libiec61850: patch CVE-2024-45971

Details https://nvd.nist.gov/vuln/detail/CVE-2024-45971 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Ankur Tyagi <ankur.tyagi85@gmail.com> 2025-10-09 17:10:48 +1300
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-10-13 09:21:31 +0200
commit: a52bccdbc0c0f01a365adbc66b069f74e68ae415 (patch)
tree: 33d5e6746f64595fd3107d99d167e47fa0d8f01d /meta-networking
parent: 42a6b0441c176a407b6e7b5624305fcd2f18748d (diff)
download: meta-openembedded-a52bccdbc0c0f01a365adbc66b069f74e68ae415.tar.gz
2 files changed, 219 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/libiec61850/files/0004-LIB61850-447-replaced-unsafe-function-StringUtils_cr.patch b/meta-networking/recipes-connectivity/libiec61850/files/0004-LIB61850-447-replaced-unsafe-function-StringUtils_cr.patch
new file mode 100644
index 0000000000..4d98df490e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/libiec61850/files/0004-LIB61850-447-replaced-unsafe-function-StringUtils_cr.patch
@@ -0,0 +1,218 @@
+From c8fa1fb0e11eb3993faa5f3df09c6d3c4d2305c1 Mon Sep 17 00:00:00 2001
+From: Michael Zillgith <michael.zillgith@mz-automation.de>
+Date: Mon, 22 Jul 2024 16:34:03 +0100
+Subject: [PATCH] LIB61850-447: replaced unsafe function
+ StringUtils_createStringFromBufferInBuffer with function with length check to
+ not exceed target buffer
+CVE: CVE-2024-45971
+Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0]
+(cherry picked from commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/common/inc/string_utilities.h             |  3 ++
+ src/common/string_utilities.c                 | 12 +++++
+ src/iec61850/server/mms_mapping/mms_mapping.c |  6 ++-
+ src/mms/iso_mms/client/mms_client_identify.c  |  6 +--
+ .../server/mms_named_variable_list_service.c  | 52 +++++++++----------
+ 5 files changed, 48 insertions(+), 31 deletions(-)
+diff --git a/src/common/inc/string_utilities.h b/src/common/inc/string_utilities.h
+index b6b238ff..9a5d868a 100644
+--- a/src/common/inc/string_utilities.h
+++ b/src/common/inc/string_utilities.h
+@@ -63,6 +63,9 @@ StringUtils_createStringFromBuffer(const uint8_t* buf, int size);
+ LIB61850_INTERNAL char*
+ StringUtils_createStringFromBufferInBuffer(char* newString, const uint8_t* buf, int size);
+ 
+LIB61850_INTERNAL char*
+StringUtils_createStringFromBufferInBufferMax(char* newString, const uint8_t* buf, int size, int maxBufSize);
+
+ LIB61850_INTERNAL void
+ StringUtils_replace(char* string, char oldChar, char newChar);
+ 
+diff --git a/src/common/string_utilities.c b/src/common/string_utilities.c
+index 37e62ad7..378acbde 100644
+--- a/src/common/string_utilities.c
+++ b/src/common/string_utilities.c
+@@ -85,6 +85,18 @@ StringUtils_createStringFromBufferInBuffer(char* newString, const uint8_t* buf,
+     return newString;
+ }
+ 
+char*
+StringUtils_createStringFromBufferInBufferMax(char* newString, const uint8_t* buf, int size, int maxBufSize)
+{
+    if (size >= maxBufSize)
+        size = maxBufSize - 1;
+
+    memcpy(newString, buf, size);
+    newString[size] = 0;
+
+    return newString;
+}
+
+ char*
+ StringUtils_createStringInBuffer(char* newStr, int bufSize, int count, ...)
