From 89febde3b70a35ed9ee4021c6e946a9eab3f386d Mon Sep 17 00:00:00 2001
From: Stefan Schmidt <stefan.schmidt@huawei.com>
Date: Mon, 6 Sep 2021 17:13:50 +0200
Subject: [PATCH] wpantund: Add patch to fix CVE-2021-33889

The patch is pending in the upstream PR queue for a while now. Include
it here until its merged upstream and we can update.

Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
---
 .../openthread/wpantund/CVE-2021-33889.patch  | 29 +++++++++++++++++++
 .../openthread/wpantund_git.bb                |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta-ohos-staging/recipes-connectivity/openthread/wpantund/CVE-2021-33889.patch

diff --git a/meta-ohos-staging/recipes-connectivity/openthread/wpantund/CVE-2021-33889.patch b/meta-ohos-staging/recipes-connectivity/openthread/wpantund/CVE-2021-33889.patch
new file mode 100644
index 00000000..4e7f379c
--- /dev/null
+++ b/meta-ohos-staging/recipes-connectivity/openthread/wpantund/CVE-2021-33889.patch
@@ -0,0 +1,29 @@
+CVE: CVE-2021-33889
+Upstream-Status: Submitted [https://github.com/openthread/wpantund/pull/503]
+Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
+
+From 2b6f6c54bba3ab397f0e83f9d5e9faee905ac559 Mon Sep 17 00:00:00 2001
+From: dot11monk <mitisgod@gmail.com>
+Date: Mon, 28 Jun 2021 10:31:44 +0530
+Subject: [PATCH] Fixed stack-buffer-overflow in metric_len
+
+---
+ src/ncp-spinel/SpinelNCPInstance.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ncp-spinel/SpinelNCPInstance.cpp b/src/ncp-spinel/SpinelNCPInstance.cpp
+index e6d68ad..fee0f0a 100644
+--- a/src/ncp-spinel/SpinelNCPInstance.cpp
++++ b/src/ncp-spinel/SpinelNCPInstance.cpp
+@@ -2177,7 +2177,7 @@ unpack_link_metrics_as_val_map(const uint8_t *data_in, spinel_size_t data_len, V
+ 	spinel_ssize_t len;
+ 	uint8_t metric_type;
+ 	uint8_t *metric_ptr = NULL;
+-	uint16_t metric_len = 0;
++	uint32_t metric_len = 0;
+ 	int ret = kWPANTUNDStatus_Failure;
+ 
+ 	while (data_len > 0) {
+-- 
+2.31.1
+
diff --git a/meta-ohos-staging/recipes-connectivity/openthread/wpantund_git.bb b/meta-ohos-staging/recipes-connectivity/openthread/wpantund_git.bb
index 2e94ec40..f04e9860 100644
--- a/meta-ohos-staging/recipes-connectivity/openthread/wpantund_git.bb
+++ b/meta-ohos-staging/recipes-connectivity/openthread/wpantund_git.bb
@@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e7820bc7f7d1638a6b54fc2e8d7fb103 \
                     "
 
 SRC_URI = "gitsm://github.com/openthread/wpantund.git;protocol=https \
+           file://CVE-2021-33889.patch \
            "
 # CVE-2020-8916 has been fixed in commit
 # 3f108441e23e033b936e85be5b6877dd0a1fbf1c which is included in the SRCREV
-- 
GitLab