首页 发现 帮助
注册 登录
PUBLIC_REPOS
/
buildroot
镜像自地址 git://git.buildroot.net/buildroot
2
1
派生 0
文件
浏览代码

package/net-tools: fix regression introduced by CVE fix

Commit [1] backported an upstream patch to address CVE-2025-46836 that
included a regression.
Upstream later fixed this regression in commit [2].

This patch add that fix to correct the issue introduced by the original
patch.

[1] 323aaa9f54 package/net-tools: add upstream security fix for CVE-2025-46836
[2] https://sourceforge.net/p/net-tools/code/ci/ddb0e375fb9ca95bb69335540b85bbdaa2714348/

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Thomas Perale 1 月之前
父节点
7006854ce1
当前提交
d3274210f9
共有 2 个文件被更改,包括 31 次插入0 次删除
分列视图 显示文件统计
  1. 30 0
      package/net-tools/0002-CVE-2025-46836-interface-statistic-regression.patch
  2. 1 0
      package/net-tools/net-tools.mk

+ 30 - 0
package/net-tools/0002-CVE-2025-46836-interface-statistic-regression.patch
查看文件 

@@ -0,0 +1,30 @@
 
+From ddb0e375fb9ca95bb69335540b85bbdaa2714348 Mon Sep 17 00:00:00 2001
 
+From: Bernd Eckenfels <net-tools@lina.inka.de>
 
+Date: Sat, 17 May 2025 21:53:23 +0200
 
+Subject: [PATCH] Interface statistic regression after 7a8f42fb2
 
+
 
+CVE: CVE-2025-46836
 
+Upstream: https://sourceforge.net/p/net-tools/code/ci/ddb0e375fb9ca95bb69335540b85bbdaa2714348/
 
+Signed-off-by: Thomas Perale <thomas.perale@mind.be>
 
+---
 
+ lib/interface.c | 5 ++---
 
+ 1 file changed, 2 insertions(+), 3 deletions(-)
 
+
 
+diff --git a/lib/interface.c b/lib/interface.c
 
+index a054f12..ca4adf1 100644
 
+--- a/lib/interface.c
 
++++ b/lib/interface.c
 
+@@ -239,12 +239,11 @@ static const char *get_name(char *name, const char *p)
 
+                 /* copy the digits */
 
+                 while (*p && isdigit((unsigned char)*p) && dst < end)
 
+                     *dst++ = *p++;
 
+-
 
+-                if (*p == ':')              /* consume trailing colon     */
 
+-                    ++p;
 
+             } else {              /* if so treat as normal */
 
+                 p = dot;
 
+             }
 
++            if (*p == ':')                  /* consume trailing colon */
 
++                ++p;
 
+             break;                          /* interface name ends here   */
 
+         }

+ 1 - 0
package/net-tools/net-tools.mk
查看文件 

@@ -13,6 +13,7 @@ NET_TOOLS_LICENSE_FILES = COPYING
 
 NET_TOOLS_CPE_ID_VALID = YES
 
 
 # 0001-CVE-2025-46836-interface.c-Stack-based-Buffer-Overfl.patch
 
+# 0002-CVE-2025-46836-interface-statistic-regression.patch
 
 NET_TOOLS_IGNORE_CVES += CVE-2025-46836
 
 
 define NET_TOOLS_CONFIGURE_CMDS