ppp: backport security fixes

[openwrt/staging/rmilecki.git] / package / network / services / ppp / patches / 700-radius-Prevent-buffer-overflow-in-rc_mksid.patch

diff --git a/package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch b/package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch
new file mode 100644 (file)
index 0000000..1c5722e
--- /dev/null
+++ b/package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch
@@ -0,0 +1,30 @@
+From 858976b1fc3107f1261aae337831959b511b83c2 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Sat, 4 Jan 2020 12:01:32 +1100
+Subject: [PATCH] radius: Prevent buffer overflow in rc_mksid()
+
+On some systems getpid() can return a value greater than 65535.
+Increase the size of buf[] to allow for this, and use slprintf()
+to make sure we never overflow it.
+
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/plugins/radius/util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/plugins/radius/util.c b/pppd/plugins/radius/util.c
+index 6f976a712951..740131e8377c 100644
+--- a/pppd/plugins/radius/util.c
++++ b/pppd/plugins/radius/util.c
+@@ -73,9 +73,9 @@ void rc_mdelay(int msecs)
+ char *
+ rc_mksid (void)
+ {
+-  static char buf[15];
++  static char buf[32];
+   static unsigned short int cnt = 0;
+-  sprintf (buf, "%08lX%04X%02hX",
++  slprintf(buf, sizeof(buf), "%08lX%04X%02hX",
+          (unsigned long int) time (NULL),
+          (unsigned int) getpid (),
+          cnt & 0xFF);