commit: 048b1381de72db7437e5c7643bb2c72fa56cc930 Author: Rick Farina <zerochaos <AT> gentoo <DOT> org> AuthorDate: Wed Mar 16 20:53:38 2022 +0000 Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org> CommitDate: Wed Mar 16 20:54:29 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=048b1381
net-wireless/rtl_433: add CVE fix patch to 21.12 Bug: https://bugs.gentoo.org/834454 Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org> net-wireless/rtl_433/files/rtl_433-21.12-CVE.patch | 55 ++++++++++++++++++++++ net-wireless/rtl_433/rtl_433-21.12.ebuild | 4 ++ 2 files changed, 59 insertions(+) diff --git a/net-wireless/rtl_433/files/rtl_433-21.12-CVE.patch b/net-wireless/rtl_433/files/rtl_433-21.12-CVE.patch new file mode 100644 index 000000000000..1ce26c468e87 --- /dev/null +++ b/net-wireless/rtl_433/files/rtl_433-21.12-CVE.patch @@ -0,0 +1,55 @@ +From 2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8 Mon Sep 17 00:00:00 2001 +From: "Christian W. Zuckschwerdt" <[email protected]> +Date: Mon, 24 Jan 2022 15:53:20 +0100 +Subject: [PATCH] minor: Fix overflow in Clipsal-CMR113 and Somfy-IOHC reported + by aug5t7 + +--- + src/devices/cmr113.c | 4 ++-- + src/devices/somfy_iohc.c | 9 +++++---- + 2 files changed, 7 insertions(+), 6 deletions(-) + +diff --git a/src/devices/cmr113.c b/src/devices/cmr113.c +index c85dfac56..19ec5d421 100644 +--- a/src/devices/cmr113.c ++++ b/src/devices/cmr113.c +@@ -42,8 +42,8 @@ Kudos to Jon Oxer for decoding this stream and putting it here: + + */ + +-#define COMPARE_BITS 83 +-#define COMPARE_BYTES (COMPARE_BITS/8) ++#define COMPARE_BITS 83 ++#define COMPARE_BYTES ((COMPARE_BITS + 7) / 8) + + static int cmr113_decode(r_device *decoder, bitbuffer_t *bitbuffer) + { +diff --git a/src/devices/somfy_iohc.c b/src/devices/somfy_iohc.c +index 906cae53e..2c88067b5 100644 +--- a/src/devices/somfy_iohc.c ++++ b/src/devices/somfy_iohc.c +@@ -100,11 +100,12 @@ static int somfy_iohc_decode(r_device *decoder, bitbuffer_t *bitbuffer) + if (bitbuffer->num_rows != 1) + return DECODE_ABORT_EARLY; + +- int offset = bitbuffer_search(bitbuffer, 0, 0, preamble_pattern, 24) + 24; +- if (offset >= bitbuffer->bits_per_row[0] - 19 * 10) ++ unsigned offset = bitbuffer_search(bitbuffer, 0, 0, preamble_pattern, 24) + 24; ++ if (offset + 19 * 10 >= bitbuffer->bits_per_row[0]) + return DECODE_ABORT_EARLY; + +- int num_bits = bitbuffer->bits_per_row[0] - offset; ++ unsigned num_bits = bitbuffer->bits_per_row[0] - offset; ++ num_bits = MIN(num_bits, sizeof (b) * 8); + + int len = extract_bytes_uart(bitbuffer->bb[0], offset, num_bits, b); + if (len < 19) +@@ -120,7 +121,7 @@ static int somfy_iohc_decode(r_device *decoder, bitbuffer_t *bitbuffer) + // calculate and verify checksum + if (crc16lsb(b, len, 0x8408, 0x0000) != 0) // unreflected poly 0x1021 + return DECODE_FAIL_MIC; +- bitrow_printf(b, len * 8, "%s: offset %d, num_bits %d, len %d, msg_len %d\n", __func__, offset, num_bits, len, msg_len); ++ bitrow_printf(b, len * 8, "%s: offset %u, num_bits %u, len %d, msg_len %d\n", __func__, offset, num_bits, len, msg_len); + + int msg_type = (b[0]); + int dst_id = ((unsigned)b[4] << 24) | (b[3] << 16) | (b[2] << 8) | (b[1]); // assume Little-Endian diff --git a/net-wireless/rtl_433/rtl_433-21.12.ebuild b/net-wireless/rtl_433/rtl_433-21.12.ebuild index 1af88f9c6024..61394dce0c3e 100644 --- a/net-wireless/rtl_433/rtl_433-21.12.ebuild +++ b/net-wireless/rtl_433/rtl_433-21.12.ebuild @@ -27,6 +27,10 @@ RDEPEND="${DEPEND}" # https://github.com/merbanan/rtl_433/issues/2010 RESTRICT="test" +PATCHES=( + "${FILESDIR}/${P}-CVE.patch" +) + src_configure() { mycmakeargs=( -DENABLE_RTLSDR="$(usex rtlsdr)"
