zlog: patch CVE-2024-22857

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22857 Pick the patch from the PR mentioned by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-13 21:18:18 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-14 16:18:47 +0100
commit: d9fbd8560e386abd386e3eb5f51e92d92063128b (patch)
tree: f5e175611b90f0a1420f841e076b5abb4fe3d1cd
parent: 4437919060f66eb5e21d3ec5cff57a5773cb1aad (diff)
download: meta-openembedded-d9fbd8560e386abd386e3eb5f51e92d92063128b.tar.gz
2 files changed, 32 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/zlog/zlog/CVE-2024-22857.patch b/meta-oe/recipes-extended/zlog/zlog/CVE-2024-22857.patch
new file mode 100644
index 0000000000..d5db6a12fe
--- /dev/null
+++ b/meta-oe/recipes-extended/zlog/zlog/CVE-2024-22857.patch
@@ -0,0 +1,31 @@
+From 68c712b401538abc3028ecc5071fa787f87afa7f Mon Sep 17 00:00:00 2001
+From: Ali Raza <elirazamumtaz@gmail.com>
+Date: Thu, 29 Feb 2024 11:36:25 +0500
+Subject: [PATCH] buffer overflow patched (#251)
+Thank you for the PR
+CVE: CVE-2024-22857
+Upstream-Status: Backport [https://github.com/HardySimpson/zlog/commit/c47f781a9f1e9604f5201e27d046d925d0d48ac4]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/rule.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+diff --git a/src/rule.c b/src/rule.c
+index ae3d74f..38d3fdc 100644
+--- a/src/rule.c
+++ b/src/rule.c
+@@ -866,8 +866,10 @@ zlog_rule_t *zlog_rule_new(char *line,
+                }
+                break;
+        case '$' :
+-               sscanf(file_path + 1, "%s", a_rule->record_name);
+-                       
+               // read only MAXLEN_PATH characters from the file_path + 1
+               strncpy(a_rule->record_name, file_path + 1, MAXLEN_PATH);
+               a_rule->record_name[MAXLEN_PATH] = '\0';
+               
+                if (file_limit) {  /* record path exists */
+                        p = strchr(file_limit, '"');
+                        if (!p) {
diff --git a/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb b/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb
index 7930c234d1..74a394bf52 100644
--- a/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb
+++ b/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 SRCREV = "876099f3c66033f3de11d79f63814766b1021dbe"
 SRC_URI = "git://github.com/HardySimpson/zlog;branch=master;protocol=https \
           file://0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch \
+           file://CVE-2024-22857.patch \
           "
 S = "${WORKDIR}/git"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-13 21:18:18 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-14 16:18:47 +0100
commit	d9fbd8560e386abd386e3eb5f51e92d92063128b (patch)
tree	f5e175611b90f0a1420f841e076b5abb4fe3d1cd
parent	4437919060f66eb5e21d3ec5cff57a5773cb1aad (diff)
download	meta-openembedded-d9fbd8560e386abd386e3eb5f51e92d92063128b.tar.gz

diff --git a/meta-oe/recipes-extended/zlog/zlog/CVE-2024-22857.patch b/meta-oe/recipes-extended/zlog/zlog/CVE-2024-22857.patch new file mode 100644 index 0000000000..d5db6a12fe --- /dev/null +++ b/meta-oe/recipes-extended/zlog/zlog/CVE-2024-22857.patch
@@ -0,0 +1,31 @@
		1	From 68c712b401538abc3028ecc5071fa787f87afa7f Mon Sep 17 00:00:00 2001
		2	From: Ali Raza <elirazamumtaz@gmail.com>
		3	Date: Thu, 29 Feb 2024 11:36:25 +0500
		4	Subject: [PATCH] buffer overflow patched (#251)
		5
		6	Thank you for the PR
		7
		8	CVE: CVE-2024-22857
		9	Upstream-Status: Backport [https://github.com/HardySimpson/zlog/commit/c47f781a9f1e9604f5201e27d046d925d0d48ac4]
		10	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		11	---
		12	src/rule.c \| 6 ++++--
		13	1 file changed, 4 insertions(+), 2 deletions(-)
		14
		15	diff --git a/src/rule.c b/src/rule.c
		16	index ae3d74f..38d3fdc 100644
		17	--- a/src/rule.c
		18	+++ b/src/rule.c
		19	@@ -866,8 +866,10 @@ zlog_rule_t zlog_rule_new(char line,
		20	}
		21	break;
		22	case '$' :
		23	- sscanf(file_path + 1, "%s", a_rule->record_name);
		24	-
		25	+ // read only MAXLEN_PATH characters from the file_path + 1
		26	+ strncpy(a_rule->record_name, file_path + 1, MAXLEN_PATH);
		27	+ a_rule->record_name[MAXLEN_PATH] = '\0';
		28	+
		29	if (file_limit) { /* record path exists */
		30	p = strchr(file_limit, '"');
		31	if (!p) {


diff --git a/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb b/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb index 7930c234d1..74a394bf52 100644 --- a/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb +++ b/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
6	SRCREV = "876099f3c66033f3de11d79f63814766b1021dbe"	6	SRCREV = "876099f3c66033f3de11d79f63814766b1021dbe"
7	SRC_URI = "git://github.com/HardySimpson/zlog;branch=master;protocol=https \	7	SRC_URI = "git://github.com/HardySimpson/zlog;branch=master;protocol=https \
8	file://0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch \	8	file://0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch \
		9	file://CVE-2024-22857.patch \
9	"	10	"
10		11
11	S = "${WORKDIR}/git"	12	S = "${WORKDIR}/git"