mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
iniparser: Fix CVE-2025-0633
Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory References: https://nvd.nist.gov/vuln/detail/CVE-2025-0633 https://security-tracker.debian.org/tracker/CVE-2025-0633 Upstream patch: https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
committed by
Gyorgy Sarvari
parent
fff1d56fe1
commit
155ac93191
@@ -0,0 +1,38 @@
|
|||||||
|
From 072a39a772a38c475e35a1be311304ca99e9de7f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lars Möllendorf <lars@moellendorf.eu>
|
||||||
|
Date: Sun, 26 Jan 2025 08:48:23 +0100
|
||||||
|
Subject: [PATCH] Fix heap overflow in `iniparser_dumpsection_ini()`
|
||||||
|
|
||||||
|
...reported in #177
|
||||||
|
|
||||||
|
As suggested by the issue reporter this is fixed by returning from
|
||||||
|
`iniparser_dumpsection_ini()` in case the length of the passed section name
|
||||||
|
of dictionary to dump was bigger than the size of the internal buffer used
|
||||||
|
to copy this string to.
|
||||||
|
|
||||||
|
Changelog: changed
|
||||||
|
|
||||||
|
CVE: CVE-2025-0633
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f]
|
||||||
|
|
||||||
|
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
|
||||||
|
---
|
||||||
|
src/iniparser.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/iniparser.c b/src/iniparser.c
|
||||||
|
index dbceb20..2aeecf4 100644
|
||||||
|
--- a/src/iniparser.c
|
||||||
|
+++ b/src/iniparser.c
|
||||||
|
@@ -301,6 +301,7 @@ void iniparser_dumpsection_ini(const dictionary * d, const char * s, FILE * f)
|
||||||
|
|
||||||
|
if (d==NULL || f==NULL) return ;
|
||||||
|
if (! iniparser_find_entry(d, s)) return ;
|
||||||
|
+ if (strlen(s) > sizeof(keym)) return;
|
||||||
|
|
||||||
|
seclen = (int)strlen(s);
|
||||||
|
fprintf(f, "\n[%s]\n", s);
|
||||||
|
--
|
||||||
|
2.40.0
|
||||||
|
|
||||||
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https;branch=master
|
|||||||
file://0001-iniparser.pc-Make-libpath-a-variable.patch \
|
file://0001-iniparser.pc-Make-libpath-a-variable.patch \
|
||||||
file://Add-CMake-support.patch \
|
file://Add-CMake-support.patch \
|
||||||
file://CVE-2023-33461.patch \
|
file://CVE-2023-33461.patch \
|
||||||
|
file://CVE-2025-0633.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRCREV= "deb85ad4936d4ca32cc2260ce43323d47936410d"
|
SRCREV= "deb85ad4936d4ca32cc2260ce43323d47936410d"
|
||||||
|
|||||||
Reference in New Issue
Block a user