CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

phoronix-test-suite: fix CVE-2022-40704

Browse Source 
CVE fix added after latest release (10.8.4).

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Joe Slater 2023-02-08 16:54:08 -08:00 committed by Khem Raj
parent 21a0a86141
commit 32a0ff5516
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch Normal file
View File

@ -0,0 +1,46 @@
From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001
From: Michael Larabel <michael@phoronix.com>
Date: Sat, 23 Jul 2022 07:32:43 -0500
Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in
phoromatic_quit_if_invalid_input_found()
Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678
Upstream-Status: Backport
CVE: CVE-2022-40704
Reference to upstream patch:
https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640
Signed-off-by: Li Wang <li.wang@windriver.com>
---
pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php
index 74ccc5444c..c2313dcdea 100644
--- a/pts-core/phoromatic/phoromatic_functions.php
+++ b/pts-core/phoromatic/phoromatic_functions.php
@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null)
{
foreach($input_keys as $key)
{
- if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key]))
+ if(isset($_GET[$key]) && !empty($_GET[$key]))
{
- foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check)
+ foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check)
+ {
+ if(stripos($val_to_check, $invalid_string) !== false)
+ {
+ echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check);
+ exit;
+ }
+ }
+ }
+ if(isset($_POST[$key]) && !empty($_POST[$key]))
+ {
+ foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check)
{
if(stripos($val_to_check, $invalid_string) !== false)
{

5
meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.4.bb
View File

@ -5,7 +5,10 @@ LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SECTION = "console/tests"
SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz"
SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz \
file://CVE-2022-40704.patch \
"
SRC_URI[sha256sum] = "1f2092d536c0a3193efc53e4a50f3cee65c0ef1a78d31e5404f1c663fff7b7f4"
S = "${WORKDIR}/phoronix-test-suite"