+ {
+diff --git a/src/iec61850/server/mms_mapping/mms_mapping.c b/src/iec61850/server/mms_mapping/mms_mapping.c
+index 707e8b57..4a700a27 100644
+--- a/src/iec61850/server/mms_mapping/mms_mapping.c
+++ b/src/iec61850/server/mms_mapping/mms_mapping.c
+@@ -3268,7 +3268,9 @@ mmsReadAccessHandler (void* parameter, MmsDomain* domain, char* variableId, MmsS
+                 }
+                 else 
+                 {
+-                    StringUtils_createStringFromBufferInBuffer(str, (uint8_t*) variableId, separator - variableId);
+                    char str[65];
+
+                    StringUtils_createStringFromBufferInBufferMax(str, (uint8_t*) variableId, separator - variableId, sizeof(str));
+ 
+                     LogicalNode* ln = LogicalDevice_getLogicalNode(ld, str);
+ 
+@@ -3286,7 +3288,7 @@ mmsReadAccessHandler (void* parameter, MmsDomain* domain, char* variableId, MmsS
+                             else {
+                                 doEnd--;
+ 
+-                                StringUtils_createStringFromBufferInBuffer(str, (uint8_t*) (doStart + 1), doEnd - doStart);
+                                StringUtils_createStringFromBufferInBufferMax(str, (uint8_t*) (doStart + 1), doEnd - doStart, sizeof(str));
+                             }
+ 
+                             if (fc == IEC61850_FC_SP) {
+diff --git a/src/mms/iso_mms/client/mms_client_identify.c b/src/mms/iso_mms/client/mms_client_identify.c
+index 831b439d..c679a423 100644
+--- a/src/mms/iso_mms/client/mms_client_identify.c
+++ b/src/mms/iso_mms/client/mms_client_identify.c
+@@ -84,15 +84,15 @@ mmsClient_parseIdentifyResponse(MmsConnection self, ByteBuffer* response, uint32
+ 
+         switch (tag) {
+         case 0x80: /* vendorName */
+-            vendorName = StringUtils_createStringFromBufferInBuffer(vendorNameBuf, buffer + bufPos, length);
+            vendorName = StringUtils_createStringFromBufferInBufferMax(vendorNameBuf, buffer + bufPos, length, sizeof(vendorNameBuf));
+             bufPos += length;
+             break;
+         case 0x81: /* modelName */
+-            modelName = StringUtils_createStringFromBufferInBuffer(modelNameBuf, buffer + bufPos, length);
+            modelName = StringUtils_createStringFromBufferInBufferMax(modelNameBuf, buffer + bufPos, length, sizeof(modelNameBuf));
+             bufPos += length;
+             break;
+         case 0x82: /* revision */
+-            revision = StringUtils_createStringFromBufferInBuffer(revisionBuf, buffer + bufPos, length);
+            revision = StringUtils_createStringFromBufferInBufferMax(revisionBuf, buffer + bufPos, length, sizeof (revisionBuf));
+             bufPos += length;
+             break;
+         case 0x83: /* list of abstract syntaxes */
+diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c
+index 3365f771..757d0ed3 100644
+--- a/src/mms/iso_mms/server/mms_named_variable_list_service.c
+++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c
+@@ -401,13 +401,13 @@ createNamedVariableList(MmsServer server, MmsDomain* domain, MmsDevice* device,
+                    char variableName[65];
+                    char domainId[65];
+ 
+-                   StringUtils_createStringFromBufferInBuffer(variableName,
+-                           varSpec->choice.name.choice.domainspecific.itemId.buf,
+-                    varSpec->choice.name.choice.domainspecific.itemId.size);
+                       StringUtils_createStringFromBufferInBufferMax(variableName,
+                                       varSpec->choice.name.choice.domainspecific.itemId.buf,
+                                       varSpec->choice.name.choice.domainspecific.itemId.size, sizeof(variableName));
+ 
+-                   StringUtils_createStringFromBufferInBuffer(domainId,
