diff options
Diffstat (limited to 'meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch')
-rw-r--r-- | meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch b/meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch new file mode 100644 index 000000000..1b577fa33 --- /dev/null +++ b/meta-oe/recipes-support/iniparser/iniparser/CVE-2023-33461.patch | |||
@@ -0,0 +1,51 @@ | |||
1 | From ace9871f65d11b5d73f0b9ee8cf5d2807439442d Mon Sep 17 00:00:00 2001 | ||
2 | From: Antonio <antoniolrt@gmail.com> | ||
3 | Date: Fri, 2 Jun 2023 15:03:10 -0300 | ||
4 | Subject: [PATCH] Handle null return from iniparser_getstring | ||
5 | |||
6 | Fix handling of NULL returns from iniparser_getstring in | ||
7 | iniparser_getboolean, iniparser_getlongint and iniparser_getdouble, | ||
8 | avoiding a crash. | ||
9 | |||
10 | CVE: CVE-2023-33461 | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/ndevilla/iniparser/commit/ace9871f65d11b5d73f0b9ee8cf5d2807439442d] | ||
13 | |||
14 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
15 | --- | ||
16 | src/iniparser.c | 6 +++--- | ||
17 | 1 file changed, 3 insertions(+), 3 deletions(-) | ||
18 | |||
19 | diff --git a/src/iniparser.c b/src/iniparser.c | ||
20 | index f1d1658..dbceb20 100644 | ||
21 | --- a/src/iniparser.c | ||
22 | +++ b/src/iniparser.c | ||
23 | @@ -456,7 +456,7 @@ long int iniparser_getlongint(const dictionary * d, const char * key, long int n | ||
24 | const char * str ; | ||
25 | |||
26 | str = iniparser_getstring(d, key, INI_INVALID_KEY); | ||
27 | - if (str==INI_INVALID_KEY) return notfound ; | ||
28 | + if (str==NULL || str==INI_INVALID_KEY) return notfound ; | ||
29 | return strtol(str, NULL, 0); | ||
30 | } | ||
31 | |||
32 | @@ -511,7 +511,7 @@ double iniparser_getdouble(const dictionary * d, const char * key, double notfou | ||
33 | const char * str ; | ||
34 | |||
35 | str = iniparser_getstring(d, key, INI_INVALID_KEY); | ||
36 | - if (str==INI_INVALID_KEY) return notfound ; | ||
37 | + if (str==NULL || str==INI_INVALID_KEY) return notfound ; | ||
38 | return atof(str); | ||
39 | } | ||
40 | |||
41 | @@ -553,7 +553,7 @@ int iniparser_getboolean(const dictionary * d, const char * key, int notfound) | ||
42 | const char * c ; | ||
43 | |||
44 | c = iniparser_getstring(d, key, INI_INVALID_KEY); | ||
45 | - if (c==INI_INVALID_KEY) return notfound ; | ||
46 | + if (c==NULL || c==INI_INVALID_KEY) return notfound ; | ||
47 | if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { | ||
48 | ret = 1 ; | ||
49 | } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { | ||
50 | -- | ||
51 | 2.40.0 | ||