summaryrefslogtreecommitdiffstats
path: root/meta-networking
diff options
context:
space:
mode:
authorAnkur Tyagi <ankur.tyagi85@gmail.com>2025-12-16 12:45:34 +0530
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2025-12-17 11:45:22 +0530
commit1876b4656d6d3f210f4a3cd806db0ef9a6755eab (patch)
tree78fc14fdc681e91db927910d15102419a42042a6 /meta-networking
parent0d9da1105276f04cb23046de5f31fc75f09e2e89 (diff)
downloadmeta-openembedded-1876b4656d6d3f210f4a3cd806db0ef9a6755eab.tar.gz
unbound: patch CVE-2024-43167
Details https://nvd.nist.gov/vuln/detail/CVE-2024-43167 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking')
-rw-r--r--meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch46
-rw-r--r--meta-networking/recipes-support/unbound/unbound_1.19.3.bb1
2 files changed, 47 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch b/meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch
new file mode 100644
index 0000000000..23efc49338
--- /dev/null
+++ b/meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch
@@ -0,0 +1,46 @@
1From 81b41525fd07660f60ccca0378d1e1650d0b45b7 Mon Sep 17 00:00:00 2001
2From: zhailiangliang <zhailiangliang@loongson.cn>
3Date: Tue, 21 May 2024 08:40:16 +0000
4Subject: [PATCH] fix null pointer dereference issue in function ub_ctx_set_fwd
5 of file libunbound/libunbound.c
6
7CVE: CVE-2024-43167
8Upstream-Status: Backport [https://github.com/NLnetLabs/unbound/commit/8e43e2574c4e02f79c562a061581cdcefe136912]
9(cherry picked from commit 8e43e2574c4e02f79c562a061581cdcefe136912)
10Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
11---
12 libunbound/libunbound.c | 7 +++++--
13 1 file changed, 5 insertions(+), 2 deletions(-)
14
15diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c
16index 80a82bb4..c52114d9 100644
17--- a/libunbound/libunbound.c
18+++ b/libunbound/libunbound.c
19@@ -976,7 +976,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
20 if(!addr) {
21 /* disable fwd mode - the root stub should be first. */
22 if(ctx->env->cfg->forwards &&
23- strcmp(ctx->env->cfg->forwards->name, ".") == 0) {
24+ (ctx->env->cfg->forwards->name &&
25+ strcmp(ctx->env->cfg->forwards->name, ".") == 0)) {
26 s = ctx->env->cfg->forwards;
27 ctx->env->cfg->forwards = s->next;
28 s->next = NULL;
29@@ -996,7 +997,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
30 /* it parses, add root stub in front of list */
31 lock_basic_lock(&ctx->cfglock);
32 if(!ctx->env->cfg->forwards ||
33- strcmp(ctx->env->cfg->forwards->name, ".") != 0) {
34+ (ctx->env->cfg->forwards->name &&
35+ strcmp(ctx->env->cfg->forwards->name, ".") != 0)) {
36 s = calloc(1, sizeof(*s));
37 if(!s) {
38 lock_basic_unlock(&ctx->cfglock);
39@@ -1014,6 +1016,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
40 ctx->env->cfg->forwards = s;
41 } else {
42 log_assert(ctx->env->cfg->forwards);
43+ log_assert(ctx->env->cfg->forwards->name);
44 s = ctx->env->cfg->forwards;
45 }
46 dupl = strdup(addr);
diff --git a/meta-networking/recipes-support/unbound/unbound_1.19.3.bb b/meta-networking/recipes-support/unbound/unbound_1.19.3.bb
index 0542ae454b..9a537c2dc2 100644
--- a/meta-networking/recipes-support/unbound/unbound_1.19.3.bb
+++ b/meta-networking/recipes-support/unbound/unbound_1.19.3.bb
@@ -13,6 +13,7 @@ SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=https;nobranch=1 \
13 file://CVE-2024-8508.patch \ 13 file://CVE-2024-8508.patch \
14 file://CVE-2024-33655.patch \ 14 file://CVE-2024-33655.patch \
15 file://CVE-2025-11411.patch \ 15 file://CVE-2025-11411.patch \
16 file://CVE-2024-43167.patch \
16 " 17 "
17SRCREV = "48b6c60a24e9a5d6d369a7a37c9fe2a767f26abd" 18SRCREV = "48b6c60a24e9a5d6d369a7a37c9fe2a767f26abd"
18 19