summaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
authorSoumya Sambu <soumya.sambu@windriver.com>2025-10-10 21:31:45 +0530
committerGyorgy Sarvari <skandigraun@gmail.com>2025-10-17 10:51:26 +0200
commit155ac9319117fa3fd4f262ecefe23c34d263af56 (patch)
treed770857f01fea41ea03a7417e33e5e55973567fc /meta-oe
parentfff1d56fe1f4006a1f82ba36e6c57250f54c6a87 (diff)
downloadmeta-openembedded-155ac9319117fa3fd4f262ecefe23c34d263af56.tar.gz
iniparser: Fix CVE-2025-0633
Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory References: https://nvd.nist.gov/vuln/detail/CVE-2025-0633 https://security-tracker.debian.org/tracker/CVE-2025-0633 Upstream patch: https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch38
-rw-r--r--meta-oe/recipes-support/iniparser/iniparser_4.1.bb1
2 files changed, 39 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch b/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch
new file mode 100644
index 0000000000..acf744049b
--- /dev/null
+++ b/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch
@@ -0,0 +1,38 @@
1From 072a39a772a38c475e35a1be311304ca99e9de7f Mon Sep 17 00:00:00 2001
2From: Lars Möllendorf <lars@moellendorf.eu>
3Date: Sun, 26 Jan 2025 08:48:23 +0100
4Subject: [PATCH] Fix heap overflow in `iniparser_dumpsection_ini()`
5
6...reported in #177
7
8As suggested by the issue reporter this is fixed by returning from
9`iniparser_dumpsection_ini()` in case the length of the passed section name
10of dictionary to dump was bigger than the size of the internal buffer used
11to copy this string to.
12
13Changelog: changed
14
15CVE: CVE-2025-0633
16
17Upstream-Status: Backport [https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f]
18
19Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
20---
21 src/iniparser.c | 1 +
22 1 file changed, 1 insertion(+)
23
24diff --git a/src/iniparser.c b/src/iniparser.c
25index dbceb20..2aeecf4 100644
26--- a/src/iniparser.c
27+++ b/src/iniparser.c
28@@ -301,6 +301,7 @@ void iniparser_dumpsection_ini(const dictionary * d, const char * s, FILE * f)
29
30 if (d==NULL || f==NULL) return ;
31 if (! iniparser_find_entry(d, s)) return ;
32+ if (strlen(s) > sizeof(keym)) return;
33
34 seclen = (int)strlen(s);
35 fprintf(f, "\n[%s]\n", s);
36--
372.40.0
38
diff --git a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
index 7c23b514bd..9d433047a9 100644
--- a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
+++ b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https;branch=master
12 file://0001-iniparser.pc-Make-libpath-a-variable.patch \ 12 file://0001-iniparser.pc-Make-libpath-a-variable.patch \
13 file://Add-CMake-support.patch \ 13 file://Add-CMake-support.patch \
14 file://CVE-2023-33461.patch \ 14 file://CVE-2023-33461.patch \
15 file://CVE-2025-0633.patch \
15" 16"
16 17
17SRCREV= "deb85ad4936d4ca32cc2260ce43323d47936410d" 18SRCREV= "deb85ad4936d4ca32cc2260ce43323d47936410d"