diff options
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch | 30 | ||||
| -rw-r--r-- | meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 |
2 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch new file mode 100644 index 0000000000..ebbf809030 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | From a240705a0d5d41eca6de4125ab2349ecde4c873a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com> | ||
| 3 | Date: Tue, 3 Dec 2024 21:43:49 +0200 | ||
| 4 | Subject: [PATCH] stkutil: Fix CVE-2024-7544 | ||
| 5 | |||
| 6 | CVE: CVE-2024-7544 | ||
| 7 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a240705a0d5d41eca6de4125ab2349ecde4c873a] | ||
| 8 | |||
| 9 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
| 10 | --- | ||
| 11 | src/stkutil.c | 4 ++++ | ||
| 12 | 1 file changed, 4 insertions(+) | ||
| 13 | |||
| 14 | diff --git a/src/stkutil.c b/src/stkutil.c | ||
| 15 | index fdd11ad..475caaa 100644 | ||
| 16 | --- a/src/stkutil.c | ||
| 17 | +++ b/src/stkutil.c | ||
| 18 | @@ -1898,6 +1898,10 @@ static bool parse_dataobj_mms_id(struct comprehension_tlv_iter *iter, | ||
| 19 | |||
| 20 | data = comprehension_tlv_iter_get_data(iter); | ||
| 21 | mi->len = len; | ||
| 22 | + | ||
| 23 | + if (len > sizeof(mi->id)) | ||
| 24 | + return false; | ||
| 25 | + | ||
| 26 | memcpy(mi->id, data, len); | ||
| 27 | |||
| 28 | return true; | ||
| 29 | -- | ||
| 30 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb index 731b186b12..54710aa9fd 100644 --- a/meta/recipes-connectivity/ofono/ofono_1.34.bb +++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb | |||
| @@ -20,6 +20,7 @@ SRC_URI = "\ | |||
| 20 | file://CVE-2023-2794-0004.patch \ | 20 | file://CVE-2023-2794-0004.patch \ |
| 21 | file://CVE-2024-7539.patch \ | 21 | file://CVE-2024-7539.patch \ |
| 22 | file://CVE-2024-7543.patch \ | 22 | file://CVE-2024-7543.patch \ |
| 23 | file://CVE-2024-7544.patch \ | ||
| 23 | " | 24 | " |
| 24 | SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7" | 25 | SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7" |
| 25 | 26 | ||