+-                           varSpec->choice.name.choice.domainspecific.domainId.buf,
+-                    varSpec->choice.name.choice.domainspecific.domainId.size);
+                       StringUtils_createStringFromBufferInBufferMax(domainId,
+                                       varSpec->choice.name.choice.domainspecific.domainId.buf,
+                                       varSpec->choice.name.choice.domainspecific.domainId.size, sizeof(domainId));
+ 
+                        MmsDomain* elementDomain = MmsDevice_getDomain(device, domainId);
+ 
+@@ -494,9 +494,9 @@ mmsServer_handleDefineNamedVariableListRequest(
+             goto exit_free_struct;
+         }
+ 
+-        StringUtils_createStringFromBufferInBuffer(domainName,
+-                request->variableListName.choice.domainspecific.domainId.buf,
+-                request->variableListName.choice.domainspecific.domainId.size);
+               StringUtils_createStringFromBufferInBufferMax(domainName,
+                               request->variableListName.choice.domainspecific.domainId.buf,
+                               request->variableListName.choice.domainspecific.domainId.size, sizeof(domainName));
+ 
+         MmsDomain* domain = MmsDevice_getDomain(device, domainName);
+ 
+@@ -517,9 +517,9 @@ mmsServer_handleDefineNamedVariableListRequest(
+                 goto exit_free_struct;
+             }
+ 
+-            StringUtils_createStringFromBufferInBuffer(variableListName,
+-                    request->variableListName.choice.domainspecific.itemId.buf,
+-                    request->variableListName.choice.domainspecific.itemId.size);
+                       StringUtils_createStringFromBufferInBufferMax(variableListName,
+                                       request->variableListName.choice.domainspecific.itemId.buf,
+                                       request->variableListName.choice.domainspecific.itemId.size, sizeof(variableListName));
+ 
+             if (MmsDomain_getNamedVariableList(domain, variableListName) != NULL) {
+                 mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_DEFINITION_OBJECT_EXISTS);
+@@ -567,9 +567,9 @@ mmsServer_handleDefineNamedVariableListRequest(
+                 goto exit_free_struct;
+             }
+ 
+-               StringUtils_createStringFromBufferInBuffer(variableListName,
+-                       request->variableListName.choice.aaspecific.buf,
+-                       request->variableListName.choice.aaspecific.size);
+                       StringUtils_createStringFromBufferInBufferMax(variableListName,
+                                       request->variableListName.choice.aaspecific.buf,
+                                       request->variableListName.choice.aaspecific.size, sizeof(variableListName));
+ 
+             if (MmsServerConnection_getNamedVariableList(connection, variableListName) != NULL) {
+                 mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_DEFINITION_OBJECT_EXISTS);
+@@ -611,9 +611,9 @@ mmsServer_handleDefineNamedVariableListRequest(
+                 goto exit_free_struct;
+                }
+ 
+-               StringUtils_createStringFromBufferInBuffer(variableListName,
+-                    request->variableListName.choice.vmdspecific.buf,
+-                    request->variableListName.choice.vmdspecific.size);
+                       StringUtils_createStringFromBufferInBufferMax(variableListName,
+                                       request->variableListName.choice.vmdspecific.buf,
+                                       request->variableListName.choice.vmdspecific.size, sizeof(variableListName));
+ 
+                if (mmsServer_getNamedVariableListWithName(MmsDevice_getNamedVariableLists(connection->server->device), variableListName) != NULL) {
