diff options
author | Ashish Sharma <asharma@mvista.com> | 2024-03-12 19:40:24 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2024-04-02 08:12:59 -0400 |
commit | bf0da59a92e9b9b10ec5e9de4f21daab7499dbd8 (patch) | |
tree | 730c732cfee3f8d91e50a9fa6e4fab52ce6af160 | |
parent | 830419a2d9dccea49e8507169151d6296b321be8 (diff) | |
download | meta-openembedded-bf0da59a92e9b9b10ec5e9de4f21daab7499dbd8.tar.gz |
c-ares: Backport fix for CVE-2024-25629
Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183]
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-25629
https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
https://security-tracker.debian.org/tracker/CVE-2024-25629
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch | 32 | ||||
-rw-r--r-- | meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | 1 |
2 files changed, 33 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch new file mode 100644 index 000000000..288763428 --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | From: a804c04ddc8245fc8adf0e92368709639125e183 Mon Sep 17 00:00:00 2001 | ||
2 | From: Brad House <brad@brad-house.com> | ||
3 | Date: Mon, 11 Mar 2024 14:29:39 +0000 | ||
4 | Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q | ||
5 | |||
6 | CVE: CVE-2024-25629 | ||
7 | Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183] | ||
8 | Signed-off-by: Ashish Sharma <asharma@mvista.com> | ||
9 | --- | ||
10 | src/lib/ares__read_line.c | 8 ++++++++ | ||
11 | 1 file changed, 8 insertions(+) | ||
12 | |||
13 | diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c | ||
14 | index c62ad2a..d6625a3 100644 | ||
15 | --- a/src/lib/ares__read_line.c | ||
16 | +++ b/src/lib/ares__read_line.c | ||
17 | @@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize) | ||
18 | if (!fgets(*buf + offset, bytestoread, fp)) | ||
19 | return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF; | ||
20 | len = offset + strlen(*buf + offset); | ||
21 | + | ||
22 | + /* Probably means there was an embedded NULL as the first character in | ||
23 | + * the line, throw away line */ | ||
24 | + if (len == 0) { | ||
25 | + offset = 0; | ||
26 | + continue; | ||
27 | + } | ||
28 | + | ||
29 | if ((*buf)[len - 1] == '\n') | ||
30 | { | ||
31 | (*buf)[len - 1] = 0; | ||
32 | -- | ||
diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index 2aa789760..b5936e1ad 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | |||
@@ -10,6 +10,7 @@ SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ | |||
10 | file://CVE-2023-31130.patch \ | 10 | file://CVE-2023-31130.patch \ |
11 | file://CVE-2023-31147.patch \ | 11 | file://CVE-2023-31147.patch \ |
12 | file://CVE-2023-32067.patch \ | 12 | file://CVE-2023-32067.patch \ |
13 | file://CVE-2024-25629.patch \ | ||
13 | " | 14 | " |
14 | SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed" | 15 | SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed" |
15 | 16 | ||