CVE-2009-1185: udev did not check the origin of the netlink
messages. A local attacker could fake device create events
and so gain root privileges.
More information on:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/udev-096-netif_rename.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/udev-CVE-2009-1186.patch
ifeq "$(LFS_PASS)" "install"
cd $(DIR_APP) && make DESTDIR=/install/initrd sbindir=/sbin udevdir=/dev
cd $(DIR_APP) && make DESTDIR=/install/initrd sbindir=/sbin udevdir=/dev install
--- /dev/null
+--- udev-141/udev/lib/libudev-util.c.CVE-2009-1186 2009-04-08 09:04:26.000000000 -0400
++++ udev-141/udev/lib/libudev-util.c 2009-04-15 13:25:10.000000000 -0400
+@@ -9,6 +9,7 @@
+ * version 2.1 of the License, or (at your option) any later version.
+ */
+
++#include <stdint.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <stddef.h>
+@@ -103,6 +104,9 @@ int util_log_priority(const char *priori
+
+ size_t util_path_encode(char *s, size_t len)
+ {
++ if (len == 0 || len > (SIZE_MAX - 1) / 4)
++ return 0;
++
+ char t[(len * 4)+1];
+ size_t i, j;
+