+                    mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_DEFINITION_OBJECT_EXISTS);
+@@ -757,11 +757,11 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
+                goto exit_function;
+            }
+ 
+-           StringUtils_createStringFromBufferInBuffer(domainName, request->choice.domainspecific.domainId.buf,
+-                   request->choice.domainspecific.domainId.size);
+           StringUtils_createStringFromBufferInBufferMax(domainName, request->choice.domainspecific.domainId.buf,
+                   request->choice.domainspecific.domainId.size, sizeof(domainName));
+ 
+-           StringUtils_createStringFromBufferInBuffer(itemName, request->choice.domainspecific.itemId.buf,
+-                request->choice.domainspecific.itemId.size);
+                               StringUtils_createStringFromBufferInBufferMax(itemName, request->choice.domainspecific.itemId.buf,
+                request->choice.domainspecific.itemId.size, sizeof(itemName));
+ 
+                MmsDevice* mmsDevice = MmsServer_getDevice(connection->server);
+ 
+@@ -798,8 +798,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
+             goto exit_function;
+         }
+ 
+-           StringUtils_createStringFromBufferInBuffer(listName, request->choice.aaspecific.buf,
+-                   request->choice.aaspecific.size);
+           StringUtils_createStringFromBufferInBufferMax(listName, request->choice.aaspecific.buf,
+                   request->choice.aaspecific.size, sizeof(listName));
+ 
+            MmsNamedVariableList varList = MmsServerConnection_getNamedVariableList(connection, listName);
+ 
+@@ -817,8 +817,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
+             goto exit_function;
+            }
+ 
+-           StringUtils_createStringFromBufferInBuffer(listName, request->choice.vmdspecific.buf,
+-                request->choice.vmdspecific.size);
+               StringUtils_createStringFromBufferInBufferMax(listName, request->choice.vmdspecific.buf,
+                               request->choice.vmdspecific.size, sizeof(listName));
+ 
+            MmsDevice* mmsDevice = MmsServer_getDevice(connection->server);
+ 
diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb
index 3fff45670f..962fca1c07 100644
--- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb
+++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https
           file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \
           file://0002-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \
           file://0003-LIB61850-430-fixed-null-pointer-dereference-in-mmsSe.patch \
+           file://0004-LIB61850-447-replaced-unsafe-function-StringUtils_cr.patch \
 "
 S = "${WORKDIR}/git"
author	Ankur Tyagi <ankur.tyagi85@gmail.com>	2025-10-09 17:10:48 +1300
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +0200
commit	a52bccdbc0c0f01a365adbc66b069f74e68ae415 (patch)
tree	33d5e6746f64595fd3107d99d167e47fa0d8f01d /meta-networking
parent	42a6b0441c176a407b6e7b5624305fcd2f18748d (diff)
download	meta-openembedded-a52bccdbc0c0f01a365adbc66b069f74e68ae415.tar.gz

diff --git a/meta-networking/recipes-connectivity/libiec61850/files/0004-LIB61850-447-replaced-unsafe-function-StringUtils_cr.patch b/meta-networking/recipes-connectivity/libiec61850/files/0004-LIB61850-447-replaced-unsafe-function-StringUtils_cr.patch new file mode 100644 index 0000000000..4d98df490e --- /dev/null +++ b/meta-networking/recipes-connectivity/libiec61850/files/0004-LIB61850-447-replaced-unsafe-function-StringUtils_cr.patch
@@ -0,0 +1,218 @@
		1	From c8fa1fb0e11eb3993faa5f3df09c6d3c4d2305c1 Mon Sep 17 00:00:00 2001
		2	From: Michael Zillgith <michael.zillgith@mz-automation.de>
		3	Date: Mon, 22 Jul 2024 16:34:03 +0100
		4	Subject: [PATCH] LIB61850-447: replaced unsafe function
