From patchwork Mon May 12 16:32:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dario Binacchi X-Patchwork-Id: 3997 Return-Path: X-Original-To: linux-amarula@patchwork.amarulasolutions.com Delivered-To: linux-amarula@patchwork.amarulasolutions.com Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by ganimede.amarulasolutions.com (Postfix) with ESMTPS id B37FC3FA62 for ; Mon, 12 May 2025 18:33:01 +0200 (CEST) Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-442d472cf84sf21300535e9.2 for ; Mon, 12 May 2025 09:33:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1747067581; cv=pass; d=google.com; s=arc-20240605; b=YUfEFrsfC53cjKcPEGu55yw61udeykOmstgh5NP7umytaAoIdrBLbMiSFBwjb+ZqHN 2zrFaolbm2l0WWG4hIcavKbcwlP8wmc2cyicsiMf1XVxFZCK+Zi6MeZQ48eFyZsHVKGX 0CpA8DhmufOAo1saTgPlqSw5/rnppBcLCSNc94bdKlOciq9JlRMEqRyY+Rn9Lv+vEdZh +Z7nge5w0+wsjyz2nZ53g8RFYWTJGkb4DnOwoTJRwK//4mKk+tbdF3Um6CVR7V7d8w0m wk6/KGM7O+SqIbfgOuj9SF+lN52W4v6iJlZmP9/j1yWy5fihRSlarZIPCwo22FFE53oQ WfBA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=7ZPtPq/ZbNEKTAVTtiNvrl7pV0CLrP/mPjRLZu10F4g=; fh=2pzhqLEjC5PKjSk0s7yN8/7siFH8BgHxx3SEnwPoFKw=; b=fmqxAQ+H8kouOrUeRUOSjvqVmQlHmMvOtVEMbNCe90lGiLAF8oJs80VM1XuZ8kzsZe mOppwW/nP0yf5z8oUKVP5Omdp7ykSTh4P6XIPQz3kof0wjxnCepDES3gUW2fdLsi1Ced DSS69xXZxbQ4mElSPGGqsmjG6tLxlC85IMWiht75Iz2D+3pD/HSbFBv1RTNx0t2fUCL7 s+IQCaSk2wK5x6P/51tgzXobHGV6qz7EmfhmaWuQwDs7RhYbKNNubIw0e/6WqKrbOKe+ uhMcLEGoIIzN34LNU0zQ+tAcZ659P4MTxRYDsb4ycYaZbg1Aeh5U3bFWIx4FfgpmGniD RCsw==; darn=patchwork.amarulasolutions.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=BzI1bx1U; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com; dara=pass header.i=@amarulasolutions.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amarulasolutions.com; s=google; t=1747067581; x=1747672381; darn=patchwork.amarulasolutions.com; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=7ZPtPq/ZbNEKTAVTtiNvrl7pV0CLrP/mPjRLZu10F4g=; b=JgQ4PO32uJaK8EPm+oWfRFOfsFxOz9cMkSDlvXMZ/eM6So+N4pLMaTAyf0gK2G8RN6 UmL//DrOMyzJluq2u9Rw6bDIqLNJC0pfHBivWsQYUMv0fkIlKRj1bxzBkESFIeJMzvQd obtTrpqoIp5r6zg4tQbUoZDKPrNjWCJvlyyNM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747067581; x=1747672381; h=list-unsubscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7ZPtPq/ZbNEKTAVTtiNvrl7pV0CLrP/mPjRLZu10F4g=; b=lUStgM8GrHA835VOls7L/g798ys7Gm+o/gfQy0HqKOQJ9b8TIeM5wAvkEhHy5qTfgo TttmaEMg5oId7rLDV6ATOj1SpO8uf9B13WAJ92A+J6e5oVUkyDwx3tHKiEYPuEZ+Wu6H suD95iHNi7Is3RdyBVkxR5I/ZxfXfGcpxTPO6CELLhPmGJ1j0CvYD9yu10/KuP12eFRB tyom4gp127rLxJILXUKtWY0j09miylf8X9hMqFH7FWNgHilz6Ur3S5659D9eonJlcLCi xjLUTAXV0HRhsyz4PPrrtXL7Mdd1L9mlsWbLFlLWRBMId2qrHUgX3Pm6RKgAr7cSpghM KG4g== X-Forwarded-Encrypted: i=2; AJvYcCXUl22tW99W2uZIQLkght4ZAU274LUouHi1/bfCEvA64DcQWcCtkgAnFFbzhhtUBEPKJrMfbPrGr7S3tVJr@patchwork.amarulasolutions.com X-Gm-Message-State: AOJu0YzUlmb1olIWQFOp/rCT/i12KRP+OGPaNb777e4qbPEh5XVgIEp+ HnOdcwmCnc/Fi59TH8yZOI26CgeNXt+wrIqUeEAuV0RRVGe/tpbePGlEQpSp0nZYqw== X-Google-Smtp-Source: AGHT+IGfwi3JD5f5SMv1YS4vk7JSfdIuCpiP2prLfui6tfBC6PF5Rx+WvRf8eT/Y7QYzVbErzfos/A== X-Received: by 2002:a05:600c:820f:b0:43d:585f:ebf5 with SMTP id 5b1f17b1804b1-442d6d18a60mr105289195e9.1.1747067581317; Mon, 12 May 2025 09:33:01 -0700 (PDT) X-BeenThere: linux-amarula@amarulasolutions.com; h=AVT/gBE7Yr1BBqQ21T5K0xZY8TVmoWJK7XnHJdXctVFsSOHJvQ== Received: by 2002:a05:600c:348c:b0:43c:f75a:eb4a with SMTP id 5b1f17b1804b1-442d045cbd8ls1870075e9.1.