
>  ...blobmsg_json-fix-int16-serialization.patch |  41 +++++
>  ...5-blobmsg_json-prefer-snprintf-usage.patch |  66 ++++++++
>  ...parse-and-blobmsg_parse_array-oob-re.patch | 110 ++++++++++++
>  ...b-Check-remaining-size-in-blob_parse.patch |  28 ++++
>  18 files changed, 1125 insertions(+), 1 deletion(-)
>  create mode 100644 package/libs/libubox/patches/0001-blobmsg_json-fix-possible-uninitialized-struct-membe.patch
>  create mode 100644 package/libs/libubox/patches/0002-jshn-fix-off-by-one-in-jshn_parse_file.patch
>  create mode 100644 package/libs/libubox/patches/0003-blob-refactor-attr-parsing-into-separate-function.patch
>  create mode 100644 package/libs/libubox/patches/0004-blob-introduce-blob_parse_untrusted.patch
>  create mode 100644 package/libs/libubox/patches/0005-blob-fix-OOB-access-in-blob_check_type.patch
>  create mode 100644 package/libs/libubox/patches/0006-blobmsg-fix-heap-buffer-overflow-in-blobmsg_parse.patch
>  create mode 100644 package/libs/libubox/patches/0007-Ensure-blob_attr-length-check-does-not-perform-out-o.patch
>  create mode 100644 package/libs/libubox/patches/0008-Replace-use-of-blobmsg_check_attr-by-blobmsg_check_a.patch
>  create mode 100644 package/libs/libubox/patches/0009-blobmsg-add-_len-variants-for-all-attribute-checking.patch
>  create mode 100644 package/libs/libubox/patches/0010-blobmsg-fix-array-out-of-bounds-GCC-10-warning.patch
>  create mode 100644 package/libs/libubox/patches/0011-blobmsg-fix-wrong-payload-len-passed-from-blobmsg_ch.patch
>  create mode 100644 package/libs/libubox/patches/0012-jshn-prefer-snprintf-usage.patch
>  create mode 100644 package/libs/libubox/patches/0013-blobmsg-blobmsg_vprintf-prefer-vsnprintf.patch
>  create mode 100644 package/libs/libubox/patches/0014-blobmsg_json-fix-int16-serialization.patch
>  create mode 100644 package/libs/libubox/patches/0015-blobmsg_json-prefer-snprintf-usage.patch
>  create mode 100644 package/libs/libubox/patches/0016-blobmsg-blobmsg_parse-and-blobmsg_parse_array-oob-re.patch
>  create mode 100644 package/libs/libubox/patches/0017-blob-Check-remaining-size-in-blob_parse.patch
> 

I would drop the last patch
0017-blob-Check-remaining-size-in-blob_parse.patch and then apply this
to 18.06.

Hauke


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20200127/66b84ca3/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list