		5	StringUtils_createStringFromBufferInBuffer with function with length check to
		6	not exceed target buffer
		7
		8	CVE: CVE-2024-45971
		9	Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0]
		10
		11	(cherry picked from commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0)
		12	Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
		13	---
		14	src/common/inc/string_utilities.h \| 3 ++
		15	src/common/string_utilities.c \| 12 +++++
		16	src/iec61850/server/mms_mapping/mms_mapping.c \| 6 ++-
		17	src/mms/iso_mms/client/mms_client_identify.c \| 6 +--
		18	.../server/mms_named_variable_list_service.c \| 52 +++++++++----------
		19	5 files changed, 48 insertions(+), 31 deletions(-)
		20
		21	diff --git a/src/common/inc/string_utilities.h b/src/common/inc/string_utilities.h
		22	index b6b238ff..9a5d868a 100644
		23	--- a/src/common/inc/string_utilities.h
		24	+++ b/src/common/inc/string_utilities.h
		25	@@ -63,6 +63,9 @@ StringUtils_createStringFromBuffer(const uint8_t* buf, int size);
		26	LIB61850_INTERNAL char*
		27	StringUtils_createStringFromBufferInBuffer(char* newString, const uint8_t* buf, int size);
		28
		29	+LIB61850_INTERNAL char*
		30	+StringUtils_createStringFromBufferInBufferMax(char* newString, const uint8_t* buf, int size, int maxBufSize);
		31	+
		32	LIB61850_INTERNAL void
		33	StringUtils_replace(char* string, char oldChar, char newChar);
		34
		35	diff --git a/src/common/string_utilities.c b/src/common/string_utilities.c
		36	index 37e62ad7..378acbde 100644
		37	--- a/src/common/string_utilities.c
		38	+++ b/src/common/string_utilities.c
		39	@@ -85,6 +85,18 @@ StringUtils_createStringFromBufferInBuffer(char* newString, const uint8_t* buf,
		40	return newString;
		41	}
		42
		43	+char*
		44	+StringUtils_createStringFromBufferInBufferMax(char* newString, const uint8_t* buf, int size, int maxBufSize)
		45	+{
		46	+ if (size >= maxBufSize)
		47	+ size = maxBufSize - 1;
		48	+
		49	+ memcpy(newString, buf, size);
		50	+ newString[size] = 0;
		51	+
		52	+ return newString;
		53	+}
		54	+
		55	char*
		56	StringUtils_createStringInBuffer(char* newStr, int bufSize, int count, ...)
		57	{
		58	diff --git a/src/iec61850/server/mms_mapping/mms_mapping.c b/src/iec61850/server/mms_mapping/mms_mapping.c
		59	index 707e8b57..4a700a27 100644
		60	--- a/src/iec61850/server/mms_mapping/mms_mapping.c
		61	+++ b/src/iec61850/server/mms_mapping/mms_mapping.c
		62	@@ -3268,7 +3268,9 @@ mmsReadAccessHandler (void* parameter, MmsDomain* domain, char* variableId, MmsS
		63	}
		64	else
		65	{
		66	- StringUtils_createStringFromBufferInBuffer(str, (uint8_t*) variableId, separator - variableId);
		67	+ char str[65];
		68	+
		69	+ StringUtils_createStringFromBufferInBufferMax(str, (uint8_t*) variableId, separator - variableId, sizeof(str));
		70
		71	LogicalNode* ln = LogicalDevice_getLogicalNode(ld, str);
		72
		73	@@ -3286,7 +3288,7 @@ mmsReadAccessHandler (void* parameter, MmsDomain* domain, char* variableId, MmsS
		74	else {
		75	doEnd--;
		76
		77	- StringUtils_createStringFromBufferInBuffer(str, (uint8_t*) (doStart + 1), doEnd - doStart);
		78	+ StringUtils_createStringFromBufferInBufferMax(str, (uint8_t*) (doStart + 1), doEnd - doStart, sizeof(str));
		79	}
		80
		81	if (fc == IEC61850_FC_SP) {
		82	diff --git a/src/mms/iso_mms/client/mms_client_identify.c b/src/mms/iso_mms/client/mms_client_identify.c
		83	index 831b439d..c679a423 100644
		84	--- a/src/mms/iso_mms/client/mms_client_identify.c
		85	+++ b/src/mms/iso_mms/client/mms_client_identify.c
		86	@@ -84,15 +84,15 @@ mmsClient_parseIdentifyResponse(MmsConnection self, ByteBuffer* response, uint32
		87
		88	switch (tag) {
		89	case 0x80: /* vendorName */
		90	- vendorName = StringUtils_createStringFromBufferInBuffer(vendorNameBuf, buffer + bufPos, length);