-pod-prod-08-eu; Mon, 12 May 2025 09:32:59 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXizLjRj3Bbq2kNdZQUrOoEkfUI26ySwwy7WvikeTxKEfORvjIozCOTnXD6dMiZC+4xnCcInywvULBMIh2t@amarulasolutions.com X-Received: by 2002:a05:600c:820f:b0:43d:585f:ebf5 with SMTP id 5b1f17b1804b1-442d6d18a60mr105288055e9.1.1747067579015; Mon, 12 May 2025 09:32:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1747067579; cv=none; d=google.com; s=arc-20240605; b=VDZLdJXKdftE8650treEXTNoytw3cr25ViLvs6y0xyz4OXep+mJ7SMMB0y/BzTpmJk oHMwDI8mVu9MQIfKfVm/j7fif30h8jhDZYiPYX9YX7rAIVa8pMiF6zbDILo6E9v/fSfg eymoenYBGGRL7Upt8jCdejlVZVddgwaKfikfezgCg3TzZzs0mmdnCsu+i7E+Y+TJv8ks YE8y0MkgVexXCSBRA/sqKejlRI/58tIEEOmOkj2CLiLGq75Crloimbqq5HYf1lIBm8mL 2RsnIA4KjYQt3+PiQKd6n190TI/IF6Ji+qwUesXmvsjoNoLVgWQTIWug+IP0Z+R2mpZ7 iM7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=YEa03FqY5L3v5k0GSOWtc4NucMujEp7WOMjzZ5gc+h8=; fh=RQ/KCRc+135rVoL+n3V/z/r+M7hh17YUxoIXrYrgTno=; b=DMSFB/iL2KfEUs0KWAg261y30V9A06/Tgr15OHpF32/uogtFATXFDMIOA8hmUXiFL9 DpU6EhgrJYT41p/x7QCckyvt6BCmq8QF7WCMvGwSvlG/fseQ1n9VpQsFllsFm/V2QVlh dKCcgjyHCVBR3vGIQbTNPJ9UIUlw6r3L6SdW+stqqOVkV0p5CgwcN4KQ7lUo+z95whsb kMs6AL7lONiSSAa0K8/CxDEaqOAFprdW3IGmoq0B1ASXQrvfQN4WmJ5zfKD6uexfVRWM e3+Lx2jQ2XvQYDjFBrD9sgdAeb/rzopVuabbNnkhaAamuLj5AtjRGFitT5nkOd49yjqE HNsg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=BzI1bx1U; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com; dara=pass header.i=@amarulasolutions.com Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id 5b1f17b1804b1-442d686070dsor23761125e9.8.2025.05.12.09.32.58 for (Google Transport Security); Mon, 12 May 2025 09:32:58 -0700 (PDT) Received-SPF: pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; X-Forwarded-Encrypted: i=1; AJvYcCVDG7HUO3+ZyoetpDWHU0NfaHeCLisFbhjY7XkKxZAOiAA1rSAJoToxixgCUmNGo1/kvUgXOD3shksqSGnK@amarulasolutions.com X-Gm-Gg: ASbGncs+PbUCZ+oazm6R0AMWb6uSRCM4IvjkEHnfphgfqdFPOH9ECKDhGCcOqajXVkz rjMiH9jZxHL/yvb3N60dzlHg2xLK8y3QGeyGDuB8HSr3iwvDubExPZvqlRMRkHRYRwhdGjqf6/1 1i8ZjL71o4/8Y2ZicRjBZvhh9pKfATr4sawMWQibcItfTBGuRaWmBVS/JUoQliXEULnWVRT5nu1 b6i/4CCL4WSxDOm1qQ3UBjZyVCoJmQQMqSNpP742EdaxcTGDecP6lhE9NKdAofUUsAEgk+kNqd4 yXt/1YjjFp1GYDBAoVzMbVEg3LVOplSIUUHy5rcqdERyu+FxSPW1VhH5YMZtKo9DJVz4QdWTF+5 J1ANJ+9B7xadP6RQoTNOfh5JOU+JPx8H/FN3akPvM6DnhL2wXe01g7PsO1A== X-Received: by 2002:a05:600c:3483:b0:43c:f44c:72b7 with SMTP id 5b1f17b1804b1-442d6d44b23mr118342545e9.14.1747067578611; Mon, 12 May 2025 09:32:58 -0700 (PDT) Received: from dario-ThinkPad-T14s-Gen-2i.fritz.box (p5b26784b.dip0.t-ipconnect.de. [91.38.120.75]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-442ea367102sm8041055e9.3.2025.05.12.09.32.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 May 2025 09:32:58 -0700 (PDT) From: Dario Binacchi To: buildroot@buildroot.org Cc: Martin Bark , linux-amarula@amarulasolutions.com, Dario Binacchi Subject: [PATCH 2/2] package/connman: fix CVE-2025-32743 Date: Mon, 12 May 2025 18:32:53 +0200 Message-ID: <20250512163253.1521000-2-dario.binacchi@amarulasolutions.