diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-12-25 13:51:34 +0100 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-12-25 13:56:59 +0100 |
| commit | ef7ac09d7a4809dc7b92d3aec7a048f25de86a6d (patch) | |
| tree | e0e5bd6d636dfd3d93fce17d36447babee2813b2 | |
| parent | d07ae6a5c814ec0307d770f7e867118860db4c89 (diff) | |
| download | meta-openembedded-ef7ac09d7a4809dc7b92d3aec7a048f25de86a6d.tar.gz | |
nanopb: patch CVE-2024-53984
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-53984
Pick the patch referenced by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
| -rw-r--r-- | meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch | 36 | ||||
| -rw-r--r-- | meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb | 4 |
2 files changed, 39 insertions, 1 deletions
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch new file mode 100644 index 0000000000..c7a0c3f007 --- /dev/null +++ b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | From 84e8fb3da74d3b83179700284ce47c98a8804ab1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Petteri Aimonen <jpa@git.mail.kapsi.fi> | ||
| 3 | Date: Sun, 1 Dec 2024 11:40:38 +0200 | ||
| 4 | Subject: [PATCH] Fix memory not released on error return (GHSA-xwqq-qxmw-hj5r) | ||
| 5 | |||
| 6 | When all of the following conditions apply: | ||
| 7 | |||
| 8 | * Compile time option PB_ENABLE_MALLOC is enabled. | ||
| 9 | * Message contains at least one field with FT_POINTER field type. | ||
| 10 | * Custom stream callback is used with unknown stream length (stream.bytes_left = SIZE_MAX) | ||
| 11 | * pb_decode_ex() function is used with flag PB_DECODE_DELIMITED. | ||
| 12 | * The input message is corrupted (accidentally or maliciously) in the length prefix. | ||
| 13 | |||
| 14 | Then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. | ||
| 15 | This could lead to memory leak and potential denial-of-service. | ||
| 16 | |||
| 17 | CVE: CVE-2024-53984 | ||
| 18 | Upstream-Status: Backport [https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378] | ||
| 19 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 20 | --- | ||
| 21 | pb_decode.c | 2 +- | ||
| 22 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 23 | |||
| 24 | diff --git a/pb_decode.c b/pb_decode.c | ||
| 25 | index b194825..2a22607 100644 | ||
| 26 | --- a/pb_decode.c | ||
| 27 | +++ b/pb_decode.c | ||
| 28 | @@ -1156,7 +1156,7 @@ bool checkreturn pb_decode_ex(pb_istream_t *stream, const pb_msgdesc_t *fields, | ||
| 29 | status = pb_decode_inner(&substream, fields, dest_struct, flags); | ||
| 30 | |||
| 31 | if (!pb_close_string_substream(stream, &substream)) | ||
| 32 | - return false; | ||
| 33 | + status = false; | ||
| 34 | } | ||
| 35 | |||
| 36 | #ifdef PB_ENABLE_MALLOC | ||
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb index 4b1853cc80..6edb2f11ce 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb | |||
| @@ -4,7 +4,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f" | |||
| 4 | 4 | ||
| 5 | DEPENDS = "protobuf-native" | 5 | DEPENDS = "protobuf-native" |
| 6 | 6 | ||
| 7 | SRC_URI = "git://github.com/nanopb/nanopb.git;branch=master;protocol=https" | 7 | SRC_URI = "git://github.com/nanopb/nanopb.git;branch=master;protocol=https \ |
| 8 | file://CVE-2024-53984.patch \ | ||
| 9 | " | ||
| 8 | SRCREV = "c9124132a604047d0ef97a09c0e99cd9bed2c818" | 10 | SRCREV = "c9124132a604047d0ef97a09c0e99cd9bed2c818" |
| 9 | 11 | ||
| 10 | S = "${WORKDIR}/git" | 12 | S = "${WORKDIR}/git" |