		91	+ vendorName = StringUtils_createStringFromBufferInBufferMax(vendorNameBuf, buffer + bufPos, length, sizeof(vendorNameBuf));
		92	bufPos += length;
		93	break;
		94	case 0x81: /* modelName */
		95	- modelName = StringUtils_createStringFromBufferInBuffer(modelNameBuf, buffer + bufPos, length);
		96	+ modelName = StringUtils_createStringFromBufferInBufferMax(modelNameBuf, buffer + bufPos, length, sizeof(modelNameBuf));
		97	bufPos += length;
		98	break;
		99	case 0x82: /* revision */
		100	- revision = StringUtils_createStringFromBufferInBuffer(revisionBuf, buffer + bufPos, length);
		101	+ revision = StringUtils_createStringFromBufferInBufferMax(revisionBuf, buffer + bufPos, length, sizeof (revisionBuf));
		102	bufPos += length;
		103	break;
		104	case 0x83: /* list of abstract syntaxes */
		105	diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c
		106	index 3365f771..757d0ed3 100644
		107	--- a/src/mms/iso_mms/server/mms_named_variable_list_service.c
		108	+++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c
		109	@@ -401,13 +401,13 @@ createNamedVariableList(MmsServer server, MmsDomain* domain, MmsDevice* device,
		110	char variableName[65];
		111	char domainId[65];
		112
		113	- StringUtils_createStringFromBufferInBuffer(variableName,
		114	- varSpec->choice.name.choice.domainspecific.itemId.buf,
		115	- varSpec->choice.name.choice.domainspecific.itemId.size);
		116	+ StringUtils_createStringFromBufferInBufferMax(variableName,
		117	+ varSpec->choice.name.choice.domainspecific.itemId.buf,
		118	+ varSpec->choice.name.choice.domainspecific.itemId.size, sizeof(variableName));
		119
		120	- StringUtils_createStringFromBufferInBuffer(domainId,
		121	- varSpec->choice.name.choice.domainspecific.domainId.buf,
		122	- varSpec->choice.name.choice.domainspecific.domainId.size);
		123	+ StringUtils_createStringFromBufferInBufferMax(domainId,
		124	+ varSpec->choice.name.choice.domainspecific.domainId.buf,
		125	+ varSpec->choice.name.choice.domainspecific.domainId.size, sizeof(domainId));
		126
		127	MmsDomain* elementDomain = MmsDevice_getDomain(device, domainId);
		128
		129	@@ -494,9 +494,9 @@ mmsServer_handleDefineNamedVariableListRequest(
		130	goto exit_free_struct;
		131	}
		132
		133	- StringUtils_createStringFromBufferInBuffer(domainName,
		134	- request->variableListName.choice.domainspecific.domainId.buf,
		135	- request->variableListName.choice.domainspecific.domainId.size);
		136	+ StringUtils_createStringFromBufferInBufferMax(domainName,
		137	+ request->variableListName.choice.domainspecific.domainId.buf,
		138	+ request->variableListName.choice.domainspecific.domainId.size, sizeof(domainName));
		139
		140	MmsDomain* domain = MmsDevice_getDomain(device, domainName);
		141
		142	@@ -517,9 +517,9 @@ mmsServer_handleDefineNamedVariableListRequest(
		143	goto exit_free_struct;
		144	}
		145
		146	- StringUtils_createStringFromBufferInBuffer(variableListName,
		147	- request->variableListName.choice.domainspecific.itemId.buf,
		148	- request->variableListName.choice.domainspecific.itemId.size);
		149	+ StringUtils_createStringFromBufferInBufferMax(variableListName,
		150	+ request->variableListName.choice.domainspecific.itemId.buf,
		151	+ request->variableListName.choice.domainspecific.itemId.size, sizeof(variableListName));
		152
		153	if (MmsDomain_getNamedVariableList(domain, variableListName) != NULL) {
		154	mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_DEFINITION_OBJECT_EXISTS);
		155	@@ -567,9 +567,9 @@ mmsServer_handleDefineNamedVariableListRequest(
		156	goto exit_free_struct;
		157	}
		158
		159	- StringUtils_createStringFromBufferInBuffer(variableListName,
		160	- request->variableListName.choice.aaspecific.buf,
		161	- request->variableListName.choice.aaspecific.size);