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250512163253.1521000-1-dario.binacchi@amarulasolutions.com> References: <20250512163253.1521000-1-dario.binacchi@amarulasolutions.com> MIME-Version: 1.0 X-Original-Sender: dario.binacchi@amarulasolutions.com X-Original-Authentication-Results: mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=BzI1bx1U; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com; dara=pass header.i=@amarulasolutions.com Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list linux-amarula@amarulasolutions.com; contact linux-amarula+owners@amarulasolutions.com List-ID: X-Spam-Checked-In-Group: linux-amarula@amarulasolutions.com X-Google-Group-Id: 476853432473 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations. Signed-off-by: Dario Binacchi --- ...L-empty-lookup-causing-potential-cra.patch | 46 +++++++++++++++++++ package/connman/connman.mk | 3 ++ 2 files changed, 49 insertions(+) create mode 100644 package/connman/0001-dnsproxy-Fix-NULL-empty-lookup-causing-potential-cra.patch diff --git a/package/connman/0001-dnsproxy-Fix-NULL-empty-lookup-causing-potential-cra.patch b/package/connman/0001-dnsproxy-Fix-NULL-empty-lookup-causing-potential-cra.patch new file mode 100644 index 000000000000..9c1274e43ce5 --- /dev/null +++ b/package/connman/0001-dnsproxy-Fix-NULL-empty-lookup-causing-potential-cra.patch @@ -0,0 +1,46 @@ +From d90b911f6760959bdf1393c39fe8d1118315490f Mon Sep 17 00:00:00 2001 +From: Praveen Kumar +Date: Thu, 24 Apr 2025 11:39:29 +0000 +Subject: [PATCH] dnsproxy: Fix NULL/empty lookup causing potential crash + +In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c +can be NULL or an empty string when the TC (Truncated) bit is set in +a DNS response. This allows attackers to cause a denial of service +(application crash) or possibly execute arbitrary code, because those +lookup values lead to incorrect length calculations and incorrect +memcpy operations. + +This patch includes a check to make sure loookup value is valid before +using it. This helps avoid unexpected value when the input is empty or +incorrect. + +Fixes: CVE-2025-32743 + +Signed-off-by: Dario Binacchi +Upstream: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f +--- + src/dnsproxy.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/dnsproxy.c b/src/dnsproxy.c +index f28a5d7551a4..7ee26d9ff886 100644 +--- a/src/dnsproxy.c ++++ b/src/dnsproxy.c +@@ -1685,8 +1685,13 @@ static int ns_resolv(struct server_data *server, struct request_data *req, + gpointer request, gpointer name) + { + int sk = -1; ++ int err; + const char *lookup = (const char *)name; +- int err = ns_try_resolv_from_cache(req, request, lookup); ++ ++ if (!lookup || strlen(lookup) == 0) ++ return -EINVAL; ++ ++ err = ns_try_resolv_from_cache(req, request, lookup); + + if (err > 0) + /* cache hit */ +-- +2.43.0 + diff --git a/package/connman/connman.mk b/package/connman/connman.mk index 2c5be8252c6e..5d515c296319 100644 --- a/package/connman/connman.mk +++ b/package/connman/connman.mk @@ -13,6 +13,9 @@ CONNMAN_LICENSE = GPL-2.0 CONNMAN_LICENSE_FILES = COPYING CONNMAN_CPE_ID_VENDOR = intel +# 0001-dnsproxy-Fix-NULL-empty-lookup-causing-potential-cra.patch +CONNMAN_IGNORE_CVES += CVE-2025-32743 + CONNMAN_CONF_OPTS = --with-dbusconfdir=/etc ifeq ($(BR2_INIT_SYSTEMD),y)