summaryrefslogtreecommitdiffstats
path: root/meta-networking
diff options
context:
space:
mode:
authorAnkur Tyagi <ankur.tyagi85@gmail.com>2025-10-15 09:39:00 +1300
committerAnuj Mittal <anuj.mittal@intel.com>2025-10-30 14:43:33 +0800
commit393bb3e0a532edb917928fbb72eb0d3e521f73b3 (patch)
tree957970598336760152b973f091a363ddedbfee12 /meta-networking
parent24b0040b4c694bce1545e8dc4403ec87b463c29c (diff)
downloadmeta-openembedded-393bb3e0a532edb917928fbb72eb0d3e521f73b3.tar.gz
tinyproxy: patch CVE-2023-49606
Details https://nvd.nist.gov/vuln/detail/CVE-2023-49606 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> (cherry picked from commit 7f8516d8db5e51c5d2e75f6c6ca75199bee55217) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta-networking')
-rw-r--r--meta-networking/recipes-support/tinyproxy/tinyproxy/0001-CVE-2023-49606.patch59
-rw-r--r--meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb1
2 files changed, 60 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/0001-CVE-2023-49606.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/0001-CVE-2023-49606.patch
new file mode 100644
index 0000000000..dd10d2cd33
--- /dev/null
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/0001-CVE-2023-49606.patch
@@ -0,0 +1,59 @@
1From 982a46347c5939e08ad659858b1ac32361d7ffb8 Mon Sep 17 00:00:00 2001
2From: rofl0r <rofl0r@users.noreply.github.com>
3Date: Sun, 5 May 2024 10:37:29 +0000
4Subject: [PATCH] CVE-2023-49606
5
6fix potential UAF in header handling
7
8https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
9
10this bug was brought to my attention today by the debian tinyproxy
11package maintainer. the above link states that the issue was known
12since last year and that maintainers have been contacted, but if
13that is even true then it probably was done via a private email
14to a potentially outdated email address of one of the maintainers,
15not through the channels described clearly on the tinyproxy homepage:
16
17> Feel free to report a new bug or suggest features via github issues.
18> Tinyproxy developers hang out in #tinyproxy on irc.libera.chat.
19
20no github issue was filed, and nobody mentioned a vulnerability on
21the mentioned IRC chat. if the issue had been reported on github or
22IRC, the bug would have been fixed within a day.
23
24CVE: CVE-2023-49606
25Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/12a8484265f7b00591293da492bb3c9987001956]
26
27(cherry picked from commit 12a8484265f7b00591293da492bb3c9987001956)
28Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
29---
30 src/reqs.c | 9 +++++++--
31 1 file changed, 7 insertions(+), 2 deletions(-)
32
33diff --git a/src/reqs.c b/src/reqs.c
34index b865190..705ce11 100644
35--- a/src/reqs.c
36+++ b/src/reqs.c
37@@ -779,7 +779,7 @@ static int remove_connection_headers (orderedmap hashofheaders)
38 char *data;
39 char *ptr;
40 ssize_t len;
41- int i;
42+ int i,j,df;
43
44 for (i = 0; i != (sizeof (headers) / sizeof (char *)); ++i) {
45 /* Look for the connection header. If it's not found, return. */
46@@ -804,7 +804,12 @@ static int remove_connection_headers (orderedmap hashofheaders)
47 */
48 ptr = data;
49 while (ptr < data + len) {
50- orderedmap_remove (hashofheaders, ptr);
51+ df = 0;
52+ /* check that ptr isn't one of headers to prevent
53+ double-free (CVE-2023-49606) */
54+ for (j = 0; j != (sizeof (headers) / sizeof (char *)); ++j)
55+ if(!strcasecmp(ptr, headers[j])) df = 1;
56+ if (!df) orderedmap_remove (hashofheaders, ptr);
57
58 /* Advance ptr to the next token */
59 ptr += strlen (ptr) + 1;
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb
index 999deff4de..8aff50fac8 100644
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb
@@ -8,6 +8,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
8 file://tinyproxy.service \ 8 file://tinyproxy.service \
9 file://tinyproxy.conf \ 9 file://tinyproxy.conf \
10 file://CVE-2022-40468.patch \ 10 file://CVE-2022-40468.patch \
11 file://0001-CVE-2023-49606.patch \
11 " 12 "
12 13
13SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047" 14SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047"