		162	+ StringUtils_createStringFromBufferInBufferMax(variableListName,
		163	+ request->variableListName.choice.aaspecific.buf,
		164	+ request->variableListName.choice.aaspecific.size, sizeof(variableListName));
		165
		166	if (MmsServerConnection_getNamedVariableList(connection, variableListName) != NULL) {
		167	mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_DEFINITION_OBJECT_EXISTS);
		168	@@ -611,9 +611,9 @@ mmsServer_handleDefineNamedVariableListRequest(
		169	goto exit_free_struct;
		170	}
		171
		172	- StringUtils_createStringFromBufferInBuffer(variableListName,
		173	- request->variableListName.choice.vmdspecific.buf,
		174	- request->variableListName.choice.vmdspecific.size);
		175	+ StringUtils_createStringFromBufferInBufferMax(variableListName,
		176	+ request->variableListName.choice.vmdspecific.buf,
		177	+ request->variableListName.choice.vmdspecific.size, sizeof(variableListName));
		178
		179	if (mmsServer_getNamedVariableListWithName(MmsDevice_getNamedVariableLists(connection->server->device), variableListName) != NULL) {
		180	mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_DEFINITION_OBJECT_EXISTS);
		181	@@ -757,11 +757,11 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
		182	goto exit_function;
		183	}
		184
		185	- StringUtils_createStringFromBufferInBuffer(domainName, request->choice.domainspecific.domainId.buf,
		186	- request->choice.domainspecific.domainId.size);
		187	+ StringUtils_createStringFromBufferInBufferMax(domainName, request->choice.domainspecific.domainId.buf,
		188	+ request->choice.domainspecific.domainId.size, sizeof(domainName));
		189
		190	- StringUtils_createStringFromBufferInBuffer(itemName, request->choice.domainspecific.itemId.buf,
		191	- request->choice.domainspecific.itemId.size);
		192	+ StringUtils_createStringFromBufferInBufferMax(itemName, request->choice.domainspecific.itemId.buf,
		193	+ request->choice.domainspecific.itemId.size, sizeof(itemName));
		194
		195	MmsDevice* mmsDevice = MmsServer_getDevice(connection->server);
		196
		197	@@ -798,8 +798,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
		198	goto exit_function;
		199	}
		200
		201	- StringUtils_createStringFromBufferInBuffer(listName, request->choice.aaspecific.buf,
		202	- request->choice.aaspecific.size);
		203	+ StringUtils_createStringFromBufferInBufferMax(listName, request->choice.aaspecific.buf,
		204	+ request->choice.aaspecific.size, sizeof(listName));
		205
		206	MmsNamedVariableList varList = MmsServerConnection_getNamedVariableList(connection, listName);
		207
		208	@@ -817,8 +817,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
		209	goto exit_function;
		210	}
		211
		212	- StringUtils_createStringFromBufferInBuffer(listName, request->choice.vmdspecific.buf,
		213	- request->choice.vmdspecific.size);
		214	+ StringUtils_createStringFromBufferInBufferMax(listName, request->choice.vmdspecific.buf,
		215	+ request->choice.vmdspecific.size, sizeof(listName));
		216
		217	MmsDevice* mmsDevice = MmsServer_getDevice(connection->server);
		218


diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb index 3fff45670f..962fca1c07 100644 --- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb +++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https
19	file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \	19	file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \
20	file://0002-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \	20	file://0002-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \
21	file://0003-LIB61850-430-fixed-null-pointer-dereference-in-mmsSe.patch \	21	file://0003-LIB61850-430-fixed-null-pointer-dereference-in-mmsSe.patch \
		22	file://0004-LIB61850-447-replaced-unsafe-function-StringUtils_cr.patch \
22	"	23	"
23		24
24	S = "${WORKDIR}/git"	25	S = "${WORKDIR}/git"