* [Buildroot] [PATCH 1/1] package/tinyproxy: fix CVE-2022-40468
@ 2022-09-24 17:34 Fabrice Fontaine
2022-09-24 21:40 ` Thomas Petazzoni
2022-09-30 15:41 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-09-24 17:34 UTC (permalink / raw)
To: buildroot; +Cc: Alexander Mukhin, Fabrice Fontaine
Tinyproxy commit 84f203f and earlier does not process HTTP request lines
in the process_request() function and is using uninitialized buffers.
This vulnerability allows attackers to access sensitive information at
system runtime.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...up-in-error-page-in-invalid-requests.patch | 32 +++++++++++++++++++
package/tinyproxy/tinyproxy.mk | 3 ++
2 files changed, 35 insertions(+)
create mode 100644 package/tinyproxy/0001-prevent-junk-from-showing-up-in-error-page-in-invalid-requests.patch
diff --git a/package/tinyproxy/0001-prevent-junk-from-showing-up-in-error-page-in-invalid-requests.patch b/package/tinyproxy/0001-prevent-junk-from-showing-up-in-error-page-in-invalid-requests.patch
new file mode 100644
index 0000000000..da9c21a41a
--- /dev/null
+++ b/package/tinyproxy/0001-prevent-junk-from-showing-up-in-error-page-in-invalid-requests.patch
@@ -0,0 +1,32 @@
+From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Thu, 8 Sep 2022 15:18:04 +0000
+Subject: [PATCH] prevent junk from showing up in error page in invalid
+ requests
+
+fixes #457
+
+[Retrieved from:
+https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/reqs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/reqs.c b/src/reqs.c
+index bce69819..45db118d 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
+ goto fail;
+ }
+
++ /* zero-terminate the strings so they don't contain junk in error page */
++ request->method[0] = url[0] = request->protocol[0] = 0;
++
+ ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
+ request->method, url, request->protocol);
++
+ if (ret == 2 && !strcasecmp (request->method, "GET")) {
+ request->protocol[0] = 0;
+
diff --git a/package/tinyproxy/tinyproxy.mk b/package/tinyproxy/tinyproxy.mk
index 6b5a3f9625..e91a886888 100644
--- a/package/tinyproxy/tinyproxy.mk
+++ b/package/tinyproxy/tinyproxy.mk
@@ -11,4 +11,7 @@ TINYPROXY_LICENSE = GPL-2.0+
TINYPROXY_LICENSE_FILES = COPYING
TINYPROXY_CPE_ID_VENDOR = tinyproxy_project
+# 0001-prevent-junk-from-showing-up-in-error-page-in-invalid-requests.patch
+TINYPROXY_IGNORE_CVES += CVE-2022-40468
+
$(eval $(autotools-package))
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [Buildroot] [PATCH 1/1] package/tinyproxy: fix CVE-2022-40468
2022-09-24 17:34 [Buildroot] [PATCH 1/1] package/tinyproxy: fix CVE-2022-40468 Fabrice Fontaine
@ 2022-09-24 21:40 ` Thomas Petazzoni
2022-09-30 15:41 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2022-09-24 21:40 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Alexander Mukhin, buildroot
On Sat, 24 Sep 2022 19:34:14 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> Tinyproxy commit 84f203f and earlier does not process HTTP request lines
> in the process_request() function and is using uninitialized buffers.
> This vulnerability allows attackers to access sensitive information at
> system runtime.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...up-in-error-page-in-invalid-requests.patch | 32 +++++++++++++++++++
> package/tinyproxy/tinyproxy.mk | 3 ++
> 2 files changed, 35 insertions(+)
> create mode 100644 package/tinyproxy/0001-prevent-junk-from-showing-up-in-error-page-in-invalid-requests.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/tinyproxy: fix CVE-2022-40468
2022-09-24 17:34 [Buildroot] [PATCH 1/1] package/tinyproxy: fix CVE-2022-40468 Fabrice Fontaine
2022-09-24 21:40 ` Thomas Petazzoni
@ 2022-09-30 15:41 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-09-30 15:41 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Alexander Mukhin, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Tinyproxy commit 84f203f and earlier does not process HTTP request lines
> in the process_request() function and is using uninitialized buffers.
> This vulnerability allows attackers to access sensitive information at
> system runtime.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.02.x, 2022.05.x and 2022.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-30 15:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-24 17:34 [Buildroot] [PATCH 1/1] package/tinyproxy: fix CVE-2022-40468 Fabrice Fontaine
2022-09-24 21:40 ` Thomas Petazzoni
2022-09-30 15:41 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox