summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2025-12-25 13:51:34 +0100
committerGyorgy Sarvari <skandigraun@gmail.com>2025-12-25 13:56:59 +0100
commitef7ac09d7a4809dc7b92d3aec7a048f25de86a6d (patch)
treee0e5bd6d636dfd3d93fce17d36447babee2813b2
parentd07ae6a5c814ec0307d770f7e867118860db4c89 (diff)
downloadmeta-openembedded-ef7ac09d7a4809dc7b92d3aec7a048f25de86a6d.tar.gz
nanopb: patch CVE-2024-53984
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-53984 Pick the patch referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
-rw-r--r--meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch36
-rw-r--r--meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb4
2 files changed, 39 insertions, 1 deletions
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch
new file mode 100644
index 0000000000..c7a0c3f007
--- /dev/null
+++ b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch
@@ -0,0 +1,36 @@
1From 84e8fb3da74d3b83179700284ce47c98a8804ab1 Mon Sep 17 00:00:00 2001
2From: Petteri Aimonen <jpa@git.mail.kapsi.fi>
3Date: Sun, 1 Dec 2024 11:40:38 +0200
4Subject: [PATCH] Fix memory not released on error return (GHSA-xwqq-qxmw-hj5r)
5
6When all of the following conditions apply:
7
8* Compile time option PB_ENABLE_MALLOC is enabled.
9* Message contains at least one field with FT_POINTER field type.
10* Custom stream callback is used with unknown stream length (stream.bytes_left = SIZE_MAX)
11* pb_decode_ex() function is used with flag PB_DECODE_DELIMITED.
12* The input message is corrupted (accidentally or maliciously) in the length prefix.
13
14Then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases.
15This could lead to memory leak and potential denial-of-service.
16
17CVE: CVE-2024-53984
18Upstream-Status: Backport [https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378]
19Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
20---
21 pb_decode.c | 2 +-
22 1 file changed, 1 insertion(+), 1 deletion(-)
23
24diff --git a/pb_decode.c b/pb_decode.c
25index b194825..2a22607 100644
26--- a/pb_decode.c
27+++ b/pb_decode.c
28@@ -1156,7 +1156,7 @@ bool checkreturn pb_decode_ex(pb_istream_t *stream, const pb_msgdesc_t *fields,
29 status = pb_decode_inner(&substream, fields, dest_struct, flags);
30
31 if (!pb_close_string_substream(stream, &substream))
32- return false;
33+ status = false;
34 }
35
36 #ifdef PB_ENABLE_MALLOC
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb
index 4b1853cc80..6edb2f11ce 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb
@@ -4,7 +4,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f"
4 4
5DEPENDS = "protobuf-native" 5DEPENDS = "protobuf-native"
6 6
7SRC_URI = "git://github.com/nanopb/nanopb.git;branch=master;protocol=https" 7SRC_URI = "git://github.com/nanopb/nanopb.git;branch=master;protocol=https \
8 file://CVE-2024-53984.patch \
9 "
8SRCREV = "c9124132a604047d0ef97a09c0e99cd9bed2c818" 10SRCREV = "c9124132a604047d0ef97a09c0e99cd9bed2c818"
9 11
10S = "${WORKDIR}/git" 12S = "${WORKDIR}/git"