diff options
| author | Ankur Tyagi <ankur.tyagi85@gmail.com> | 2025-12-16 12:45:34 +0530 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2025-12-17 11:45:22 +0530 |
| commit | 1876b4656d6d3f210f4a3cd806db0ef9a6755eab (patch) | |
| tree | 78fc14fdc681e91db927910d15102419a42042a6 /meta-networking | |
| parent | 0d9da1105276f04cb23046de5f31fc75f09e2e89 (diff) | |
| download | meta-openembedded-1876b4656d6d3f210f4a3cd806db0ef9a6755eab.tar.gz | |
unbound: patch CVE-2024-43167
Details https://nvd.nist.gov/vuln/detail/CVE-2024-43167
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch | 46 | ||||
| -rw-r--r-- | meta-networking/recipes-support/unbound/unbound_1.19.3.bb | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch b/meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch new file mode 100644 index 0000000000..23efc49338 --- /dev/null +++ b/meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch | |||
| @@ -0,0 +1,46 @@ | |||
| 1 | From 81b41525fd07660f60ccca0378d1e1650d0b45b7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: zhailiangliang <zhailiangliang@loongson.cn> | ||
| 3 | Date: Tue, 21 May 2024 08:40:16 +0000 | ||
| 4 | Subject: [PATCH] fix null pointer dereference issue in function ub_ctx_set_fwd | ||
| 5 | of file libunbound/libunbound.c | ||
| 6 | |||
| 7 | CVE: CVE-2024-43167 | ||
| 8 | Upstream-Status: Backport [https://github.com/NLnetLabs/unbound/commit/8e43e2574c4e02f79c562a061581cdcefe136912] | ||
| 9 | (cherry picked from commit 8e43e2574c4e02f79c562a061581cdcefe136912) | ||
| 10 | Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> | ||
| 11 | --- | ||
| 12 | libunbound/libunbound.c | 7 +++++-- | ||
| 13 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c | ||
| 16 | index 80a82bb4..c52114d9 100644 | ||
| 17 | --- a/libunbound/libunbound.c | ||
| 18 | +++ b/libunbound/libunbound.c | ||
| 19 | @@ -976,7 +976,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) | ||
| 20 | if(!addr) { | ||
| 21 | /* disable fwd mode - the root stub should be first. */ | ||
| 22 | if(ctx->env->cfg->forwards && | ||
| 23 | - strcmp(ctx->env->cfg->forwards->name, ".") == 0) { | ||
| 24 | + (ctx->env->cfg->forwards->name && | ||
| 25 | + strcmp(ctx->env->cfg->forwards->name, ".") == 0)) { | ||
| 26 | s = ctx->env->cfg->forwards; | ||
| 27 | ctx->env->cfg->forwards = s->next; | ||
| 28 | s->next = NULL; | ||
| 29 | @@ -996,7 +997,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) | ||
| 30 | /* it parses, add root stub in front of list */ | ||
| 31 | lock_basic_lock(&ctx->cfglock); | ||
| 32 | if(!ctx->env->cfg->forwards || | ||
| 33 | - strcmp(ctx->env->cfg->forwards->name, ".") != 0) { | ||
| 34 | + (ctx->env->cfg->forwards->name && | ||
| 35 | + strcmp(ctx->env->cfg->forwards->name, ".") != 0)) { | ||
| 36 | s = calloc(1, sizeof(*s)); | ||
| 37 | if(!s) { | ||
| 38 | lock_basic_unlock(&ctx->cfglock); | ||
| 39 | @@ -1014,6 +1016,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) | ||
| 40 | ctx->env->cfg->forwards = s; | ||
| 41 | } else { | ||
| 42 | log_assert(ctx->env->cfg->forwards); | ||
| 43 | + log_assert(ctx->env->cfg->forwards->name); | ||
| 44 | s = ctx->env->cfg->forwards; | ||
| 45 | } | ||
| 46 | dupl = strdup(addr); | ||
diff --git a/meta-networking/recipes-support/unbound/unbound_1.19.3.bb b/meta-networking/recipes-support/unbound/unbound_1.19.3.bb index 0542ae454b..9a537c2dc2 100644 --- a/meta-networking/recipes-support/unbound/unbound_1.19.3.bb +++ b/meta-networking/recipes-support/unbound/unbound_1.19.3.bb | |||
| @@ -13,6 +13,7 @@ SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=https;nobranch=1 \ | |||
| 13 | file://CVE-2024-8508.patch \ | 13 | file://CVE-2024-8508.patch \ |
| 14 | file://CVE-2024-33655.patch \ | 14 | file://CVE-2024-33655.patch \ |
| 15 | file://CVE-2025-11411.patch \ | 15 | file://CVE-2025-11411.patch \ |
| 16 | file://CVE-2024-43167.patch \ | ||
| 16 | " | 17 | " |
| 17 | SRCREV = "48b6c60a24e9a5d6d369a7a37c9fe2a767f26abd" | 18 | SRCREV = "48b6c60a24e9a5d6d369a7a37c9fe2a767f26abd" |
| 18 | 19 | ||
